Google and early investors warn “harvest now, decrypt later” attacks target financial authentication data, not individual holdings
Bitcoin’s biggest quantum vulnerability may not be private keys stored in wallets, according to security researchers at Google and venture capital investors tracking the quantum threat landscape. Instead, the focus is shifting to encrypted authentication data already being harvested between financial institutions, a strategy known as “harvest now, decrypt later.”
Andrew Gault, CEO of ZeroTier and founding partner of 7percent Ventures, frames the threat starkly: “The financial system’s most dangerous vulnerability isn’t stored data, it’s the data moving between institutions right now.” He points to the scale of the problem. “Every interbank message, every payment authentication record, and every digital signature traveling across a network today is being collected by sophisticated adversaries who don’t need to read it yet.”
Google’s security team, led by VP Heather Adkins and senior cryptography engineer Sophie Schmieg, published guidance in March 2026 setting 2029 as the target date for completing post-quantum cryptography migration across the company’s infrastructure. The post reprioritized Google’s internal threat model to focus on authentication services and digital signatures rather than stored data alone. “The threat to encryption is relevant today with store-now-decrypt-later attacks,” Adkins and Schmieg stated.
The concern extends beyond theoretical risk. Citi modeled a quantum attack scenario in February 2026 on the U.S. banking system, estimating that a quantum-enabled breach of a single top-five U.S. bank’s Fedwire access could trigger a cascade impact of $2 trillion to $3.3 trillion across the U.S. economy, with real GDP declining 10% to 17%.
Gault emphasizes the authentication layer’s unique vulnerability: “The particularly uncomfortable reality for financial institutions is that the authentication records being harvested aren’t just sensitive. It’s the proof layer that determines who owns what, who authorized which transaction, and who bears legal liability.”
The “harvest now, decrypt later” strategy assumes adversaries are already stockpiling encrypted traffic at scale, waiting for quantum computers to become powerful enough to decrypt it retroactively. Gault describes this shift in adversary behavior: “CISOs and security teams have been trained to protect data at rest. What nobody wants to say out loud is that the adversary’s strategy has changed. They’re patient, they have storage, and they’re building a library of today’s encrypted traffic to decrypt the moment quantum capability crosses the threshold.”
The Global Risk Institute estimates a 19% to 34% probability that a cryptographically relevant quantum computer will arrive by 2034, providing a window for institutions to migrate to quantum-resistant encryption standards.
Ethereum has launched a coordinated post-quantum migration. Bitcoin and major crypto exchanges and custodians have not publicly committed to similar protections for wire-level signing infrastructure. CoinShares, in a February 2026 report, argued that wallet-key quantum theft risk is overstated, estimating only 10,200 BTC concentrated enough to move markets. That contrasts with 6.9 million BTC sitting in addresses with exposed public keys, which a sufficiently powerful quantum computer could crack in approximately 9 minutes.
The vulnerability extends across infrastructure layers. Cross-chain bridge proofs, exchange API authentication packets, signed transactions in public mempools, and back-channel signing traffic between cold storage and trading desks all sit on the same vulnerability spectrum as bank-grade encryption, according to Gault and Google’s assessment. The gap between Bitcoin’s current posture and the urgency of the threat remains unresolved as quantum hardware development accelerates.
