Citi warns Bitcoin faces outsized quantum threat in 2026

This article is for informational purposes only. Always verify information independently before making any decisions.

Bitcoin is now confronting an outsized quantum risk, per institutional analysis from Citi’s 2026 digital asset security update. The bank’s research flags Bitcoin’s slower governance and technical rigidity as exposing more value to quantum attack than rival blockchains such as Ethereum. A critical weakness comes from the over 92% of Bitcoin addresses that have already published their public keys on-chain, making them prime targets for quantum-enabled theft if future computers can crack cryptographic safeguards.

That $500 billion-plus network value has few concrete timelines or community-wide priorities for post-quantum security, leaving the entire ecosystem in a waiting game against advancing cryptanalysis.

Bitcoin’s governance is its quantum weakness

According to Citi’s report, protocol changes on the Bitcoin blockchain have always required protracted debate among core developers, miners, and node operators—a dynamic that becomes a liability in the face of rapid, existential threats.

data show that no single foundation or core development group holds unilateral control over changes. Debate and coordination are core strengths in times of stability, but in the context of quantum risk, these same features slow the adoption of critical technical upgrades.

92% — Bitcoin addresses with exposed public keys

The Core Vulnerability: Exposed Public Keys

Bitcoin’s current cryptographic foundation relies on ECDSA signatures that are secure only if an address’s public key has never been revealed. Over 92% of addresses have exposed their public keys on-chain—often simply by moving funds.

Tens of billions in Bitcoin sit at addresses where public keys have been made public, tracking May 2026’s deep market valuations. And per Citi’s quantum report, attempts to preemptively “sweep” these coins into new, quantum-resistant accounts remain costly and technically challenging.

The ‘Harvest Now, Decrypt Later’ Threat

Bitcoin faces arguably its biggest risk from a tactic known as “Harvest Now, Decrypt Later” (HNDL).

Experts note that “Harvest Now, Decrypt Later” flips digital asset theft from a real-time arms race into a patient waiting game.

Citi’s quantum security documentation points out that the sum of at-risk coin value remains staggering: potentially up to $100 billion at current prices. An uncertain but mounting proportion flagged as actively vulnerable to future exfiltration.

Conclusion

According to Citi’s summary, Bitcoin—and by extension most major blockchains—faces a narrowing window of opportunity to implement quantum-resistant cryptography.

For in-depth technical analysis and continued updates on cryptographic and blockchain security, visit Citi Analyzes Bitcoin’s Quantum Vulnerabilities for full developments as the quantum era approaches.

FAQs

What is the main quantum threat to Bitcoin?According to Citi, a large-scale quantum computer running Shor’s algorithm could decipher private keys from exposed public keys. This allows attackers to spend Bitcoin directly from any address whose key has ever been revealed, without the owner’s consent. The root problem: blockchain records are permanent, so every historic exposure remains an open target.
Why is Bitcoin more at risk than Ethereum?Per Citi’s comparative research, Ethereum benefits from a more agile on-chain governance structure, allowing swifter upgrades to new cryptography if needed. Bitcoin’s upgrade process, by contrast, historically lags due to the need for supermajority consensus across disparate network participants. Technical comparisons alone don’t capture the delay: the problem is structural.
What is “Harvest Now, Decrypt Later”?Citi defines “Harvest Now, Decrypt Later” as a strategy in which attackers store encrypted blockchain data now and wait for the emergence of practical quantum computers to break current security. They don’t need to defeat protections in real time. Instead, they download vulnerable addresses to attack once quantum technology matures, exploiting permanent blockchain visibility.
How much Bitcoin could be at risk?Crypto.news and Citi estimate that tens of billions of dollars in Bitcoin are stored in addresses where public keys are now public. This figure fluctuates with price and usage, but it is believed that up to $100 billion is vulnerable as of May 2026. Any successful quantum exploit could trigger a historic transfer of assets.
Can Bitcoin upgrade its cryptography to become quantum safe?According to Decrypt’s 2026 coverage, upgrades to quantum-resistant algorithms are technically feasible. But implementation requires broad, difficult community consensus—not just for code rewriting, but also for moving funds and auditing new standards. For Bitcoin, this process could take years, stretching the window in which legacy vulnerabilities persist.
When will quantum computers become a real threat?Citi’s roadmap forecasts initial demonstrations of quantum hardware capable of attacking current cryptographic systems as early as 2027. The security migration should finish before, not after, these machines become widely available, because attackers may already be archiving targets.
What can users do to protect their Bitcoin holdings?Per expert guidance in Citi’s quantum security overview, users can move high-value assets to addresses never exposed on-chain and regularly monitor advance warnings for protocol upgrades. However, only protocol-level adoption of quantum-resistant cryptography delivers complete protection. Personal best practices help—but can’t eliminate the underlying network risk.
Is Ethereum immune from quantum attacks?According to Citi and Crypto.news, Ethereum is also vulnerable as it uses similar cryptographic schemes. Its principal advantage is governance flexibility, potentially enabling a faster move to quantum-safe mechanisms if a coordinated upgrade becomes urgent. No network is immune, but timelines for adaptation differ.

Coin Prices

Asset	Price (May 2026)	At-Risk Supply	Quantum Risk Level
Bitcoin (BTC)	–	Up to $100B	Severe
Ethereum (ETH)	–	Unknown	Moderate
Litecoin (LTC)	–	–	Medium

As of May 2026, Bitcoin’s total at-risk market cap due to quantum vulnerability could approach $100 billion, according to Citi’s digital asset research. Ethereum’s unknown percentage of exposed keys means the actual value at risk will depend on how quickly governance can coordinate post-quantum upgrades.

Bitcoin and Ethereum face a quantum computing threat, but Citi says the gap between them comes down to governance, not just technology.

Per Citi’s comparative sector risk review, both Bitcoin and Ethereum are fundamentally susceptible to quantum computer attacks because they deploy ECDSA signature schemes without quantum resistance as of early 2026.

In the end, according to Citi and Decrypt’s 2026 blockchain forecasts, the continued survival of public digital asset protocols will rely not just on technical improvements but on the capacity to reach consensus and implement proactive change before attackers do.

To reach our editorial team or submit questions about ongoing coverage of quantum cryptographic threats to Bitcoin and other protocols, please see further details and contact links at Citi warns Bitcoin faces outsized quantum threat. Up-to-date research and technical alerts will be posted regularly as the industry responds to these emerging risks.

💻 Google Quantum AI warns crypto faces quantum threats. New research shows quantum computers may break elliptic curve cryptography with 20x fewer qubits than estimated.

Urges transition to post-quantum cryptography.🌀Following 2029 timeline with Coinbase, Ethereum Foundation. pic.twitter.com/2CWLm2Qcci
— Bitcoin.com News (@BitcoinNews) March 31, 2026

Search