Bitcoin’s Quantum Vulnerability: The “Harvest Now, Decrypt Later” Threat
Experts are raising concerns about the potential for quantum computers to
secretly compromise Bitcoin’s security. One cybersecurity expert believes
this threat is already unfolding.
David Carvalho, formerly a teenage spam hacker and now CEO of Naoris
Protocol, a cybersecurity firm, suggests Bitcoin’s cryptographic defenses
might be insufficient against the advances of quantum computing and
artificial intelligence. He highlights the need for proactive measures to
safeguard the cryptocurrency.
His warning centers on a “harvest now, decrypt later” strategy. In this
scenario, malicious actors are accumulating encrypted Bitcoin transactions,
anticipating future quantum computers powerful enough to decipher the
private keys.
Carvalho’s background lends credibility to his warnings. Starting his
hacking career at age 13, he later advised NATO and Fortune 500 companies
before establishing Naoris Protocol. He now emphasizes the vulnerability
of Bitcoin to quantum computing attacks. He believes the current security
measures, SHA-256 and Elliptic Curve Digital Signature Algorithm (ECDSA),
could be silently breached if updates are delayed, potentially leading to
a silent collapse of Bitcoin systems.
Did you know? Google’s Willow quantum processor achieved
remarkable speed, solving complex problems in minutes that would take
even the most powerful conventional supercomputers approximately 10²⁵
years.
Understanding Bitcoin’s Quantum Computing Vulnerabilities
Bitcoin’s security architecture relies on two main cryptographic
techniques: SHA-256, which protects the mining process and the
integrity of transactions, and ECDSA, which safeguards private keys with
signatures considered unbreakable by today’s computers.
Classical computing views brute-forcing either of these systems as
practically impossible, requiring timescales longer than the universe’s
age. However, quantum computing introduces a game-changing threat to
Bitcoin.
Algorithms, such as Shor’s algorithm, could potentially enable powerful
quantum computers to derive a private key from a public key in a matter
of minutes. This would allow malicious parties to seize funds from any
exposed address, even before a transaction is confirmed.
Experts caution against a simplistic view of cryptocurrency security as
“safe until Q-Day” (Quantum Day). Nation-states and cybercriminal
organizations are reportedly already collecting data, anticipating the
“harvest now, decrypt later” scenario. They are secretly building
archives that they hope to unlock once quantum computing hardware reaches
maturity.
The convergence of AI and quantum technology may drastically accelerate
this timeline. Carvalho posits that AI could pinpoint weaknesses in
blockchain cryptography, while quantum hardware would provide the sheer
computational force to exploit them. This combination, AI assisting
quantum to crack Bitcoin’s security, could hasten the date when current
cryptography becomes obsolete.
The exposure is already apparent. Estimates suggest that 25% to 30% of
all Bitcoin, approximately 6 million to 7 million BTC, resides in legacy
address types such as pay-to-public-key (P2PK) or reused P2PK hashes.
These formats expose public keys, making them instantly vulnerable as soon
as quantum attacks become viable. These inactive and reused coins
represent a substantial portion of the circulating Bitcoin supply and, by
extension, affect Bitcoin’s overall price stability and adoption.
Agencies like the National Institute of Standards and Technology (NIST)
and the National Security Agency (NSA) are urging a shift to
post-quantum cryptography, targeting migration between 2030 and 2035 to
secure critical systems. If Bitcoin’s upgrade lags, it could become a
cautionary tale, highlighting the clash between the leading digital asset
and a new computing paradigm that could reshape digital asset protection
and cryptocurrency security.
Carvalho emphasizes that the window for transition is closing. Without
decisive action to update Bitcoin’s cryptography and invest in
quantum-resistant blockchain security, he fears the industry may realize
too late that the risk of quantum disruption was not a distant threat.
Did you know? Some estimates suggest that breaking a
Bitcoin wallet’s ECDSA key within one hour would optimistically require
around 13 million logical qubits (or over 300 million physical qubits,
depending on error correction).
