Bitcoin faces greater quantum risk than Ethereum, Citi says
Bitcoin faces a greater quantum-computing threat than Ethereum, Citi said in a note published Friday, warning that advances in the field are narrowing the window for crypto networks to migrate to post-quantum security. The bank said Bitcoin’s slower governance model leaves it less able to respond quickly, while Ethereum’s proof-of-stake design may allow faster upgrades. Citi estimated that 6.5 million to 6.9 million BTC, or roughly one-third of circulating supply, already have exposed public keys and could be vulnerable if sufficiently powerful quantum machines emerge [1][2][9].
Key Metrics
- Citi estimates 6.5 million to 6.9 million BTC have exposed public keys, leaving a large share of supply potentially vulnerable to future quantum attacks [1][2].
- The bank said Bitcoin’s conservative governance makes protocol upgrades slower than on proof-of-stake networks, increasing implementation risk [1][9].
- Ethereum may adapt more easily to quantum-resistant cryptography, although validator keys would still face exposure [1].
- Citi’s report said quantum risk is not limited to crypto, but Bitcoin is especially sensitive because transaction signatures rely on public-key cryptography [7].
- The bank framed the issue as an execution challenge as much as a technology one, with post-quantum standards already available but not yet broadly deployed [6][7].
Subscribe to our Social Media for Exclusive Crypto News and Insights 24/7!
Citi’s warning lands at a time when quantum computing is moving from a long-dated theory to a more immediate security concern. The bank said the risk is not that the blockchain ledger itself fails, but that signature schemes securing ownership and transaction validation could be undermined once quantum machines become powerful enough [7]. That distinction matters for Bitcoin, where exposed public keys can remain visible on-chain long after a transaction is completed.
Why Bitcoin quantum risk looks larger than Ethereum’s
Citi’s central point is that Bitcoin’s governance structure makes rapid cryptographic migration harder than on networks that can upgrade more quickly [1][9]. Ethereum’s proof-of-stake model, by comparison, is presented as more adaptable to quantum-resistant changes, even though it is not immune to the broader threat [1].
Analysts note that the difference is less about which chain is technically more advanced and more about how quickly each ecosystem can coordinate a security upgrade. Interpretation based on available data. For Bitcoin, that coordination challenge is meaningful because the vulnerable surface is already sizeable: Citi’s estimate of 6.5 million to 6.9 million BTC refers to coins tied to public keys that have already been exposed on-chain [1][2].
| Network | Citi assessment | Main reason for exposure | Implication |
|---|---|---|---|
| Bitcoin | Greater quantum risk | Slower governance and many exposed public keys | Higher migration risk if quantum breakthroughs arrive sooner |
| Ethereum | Lower relative risk | More flexible protocol upgrade path | Faster path to quantum-resistant changes, though validator keys remain at risk |
The bank’s framing does not suggest an imminent break in Bitcoin security. It does, however, place the asset at a relative disadvantage if the timeline to quantum-capable attacks compresses faster than protocol changes can be coordinated [1][7][9].
Exposed Bitcoin keys remain the core risk
The immediate concern in Citi’s note is not the full Bitcoin supply, but the subset of coins tied to addresses with publicly visible keys [1][2]. That includes older address types and wallets where the public key has already been revealed on-chain, creating a future target if a quantum attacker can derive the corresponding private key [7].
Citi said about one-third of circulating Bitcoin supply may be exposed in this way [1][2]. The practical consequence is that holders of older wallets, long-dormant coins and some legacy address formats face a different security profile from users whose public keys have not yet been disclosed.
| Risk area | Citi view | Market implication |
|---|---|---|
| Exposed Bitcoin public keys | Large share of supply potentially vulnerable | Raises concern over legacy wallets and long-dormant holdings |
| Validator or staking keys | Present on PoS networks as well | Ethereum is not risk-free, only comparatively more adaptable |
| Protocol upgrade speed | Slower on Bitcoin | Increases execution risk if post-quantum migration becomes urgent |
Citi’s report also pointed to broader industry efforts. Post-quantum cryptography standards already exist, and the bank said the main obstacle is implementation at scale rather than the lack of a technical path [6][7]. That makes the issue a market structure problem as much as a cybersecurity one. Networks, custodians and wallet providers would need to coordinate migrations without disrupting user access or confidence.
Market relevance for Bitcoin holders and institutions
For investors, the immediate market relevance is not a price call. It is a custody and operational risk issue. Market participants view the issue as a test of how quickly the crypto industry can harden infrastructure before quantum advances become commercially relevant. Interpretation based on available data.
That matters for institutional adoption. Large holders, exchanges and custodians need certainty around key management, upgrade timing and asset recovery policies. Bitcoin’s slower governance could become a disadvantage if clients begin to prefer networks seen as quicker to adapt. Ethereum, while still exposed in parts of its validator stack, may benefit from that perception [1][9].
At the same time, the warning has clear limits. Citi did not say quantum computers can break Bitcoin today, and the timeline remains uncertain. The bank’s own cited probability estimates for a “Q-day” vary widely, underscoring how difficult it is to pin down when the threat becomes operational [7]. That uncertainty cuts both ways: it reduces the chance of immediate disruption, but it also leaves less room for complacency if progress accelerates faster than expected.
What happens next
The key risk is execution. Post-quantum standards are available, but converting a global asset base with legacy wallets, dormant coins and diverse custody practices will take time [6][7]. If quantum computing progress continues to accelerate, the first pressure point may be on older Bitcoin holdings rather than the network as a whole.
For now, Citi’s warning is most significant because it reframes quantum computing from a distant academic issue into a concrete difference in protocol resilience. That leaves Bitcoin with a larger security transition ahead than Ethereum, and the gap could matter more if the industry has to move before it is fully ready [1][7][9].
Sources
- https://phemex.com/news/article/citi-warns-of-accelerated-quantum-computing-threats-to-bitcoin-security-83156
- https://www.mexc.com/news/1100053
- https://www.mexc.com/news/1099982
- https://www.citigroup.com/rcs/citigpa/storage/public/Citi_Institute_Quantum_Threat.pdf
- https://thefinanser.com/2026/01/quantum-computing-a-threat-or-opportunity
- https://thequantuminsider.com/2026/02/10/citi-puts-a-multi-trillion-dollar-price-tag-on-the-quantum-cybersecurity-threat/
- https://www.citigroup.com/rcs/citigpa/storage/public/Citi_Institute_Quantum_Threat.pdf
- https://www.binance.com/en-TR/square/post/324481312576290
- https://www.coindesk.com/tech/2026/05/18/bitcoin-faces-outsized-quantum-threat-as-computing-breakthroughs-accelerate-citi-says
