Overview
- Citi’s digital-asset team, in a Monday research note, warned that faster quantum progress shortens the window for real attacks to 2030–2032.
- The bank estimates 6.5–7 million BTC have public keys already on-chain, leaving about one-third of supply exposed to future key theft and attractive to “harvest now, decrypt later” tactics.
- Citi says Bitcoin’s conservative governance makes rapid upgrades difficult, while Ethereum’s history of coordinated hard forks positions it to adopt quantum‑safe signatures more quickly.
- The risk stems from ECDSA keys becoming visible when transactions are broadcast or when older addresses have already revealed them, and Google’s research suggests a 500,000‑qubit machine could crack those keys in minutes as soon as 2030–2032.
- Proposed defenses include Bitcoin BIP‑360 and BIP‑361 and NIST‑approved post‑quantum algorithms, and wallet teams have begun testing hybrid post‑quantum designs, though industry leaders say coordination remains the main hurdle.