Loading prices…
🩸BEARISH

Citi: Bitcoin faces outsized quantum computing threat

The warning lands as recent breakthroughs shorten the timeline to a machine capable of breaking Bitcoin's elliptic-curve cryptography — a risk Citi says is concentrated in Bitcoin and a handful of…

Citi warned that Bitcoin faces an outsized quantum-computing threat as recent breakthroughs shorten the timeline to a machine capable of breaking the network's elliptic-curve cryptography. The bank's research note frames Bitcoin — along with a handful of older chains that reuse vulnerable address formats — as disproportionately exposed relative to protocols built on post-quantum signature schemes.

Why it matters

The risk is not speculative, just front-loaded: a cryptographically relevant quantum computer would let an attacker derive a private key from a public key exposed on-chain, draining any address that has ever spent funds. Roughly a quarter of all Bitcoin sits in address types that would be directly vulnerable, Citi notes, because the public key is visible after the first spend. The threat is asymmetric — most newer chains and L2s have a cleaner migration path to post-quantum signatures than Bitcoin's ossified upgrade process.

Market impact

The report lands as several recent demonstrations — including error-corrected logical qubits and small-scale Shor's algorithm runs — have pulled the consensus horizon forward to the late-2020s to early-2030s window. Developers and standards bodies are already drafting quantum-resistant signature schemes, but a Bitcoin-wide migration would require years of coordination across miners, node operators, and holders. Until that path is concrete, Citi frames the risk as priced in only partially — a tail that the market is starting to discount, but not yet fully.

Related tokens
$BTC

Frequently asked questions

  1. Why does Citi say Bitcoin is more exposed to quantum risk than other chains?

    Bitcoin's elliptic-curve signature scheme is reused on a large base of legacy addresses whose public keys are exposed on-chain, and the network's governance and upgrade process makes a coordinated migration to post-quantum signatures slower than on newer chains.

  2. How much Bitcoin is in vulnerable address types?

    Citi's note flags that roughly a quarter of all Bitcoin sits in address types where the public key becomes visible after the first spend, putting those funds directly in the line of a future quantum attack.

  3. What kind of quantum computer would actually break Bitcoin?

    A cryptographically relevant quantum computer — one capable of running Shor's algorithm at scale against a 256-bit elliptic-curve key — would let an attacker derive a private key from a public key visible on-chain and drain the associated address.

  4. When could a quantum attack realistically happen?

    Citi frames the horizon as the late-2020s to early-2030s window, citing recent breakthroughs in error-corrected logical qubits and small-scale Shor's algorithm demonstrations as the inputs that have pulled the timeline forward.

  5. Could Bitcoin migrate to post-quantum signatures?

    In principle yes, but a network-wide switch would require years of coordination across miners, node operators, and holders and is materially harder on Bitcoin than on chains built with post-quantum schemes from the start.

Source attribution
Aggregated from CoinDesk · Verified · Last refreshed 49d ago
Open original →