Venture capitalist who spent a decade backing deep tech and quantum hardware startups says bitcoin the industry is obsessed with the bad half of the quantum problem, wallet keys instead of the encrypted messages that already flow between exchanges, bridges and custodians today.
“The most dangerous vulnerability in the financial system lies not in stored data, but in data.
moving between institutions right now,” Andrew Gault, CEO of networking company ZeroTier, told CoinDesk in a recent conversation.
“Every interbank message, every payment authentication record, and every digital signature circulating on a network today is collected by sophisticated adversaries who don’t yet need to read it,” he noted.
“CISOs and security teams have been trained to protect data at rest. What no one wants to say out loud is that the adversary’s strategy has changed. They are patient, they have storage, and they are building a library of today’s encrypted traffic to decrypt the moment when quantum capacity crosses the threshold,” he added.
Gault is CEO of networking company ZeroTier and founding partner of 7percent Ventures, a London and San Francisco-based deep tech company whose portfolio includes British quantum computing startup Universal Quantum.
The Google Quantum AI research that shook Bitcoin in March showed that a sufficiently powerful quantum computer could derive a Bitcoin private key from an exposed public key in about nine minutes, originating from outside its wallet.
The conversation since this article has focused on the approximately 6.9 million BTC hosted in addresses with exposed public keys and Bitcoin’s missing post-quantum migration plan.
But Gault says the most pressing exposure is data already collected on the open internet to be decrypted later, whether or not there is a working quantum computer.
Google’s own security engineers followed the same direction. In a March paper, the company set 2029 as a target for completing a post-quantum cryptography migration, citing advances in quantum hardware, error correction, and factorization resource estimation.
The post, authored by Heather Adkins, Google’s vice president of security engineering, and Sophie Schmieg, senior cryptography engineer, says the company has reprioritized its insider threat model to focus on authentication services and digital signatures, the same wire-level signing infrastructure that Gault highlighted.
“The threat to encryption is relevant today with store-now-decrypt-later attacks,” the post said.
The strategy causing this urgency is known in crypto circles as “harvest now, decrypt later.” This assumes that adversaries do not need to read encrypted traffic today, but only store it cheaply until a sufficiently powerful quantum computer arrives.
Citi modeled the banking system version of the scenario in February, estimating that a quantum attack on just one of the five largest U.S. banks’ access to the Fedwire Funds Service payments system could trigger a $2 trillion to $3.3 trillion cascade through the U.S. economy, equivalent to a 10 to 17 percent drop in real GDP.
The Global Risk Institute, cited in the same Citi report, estimates the probability of a cryptographically relevant quantum computer arriving by 2034 at between 19% and 34%.
For cryptography, the surface area at the wire is larger than that of the wallet. Cross-chain bridge proofs, exchange API authentication packets, signed transactions broadcast and archived to public memory pools, and back-channel signing traffic between cold storage and trading desks all fall on the same vulnerability spectrum as the bank-grade encryption that Citi was modeling.
CoinShares argued in a February report that fear of wallet keys is overblown, estimating that only about 10,200 BTC are concentrated enough to move markets if stolen.
Gault’s concern is different. “The particularly uncomfortable reality for financial institutions is that the authentication records collected are not just sensitive,” he said. “It’s the layer of evidence that determines who owns what, who authorized what transaction, and who bears legal responsibility.”
Ethereum (ETH) launched a coordinated post-quantum migration, but Bitcoin did not do the same. Major cryptocurrency exchanges and custodians, where most of the signing traffic resides, have also not publicly committed to doing so.
