A machine is gradually learning to read things it was never designed to read somewhere in a cold lab, most likely humming at a temperature colder than space. No one can predict with certainty when it will be successful. That is a portion of the issue. The professionals who study this talk about it in the same way that sailors used to discuss storms that were visible on the horizon—not quite here, but close enough to begin tying things down.
The moment a sufficiently powerful quantum computer breaks the encryption holding the world’s money together is known in the industry as “Q-Day.” The lack of a date stamp on it makes it an odd kind of deadline. Google pushed everyone toward 2029 in a March report. The likelihood that we will reach Q-Day before 2035 is about one in three, according to Michele Mosca, who contributes to the creation of the yearly Quantum Threat Timeline. He once likened it to Russian roulette, and the analogy has endured, presumably because it better conveys the atmosphere than a chart could.
| Headings | Details |
|---|---|
| Topic | The Quantum Decryption Threat to Global Finance |
| Also Known As | Q-Day, “Harvest Now, Decrypt Later” |
| Estimated Window of Risk | 2028 – 2032 |
| Google’s Flagged Target Year | 2029 |
| Most Exposed Sectors | Banking, payments, crypto wallets, power grids |
| Encryption Standards at Risk | RSA, ECC (widely used across banking) |
| Crypto Assets Flagged | 65% of Ethereum, 25% of Bitcoin |
| Companies Preparing Today | Roughly 5% |
| Recommended Fix | Post-Quantum Cryptography (PQC) migration |
| Historical Parallel | Y2K readiness effort of the late 1990s |
| Key Voices | Michele Mosca (Global Risk Institute), Sridhar Muppidi (IBM Security) |
The quiet portion is what gives the whole thing a heavier feel. Attackers are not required to wait. Today, they can steal encrypted files, store them somewhere inexpensive, and allow them to mature. Intelligence services refer to this as “harvest now, decrypt later,” and reading the Federal Reserve’s most recent working paper on the topic or browsing through dark web chatter gives the impression that the harvest has been ongoing for some time. bank transfer documents. SWIFT correspondence. old correspondence between executives. It’s difficult to ignore how little public discussion there is about it.
Only about 5% of businesses are taking this seriously, according to Sridhar Muppidi, an IBM fellow who advises governments and banks. You never forget that number. RSA and ECC encryption, which were developed long before quantum computing ceased to be a physics department curiosity, hold the financial system together, making it one of the most interconnected machines ever created by humans. There are repercussions that extend beyond a single bank or nation if that math goes wrong. The risk was identified by the Bank for International Settlements last year, and for an organization that prefers to be subtle, the language it used was remarkably direct.
The comparisons to Y2K are common and, while somewhat deceptive, they are fair. There was a set date for Y2K. Engineers were aware of the exact moment of midnight. There is no calendar for Q-Day. We wouldn’t necessarily know if it had already occurred in a secret laboratory in China or the American Southwest. A submarine surfacing, an unexpected intelligence cable leak, or a blackout in London on election night could all be coincidences. Or each might be a tiny clue.
Crypto is in an especially uncomfortable position. Digital signatures, the main concern of post-quantum researchers, are essential to Ethereum and Bitcoin. Roughly 25% of all Bitcoin and 65% of Ethereum are thought to be stored in exposed wallet types. It’s not a rounding error. That is a generational wealth transfer that is just waiting to go awry.
Seeing this develop is frustrating because the solution is known. There is post-quantum cryptography. Standards have been approved by NIST. Although costly and time-consuming, the migration is feasible. The question is whether governments, banks, exchanges, and utilities act before or after the math breaks down. It’s likely to be a little bit of both, given how institutions typically operate. For a while, those who move first will appear suspicious. They will then appear to be the only adults in the room one morning.