Citi Warns Bitcoin Faces Greater Quantum Computing Risk Than Ethereum
Citi warned Monday that Bitcoin (BTC) faces a structurally greater quantum computing threat than Ethereum (ETH), with analysts revising credible attack timelines to as early as 2030. The bank’s research arm flagged that Bitcoin’s reliance on exposed public keys makes it more susceptible than Ethereum, which has already begun transitioning toward quantum-resistant cryptographic standards.
The report estimates that roughly 25% of all Bitcoin in circulation sits in wallets where public keys are already visible on-chain.
Bitcoin Quantum Computing Risk and the 2030 Window
Citi’s analysts said the timeline for a viable quantum attack on cryptocurrency networks has shortened materially. Earlier estimates placed credible risk in the late 2030s.
The revised window of 2030 to 2032 reflects accelerating progress in quantum hardware, particularly in error-correction techniques that were previously the binding constraint. A Fortune article published Monday cited similar institutional caution around Ethereum’s long-term cryptographic architecture, underscoring how broadly the quantum concern is spreading across asset classes.
The core vulnerability Citi identified stems from Bitcoin’s use of the Elliptic Curve Digital Signature Algorithm, or ECDSA.
When a Bitcoin transaction is broadcast, the sender’s public key becomes visible on the blockchain. A sufficiently powerful quantum computer could use that exposed public key to derive the corresponding private key and authorize unauthorized transfers.
Addresses that have never been used to send a transaction, and therefore have never exposed their public key, carry lower risk under this model.
Also Read: Musk Loses OpenAI Lawsuit But Legal Experts Say He Won’t Stop Fighting
Why Ethereum Is Better Positioned
Ethereum’s development roadmap has incorporated post-quantum planning more aggressively than Bitcoin’s. Ethereum co-creator Vitalik Buterin has publicly advocated for integrating STARKs, a form of zero-knowledge proof, into Ethereum’s account abstraction framework as a path toward quantum resistance.
Bitcoin’s decentralized governance model makes coordinating a similar protocol-level change considerably slower.
Citi’s report did not call an imminent threat. The analysts said a fault-tolerant quantum machine capable of breaking ECDSA would require roughly 4,000 logical qubits, a threshold current hardware has not reached.
The 2030 estimate reflects a scenario where hardware progress continues at recent rates.
Background
Quantum computing’s implications for public-key cryptography have circulated in academic literature since at least 2017. The threat became a mainstream institutional concern in late 2024 after Google’s Willow chip demonstrated exponential error-correction improvements.
The National Institute of Standards and Technology finalized its first post-quantum cryptographic standards in August 2024, a move that accelerated enterprise planning timelines. Bitcoin’s core developers have discussed but not formally proposed any quantum-resistance upgrade path.
Also Read: Musk Loses OpenAI Lawsuit as Jury Rules Claims Expired
What to Watch
The Citi report adds institutional weight to a debate that has remained largely academic.
If quantum hardware milestones advance ahead of Citi’s base case, pressure on Bitcoin’s core developers to propose a cryptographic migration will intensify. Any such proposal would require broad network consensus and a fork, making the governance challenge as significant as the technical one.
Ethereum’s roadmap gives it more flexibility to adapt without a contentious upgrade process.
Read Next: Trump Postpones Iran Strike After Gulf Leaders Intervene
