The Crypto Industry Is Fixated on Wallet Keys, But the Real Quantum Threat Is Already Underway

The timeline for this threat is compressing. The March 2026 Google paper, co-authored with researchers from Stanford University and the Ethereum Foundation, revised resource requirements downward so sharply that industry figures now characterize the danger as having shifted "from theoretical to credible" . Some academic estimates suggest between 25% and 40% of all circulating BTC sits in addresses with public keys already visible on-chain .

The infrastructure attack already underway

Gault's core argument, laid out in a late-May 2026 CoinDesk interview and widely covered across crypto news outlets, is that adversaries are already executing a "harvest now, decrypt later" strategy against the network layer of digital finance .

"The financial system's most dangerous vulnerability isn't stored data, it's the data moving between institutions right now," Gault told CoinDesk. "Every interbank message, every payment authentication record, and every digital signature traveling across networks is a target."

The mechanics are straightforward: encrypted authentication data, transaction messages, settlement instructions, and bridge communication flowing between exchanges, custodians, banks, and institutional counterparties can be intercepted and stored today at scale and at low cost. Attackers don't need a quantum computer yet—they just need to warehouse the data until one exists .

This is not a theoretical scenario. Citi's May 2026 report on the quantum threat explicitly warned that "the most acute quantum risk does not lie in future attacks, but in the current 'harvesting' of encrypted data that can be stored now and decrypted by bad actors in the future when a cryptographically relevant quantum computer emerges" . Moody's separately cautioned in May 2026 that institutional finance is increasingly treating quantum computing as a future operational and systemic cyber risk as digital asset infrastructure integrates with mainstream financial markets .

Why infrastructure data is the harder problem

Gault identifies a crucial asymmetry: wallet private keys can be migrated to quantum-resistant addresses through soft forks or user action, but encrypted network traffic already captured cannot be re-encrypted retroactively .

Once a cryptographically relevant quantum computer matures, that harvested historical data becomes plaintext—potentially exposing past trades, balances, counterparty identities, authentication secrets, and settlement patterns spanning years of financial activity. Unlike a single wallet compromise, this represents a systemic breach of institutional privacy and operational security across the entire digital asset ecosystem .

"The industry's default timeline—'quantum is a distant threat to my wallet keys'—misses that the encrypted backbone of crypto finance is being harvested right now," Gault has argued. "Once quantum decryption arrives, that data cannot be made secure again."

The Moody's report echoed this framing, noting that quantum threats are primarily a problem for cryptographic controls surrounding financial infrastructure, rather than the blockchain ledger itself . Citi estimated the probability of quantum computers breaking widely used public-key encryption at 19-34% by 2034 and 60-82% by 2044 .

What this means for the crypto industry

Gault's warning reframes the quantum security conversation from a consumer-wallet problem to an institutional-infrastructure problem. It suggests that exchanges, custodians, bridges, and financial institutions need to prioritize post-quantum encryption for data-in-transit—not just post-quantum wallet address schemes—on a timeline that accounts for data already being collected today.

Google's security team has pushed for post-quantum migration by 2029, but Bitcoin and the broader crypto industry have yet to launch a coordinated plan . Gault's argument implies that every year of delay is another year of harvestable network data that cannot be protected retroactively.