Citi Warns of Bitcoin’s Quantum Vulnerability as Millions of BTC at Risk

Citi has issued a stark warning that Bitcoin faces an outsized quantum computing threat, with an estimated 6.5 to 7 million BTC already vulnerable to potential attacks. In a research note published May 18, analysts at the banking giant highlighted that accelerating advances in quantum computing are shortening the timeline for machines capable of breaking Bitcoin’s encryption. Recent projections suggest a sufficiently powerful quantum computer could emerge as early as 2030-2032. The vulnerability centers on Bitcoin addresses that expose public keys on-chain, especially older pay-to-public-key (P2PK) formats. Citi estimates that between 6.5 and 6.9 million BTC—roughly one-third of circulating supply valued at around $450 billion—have these exposed keys. That includes wallets believed to belong to Bitcoin’s pseudonymous creator, Satoshi Nakamoto, which hold approximately 1 million BTC worth $82 billion at current prices. The note points to a “harvest now, decrypt later” risk where attackers could collect encrypted data today for future quantum-enabled decryption. Bitcoin’s decentralized governance further compounds the problem. Transitioning to quantum-resistant cryptography requires broad consensus among miners and node operators, a process that historically takes years, making rapid protocol upgrades slow and difficult. Proposed upgrade paths like BIP-360 and BIP-361 are in development but face coordination hurdles. By contrast, proof-of-stake networks such as Ethereum are better positioned due to more flexible governance and regular upgrades, though Citi notes they present a larger attack surface. Citi remains optimistic about crypto’s long-term ability to adapt through post-quantum cryptography, but emphasizes that the pace of progress warrants closer investor attention.