The Looming Threat: A Potential Silent Collapse of Bitcoin Systems
David Carvalho warns of a “silent collapse of Bitcoin systems,” driven by
a new generation of AI-powered quantum attacks capable of breaking
signatures, transferring funds, and evading detection.
Instead of a sensational, headline-grabbing exploit, these attacks would
gradually erode trust in the blockchain by reshaping balances and
consensus without leaving easily identifiable forensic traces.
In this scenario, conventional security measures would be largely
ineffective. Penetration tests, anomaly detection software, and even
watchdog nodes could fail to detect the breach. AI could autonomously
search for weaknesses in blockchain cryptography, simulate network
behavior, and adapt its tactics in real-time, while quantum machines
silently crack private keys in the background.
Carvalho’s message is clear: there will be no live demonstration of a
key-cracking algorithm. Instead, the integrity of the system would
deteriorate subtly – a missing transaction here, a governance vote
surreptitiously altered there, funds inexplicably redirected – until
Bitcoin adoption suffers a crisis of confidence.
Quantum-Resistant Blockchain Security: A Deeper Look
Developers are taking the quantum threat to Bitcoin seriously, and several
defensive strategies are underway. These efforts highlight the challenges
of achieving true protection.
-
BIP-360 (Pay-to-Quantum-Resistant-Hash, or P2QRH): This proposal
introduces quantum-resistant signature schemes and hybrid address
formats, enabling a gradual migration to post-quantum cryptography. It
adds new layers of protection without disrupting the existing system
overnight. -
Post-quantum infrastructure: Companies like Naoris Protocol are creating
decentralized networks that incorporate quantum-resistant blockchain
security directly into transaction layers. This approach combines
real-time threat detection with cryptography that does not rely on
vulnerable elliptic curves. -
Quantum-safe technologies: STARK-based zero-knowledge rollups are
gaining traction for their hash-based proof systems, which circumvent
many of the weaknesses that quantum computers are expected to exploit.
However, even the best solutions face a critical challenge: Bitcoin’s
strength lies in its decentralization, which complicates large-scale
upgrades. A significant update to Bitcoin’s cryptography, especially
replacing its core signature scheme, requires widespread agreement among
miners, node operators, wallet providers, and users.
Even with consensus, the migration will be slow and complex. Millions of
users will need to transfer coins from legacy addresses to
quantum-resistant ones. If adoption is incomplete, older coins will remain
vulnerable, undermining the goal of cryptocurrency security in the quantum
era.
Did you know? The Naoris Sub-Zero Layer can be
integrated into Ethereum Virtual Machine-compatible blockchains in as
little as 48 hours, providing post-quantum protection without requiring
hard forks or disrupting existing contracts.
Securing Crypto in the Quantum Age: Differing Perspectives
Not everyone shares Carvalho’s level of concern.
Michael Saylor, Executive Chairman of MicroStrategy, has downplayed the
quantum threat to Bitcoin, dismissing it as exaggerated. In an interview,
he characterized it as a “quantum marketing gimmick,” suggesting that
companies developing quantum computers, like Google and Microsoft, would
not release technology capable of breaking their own encryption. He also
asserted that “Bitcoin can just be upgraded” if necessary.
While not as dismissive, the broader expert sentiment remains measured.
Many cryptographers estimate the risk horizon for quantum computing
attacks on Bitcoin to be a decade or more, with the most conservative
estimates pushing it into the 2040s. Optimists suggest the tipping point
may not arrive until after 2035, while pessimists warn it could be as
soon as five to ten years.
While panic is unproductive, complacency could be even more detrimental.
Most cryptocurrency security experts agree that proactive preparation for
potential quantum computing attacks on Bitcoin wallets is far safer than
reacting to a crisis later.
If Bitcoin’s stakeholders coordinate their efforts to enhance digital
asset protection now, the transition to post-quantum cryptography could
resemble a controlled upgrade. Delaying action could lead to the “silent
collapse” scenario that Carvalho fears.