
Zerotier CEO Andrew Gault warns adversaries are harvesting encrypted crypto traffic today for future quantum decryption. Bitcoin and Ethereum face divergent timelines.
The crypto industry's focus on quantum-proofing wallets may be aimed at the wrong target. Zerotier CEO Andrew Gault argues the most pressing danger is not stored keys but the encrypted transaction data that adversaries are quietly harvesting today.
Gault described a strategy security researchers call "harvest now, decrypt later." An attacker does not need a working quantum computer today to benefit from one tomorrow. Encrypted traffic can be copied and stored cheaply now, then decrypted years later once a sufficiently powerful machine exists. That turns the quantum threat from a future event into a present-day data-collection problem.
"The financial system's most dangerous vulnerability isn't stored data, it's the data moving between institutions right now. Every interbank message, every payment authentication record, and every digital signature traveling across a network today is being collected by sophisticated adversaries who don't need to read it yet."
Post-quantum cryptography (encryption designed to withstand quantum attacks) only protects information going forward. Anything captured before the upgrade remains exposed to retroactive decryption. Gault and others argue the clock is already running because adversaries are stockpiling encrypted traffic today.
The data being harvested is not just sensitive. Gault described the authentication records moving across networks as "the proof layer that determines who owns what, who authorized which transaction, and who bears legal liability." If that layer can eventually be decrypted and forged, the consequences extend well beyond individual wallets. Settlement records, signatures and payment confirmations underpin the trust between banks, exchanges and blockchains. An adversary able to rewrite or impersonate them in the future could call past transactions into question – a systemic risk rather than a series of isolated thefts.
Most quantum-risk discussions in crypto focus on the elliptic curve digital signature algorithm (ECDSA) used by Bitcoin and many other chains. A powerful enough quantum computer running Shor's algorithm could derive private keys from public keys, emptying wallets. That scenario is well understood, and solutions such as quantum-resistant signature schemes are being developed.
Gault's warning targets a different vector: the encrypted communications between nodes, exchanges, custodians and settlement layers. Even if wallet keys are eventually upgraded, the historical record of transactions, authorizations and messages remains vulnerable. An attacker who harvests that data today can later forge signatures, dispute ownership or manipulate audit trails.
Key insight: The crypto industry's focus on quantum-proofing wallets may be aimed at the wrong target if adversaries are already collecting the data that proves who owned what and when.
The warning sharpens an uncomfortable contrast between the two largest blockchains. Ethereum has begun a coordinated post-quantum migration, with plans to implement quantum-resistant cryptography in a scheduled upgrade around 2026. The Ethereum Foundation has been working with researchers on Verkle trees and signature aggregation that can accommodate new algorithms without a hard fork that breaks backward compatibility.
Bitcoin has not adopted a comparable plan. Its transactions remain secured by ECDSA, and the community's governance model favors voluntary transitions and waiting for mature standards rather than a forced protocol change. Developers have grown more vocal after years of relative silence, no concrete timeline exists.
Estimates for when a quantum computer could break Bitcoin's encryption vary widely. Analyst Nic Carter believes a so-called Q-Day could arrive by 2035. Other estimates are far more aggressive, placing a code-breaking machine as early as 2027. Google's quantum advances have repeatedly pushed the security debate back into focus. Venture investor Chamath Palihapitiya recently warned that non-state actors could one day target Bitcoin's holdings as a "honeypot."
Risk to watch: If the aggressive 2027 timeline proves accurate, Bitcoin would have only a few years to implement a post-quantum upgrade after Ethereum's planned migration. The gap in preparedness could become a competitive disadvantage for institutions choosing where to settle large transactions.
The read-through for the crypto sector is not uniform. Entities that handle high-value interbank messages, cross-chain settlement or institutional custody face the greatest exposure to the harvest-now threat. Their encrypted traffic today contains the authentication records that could be used to dispute past transactions tomorrow.
Gault's framing naturally favors securing data in transit – the problem his company's product, Zerotier Quantum, addresses. The firm recently launched a networking platform built to meet the U.S. government's highest cryptographic benchmarks, including standards set by the National Institute of Standards and Technology (NIST). That commercial interest does not invalidate the underlying point, it does mean readers should weigh the argument against competing priorities.
Practical rule: The harvest-now thesis is confirmed if more institutions begin auditing their encrypted traffic for quantum vulnerability or if NIST accelerates its post-quantum standardization timeline. It is weakened if quantum computing milestones slip past 2035 or if a practical attack on ECDSA proves harder than current models suggest.
If adversaries are already banking encrypted traffic for a future payday, then the window to protect it is now, not on Q-Day. For Bitcoin in particular, the question is whether a community that prizes deliberate, consensus-driven change can move fast enough to defend data that is being harvested while the debate continues. For Ethereum, the 2026 migration provides a deadline, any data generated before that upgrade remains exposed to retroactive decryption. The crypto sector's quantum risk is not a future problem – it is a present-day data-collection problem that demands a response before the first code-breaking machine comes online.
Prepared with AlphaScala editorial tooling from the source reporting linked above. Indexable analysis may include a cited Alpha Score value. Publishing checks screen each story before release. Educational coverage, not personalized advice.