Venture capitalist Tim Draper this week threw a provocative claim into the quantum computing debate: banks will break before Bitcoin does. Speaking on a panel in San Francisco, Draper argued that financial institutions face a 'harvest now, decrypt later' attack—where encrypted transactions are scooped up and stored for future quantum decryption—while Bitcoin's public ledger offers no such archive of private financial activity to plunder.
Why the ledger matters
Draper's logic hinges on a simple difference: bank transactions are encrypted in transit and at rest, which means an adversary can collect today's encrypted bank traffic and wait until a powerful enough quantum machine comes online to decrypt it. Bitcoin, by contrast, is fully transparent. There's no hidden set of transactions to hoard and crack later. The vulnerability, he noted, lies in Bitcoin's ECDSA signature algorithm—addresses that have already sent Bitcoin expose their public key on the blockchain, and a quantum computer running Shor's algorithm could theoretically derive the private key from that exposed key. But SHA-256, which secures Bitcoin's mining network, is considered untouchable for decades.
Bitcoin's community fix is already moving
The Bitcoin development community isn't waiting for a crisis. BIP-360, a proposal that introduces ML-DSA post-quantum signatures approved by NIST, is on the table. Node operators can vote to upgrade the protocol—a self-governance mechanism that banks, bound by government mandates, lack. In contrast, banks in the U.S. must meet NSA's CNSA 2.0 standards by January 2027, forcing a rigid, top-down shift to quantum-safe systems. The timeline is tight, and many institutions haven't started.
The real race isn't who falls first
Draper's point isn't that Bitcoin is immune—it's that the two systems face fundamentally different threats. Banks have an encrypted past to defend and a regulatory deadline to hit. Bitcoin has a transparent past but a flexible upgrade path. Both need changes. But if his timeline is right, the next 18 months will test whether a decentralized network can outpace a centralized one in adapting to the same technology.
