Citi: Bitcoin more exposed to quantum attacks than Ethereum

Citi analysts wrote in a research note that advances in quantum computing have shortened the timeline for practical attacks on cryptocurrencies, with potential capability arriving between 2030 and 2032. The note cites work suggesting a large quantum computer could derive private keys from exposed public keys and redirect funds.

The bank pointed to estimates from researchers that a 500,000-qubit machine could break current cryptography in minutes. Google’s internal estimate for when a quantum computer strong enough to break widely used encryption might appear is 2032, while other researchers put the date as early as 2030.

Citi described Bitcoin’s exposure as structural. Bitcoin transactions reveal the sender’s public key to the network until a transaction is confirmed, creating a time window in which a quantum attacker could theoretically compute the corresponding private key. The note estimates about 6.7 million to 7 million BTC sit in wallets where public keys are already exposed. Roughly 1 million BTC believed to have been mined by Bitcoin’s creator remain in early address formats that analysts consider particularly vulnerable.

The research note said fixing the problem for Bitcoin would likely require extensive testing and a hard fork, a process that needs broad agreement among miners, node operators and developers. The analysts flagged proposed upgrades BIP-360 and BIP-361 as items to watch for the network’s quantum readiness.

By comparison, the note said Ethereum and other proof-of-stake networks have governance structures that have allowed more frequent protocol upgrades, which may make deployment of quantum-resistant algorithms easier. The analysts added that a quantum-equipped attacker could theoretically gain control of about 33% of staked assets on some networks, which could disrupt block finality or network operations.

At a financial industry event, Michael Shaulov, CEO of crypto infrastructure provider Fireblocks, described the quantum threat as “not actually a threat as people make it out to be” and called Bitcoin’s challenge “mostly a coordination issue.” He urged broader adoption of post-quantum encryption and said algorithms are available for deployment.

Citi concluded that estimates for when quantum computers will reach the power to break current cryptography are still changing, and that the industry has a window to test and implement countermeasures before those machines arrive.