A new report from Wall Street bank Citi warns that accelerating progress in quantum computing presents a growing threat to Bitcoin, potentially putting about one-third of its circulating supply—worth roughly $450 billion—at risk.
"While large-scale quantum attacks remain a medium-term concern, the pace of progress has shortened the horizon and warrants closer attention from investors," Citi analyst Alex Saunders wrote in a May 18 report. The bank highlights that a sufficiently powerful quantum computer could break the elliptic curve (ECDSA) cryptography that secures Bitcoin wallets.
The report estimates that between 6.5 million and 6.9 million bitcoin are vulnerable because their public keys have been exposed on the blockchain. This includes early "pay-to-public-key" (P2PK) addresses, dormant wallets, and even wallets believed to belong to Bitcoin's creator, Satoshi Nakamoto. An attacker with a quantum computer could theoretically derive the private keys from these public keys and steal the funds.
At stake is the fundamental security model that has protected the network for over a decade. The report flags a specific strategy known as "harvest now, decrypt later," where attackers could be collecting encrypted transaction data today to break it once quantum computers are powerful enough. The bank notes that Bitcoin’s conservative governance and slower protocol upgrade speed make it more exposed than proof-of-stake networks like Ethereum, which can implement security changes more rapidly.
The Quantum Threat Explained
The vulnerability stems from a core component of how Bitcoin transactions are signed. While modern Bitcoin wallets use addresses that do not expose the public key until the first transaction is sent, a significant portion of the supply, particularly from the network's early days, does not benefit from this protection. For these coins, the public key is permanently visible on the public ledger.
Citi's analysis points out that this makes Bitcoin a prime target for future quantum attacks. The report contrasts this with Ethereum, which has a more flexible architecture that could allow for a faster transition to post-quantum cryptographic standards. While the hardware required for such an attack is believed to be years away, the report's warning centers on the narrowing timeline and the immediate risk of data harvesting.
Mitigation and Market Context
The Bitcoin developer community is aware of the threat and is discussing potential upgrades. The Citi report specifically mentions Bitcoin Improvement Proposals (BIPs) 360 and 361 as developments to watch for potential long-term solutions involving post-quantum cryptography.
This technological risk emerges as Bitcoin navigates a complex macro environment. The asset has shown a high correlation to tech stocks, making it susceptible to broader market corrections like the one warned about by some prominent investors. At the same time, potential regulatory clarity in the U.S. could provide a significant tailwind. For investors, the quantum threat adds another long-term variable to an already intricate risk profile. The ability of the Bitcoin network to adapt and implement a quantum-resistant upgrade will be a critical test of its long-term viability.
This article is for informational purposes only and does not constitute investment advice.
