Banks finally started buying up vaults. BNY, the world’s largest custodian with $59.4 trillion in assets under custody and management, announced in May that it would offer custody of Bitcoin and Ethereum in Abu Dhabi. A few weeks later, Standard Chartered confirmed its full acquisition of Zodia Custody, the digital asset custody company it founded in 2020, with the deal expected to close by the end of August.
Once a back-office concern for crypto-native companies, custody is now a strategic priority for the world’s largest banks.
But just as the industry admits it has unresolved crypto problems, the institutions best known for risk management are stepping into Bitcoin’s infrastructure.
A new report from Taurus, a Swiss digital asset technology company that counts Deutsche Bank as one of its backers, argues that all custodians currently on the market are still exposed to the future quantum transition, and that one of the industry’s most popular custody architectures could face structural limitations when blockchain eventually moves to quantum-proof signatures.
To understand why, it helps to understand what cryptocurrency managers actually do. Owning Bitcoin means controlling your private key, a long secret number that allows the movement of your coins. Anyone who knows that number can use the asset, and anyone who loses it loses it forever.
The custodian’s entire job is to protect these keys and use them to create digital signatures, mathematical proofs that tell the network that a transaction is genuine. Every spot Bitcoin ETF, every tokenized fund, and every corporate financial position ultimately depends on how custodians generate, store, and use these keys.
Two types of architecture dominate that business.
Multi-party computation (MPC) splits the key into fragments held on separate machines, so the complete number never exists in one place and thieves have to break into multiple systems at once.
Hardware security modules (HSMs) take the opposite approach, locking the key inside a single piece of specialized tamper-resistant hardware that automatically destroys it if someone interferes with it.
The Taurus report argues that with the arrival of quantum computers, these two designs will face very different futures, and that the differences should be relevant to any institution choosing a custody stack today.
Vault preparation may be completed before blockchain is built
The signatures that secure Bitcoin and Ethereum rely on elliptic curve cryptography, a branch of mathematics built on problems so difficult that even all the computers on the planet working together cannot undo them.
big enough quantum A computer running Scholl’s algorithm could solve these problems very quickly. This means that it is possible to read public keys on the blockchain, derive the corresponding private keys, and forge transactions.
But that machine is still hypothetical. Current quantum computers are research prototypes with about 100 qubits, far short of the hundreds of thousands of qubits needed, and in Taurus’ own view, based on current evidence, it is highly unlikely that we will see a cryptographically relevant machine before 2040. igcurrencynews has repeatedly pointed out how headlines exaggerate short-term dangers.
The need for action now comes down to timelines, not panic. The US standards organization NIST published the first post-quantum cryptography standard in August 2024, providing the world with a vetted alternative algorithm.
NIST IR 8547 states that the current signature scheme will be phased out after 2030 and prohibited after 2035. A transition of this scale will take years, and Wall Street has already started a discussion How should Bitcoin adapt?
The report’s most valuable insights concern the constraints specific to blockchain. Banks can upgrade their own internal security this quarter, and many already offer quantum-secure web connectivity.
However, Bitcoin is outside the control of a single institution. When an administrator signs and broadcasts a transaction, thousands of independent computers around the world check the signature against the network’s shared rules, which currently only recognize the classic scheme.
Today, administrators who implement post-quantum signatures will generate transactions that Bitcoin or Ethereum will simply reject as invalid.
Changing the rules would require protocol upgrades, wallet updates, agreements among node operators, and the migration of millions of users, a process already underway with proposals such as Bitcoin’s BIP-360 and Ethereum’s Post-Quantum Research Agenda.
This is why all providers, including Taurus, continue to rely on the chain itself. A realistic goal is to make all layers of custodian control quantum-enabled and move them on-chain once the ecosystem gets there, and Taurus estimates this could happen by 2029 or earlier, the report claims.
The report also makes a counterintuitive observation, which it calls the quantum gravity principle. This means that a computer capable of decoding Bitcoin will almost certainly be targeted to richer targets, such as state secrets or banking infrastructure, and even knowledge of its existence will cause the cryptocurrency’s price to collapse before there is any payback for the theft.
The short-term danger is a “harvest-now-decrypt-later attack.” In this attack, an attacker records today’s encrypted traffic, stores it cheaply, and then decrypts everything when a functioning machine arrives.
Why MPC became a flashpoint for quantum security
The most pointed claim in the report concerns MPC, the architecture favored by many cryptocurrency-native custodians and fintechs. Taurus acknowledges that splitting keys between machines makes theft harder, as an attacker would need to compromise multiple systems rather than a single one.
The problem is that all these machines work together to produce regular elliptic curve signatures, which are the only kind that blockchains accept, so the mathematics that quantum computers attack remains the same no matter how many parties share the work.
MPC systems also rely on proprietary cryptographic mechanisms to authenticate participants and secure the channel between them, many of which are based on the same weak mathematical assumptions.
A structural discussion then follows. Top-of-the-line HSMs from vendors such as Thales already run post-quantum signature algorithms in hardware depending on the firmware version, so supporting the new scheme will most likely mean installing it.
MPC faces a more difficult path because each new family of signatures requires researchers to invent new protocols to compute that signature across multiple machines without assembling keys. For lattice-based schemes such as ML-DSA, these protocols will only appear in 2025 and 2026 and have not yet been validated for production use.
For hash-based schemes such as SLH-DSA, the report claims there are fundamental mathematical barriers. A hash function intentionally scrambles any structure in its input, a structure that multiparty protocols exploit to split the signing effort.
This finding is painful because most networks opt for hash-based signatures. Circle’s post-quantum roadmap for Arc chooses SLH-DSA-SHA2-128 for smart account validation, Aptos has proposed the same scheme, and Ethereum researchers are also considering hash-based options.
This claim deserves more scrutiny than acceptance. Taurus has built custody technology with roots in HSM and has a commercial interest in this comparison. The report clarifies that it was prepared solely by Taurus without independent verification.
SLH-DSA also carries its own practical baggage, as the signature is 7,856 bytes versus today’s standard of 64 bytes. This is not suitable for signing large numbers of transactions under any architecture.
MPC vendors will likely adapt to lattice-based schemes if they win, but it remains to be seen whether hash-based signatures will actually become the primary choice for blockchains. Non-Taurus cryptographers should consider whether the incompatibility is as broadly applicable as claimed.
Still, the underlying tensions in this data certainly exist even if we ignore the warnings. Banks, ETF custodians, and exchanges are concentrating billions of dollars in customer assets within custody architectures chosen years before anyone knew what kind of post-quantum scheme blockchain would adopt.
Once the transition occurs, it may require rotating wallets, generating new addresses, obtaining customer approvals, and absorbing operational pauses across the institutional stack, with auditors, insurers, and regulators monitoring every step of the way.
The larger question raised by BNY and Standard Chartered goes beyond whether banks should hold Bitcoin keys. It asks if the safe they are purchasing today can be rebuilt with the assets still in it.
(Tag translation) Bitcoin
