ZeroTier CEO Warns Harvest-Now-Decrypt-Later Attacks Target Crypto Traffic

The crypto industry's long-running anxiety over quantum computers may be missing a far more immediate danger, according to ZeroTier CEO Andrew Gault. Rather than losing sleep over wallet keys that could someday be cracked by futuristic machines, Gault warns that attackers are already intercepting and stashing encrypted network traffic flowing between crypto institutions and exchanges. The original warning paints a picture of silent, ongoing collection of authentication data waiting to be unlocked once quantum computing matures.

The technique — known as "harvest now, decrypt later" — exploits the fact that encrypted traffic secure against classical computers may be trivially broken by a sufficiently powerful quantum system years or decades from now. Authentication tokens, API session keys, and signed messages between major trading desks and custodians all travel over the public internet. If an attacker can capture that data today and reliably store it, they hold a ticking time bomb ready for detonation after quantum breakthroughs.

Gault's warning reframes the quantum security debate away from static private key exposure and toward the dynamic, inter-institutional communications that power the crypto financial system. While Bitcoin holders can safeguard keys by moving funds to quantum-resistant addresses, the authentication flows between firms are harder to retrofit. Once a session token gets exfiltrated, the damage can spread across connected systems that trust that identity.

A Structural Problem for the Growing Institutional Crypto Market

As institutional participation in crypto expands, inter-institutional data pipelines become richer and more critical. Recent tokenization milestones show major financial players executing on-chain settlements with traditional counterparts. Each new link between a bank, an exchange, and a custodian creates additional targets for adversary collectors. The volume of sensitive traffic crossing network boundaries daily gives attackers plenty of raw material to harvest.

The global regulatory and security push for crypto-specific standards has largely focused on custody and settlement finality, not on the network-layer authentication that precedes every transaction. The ongoing legislative battles over market structure leave unanswered how firms should safeguard inter-party communication against long-horizon quantum threats. Regulators have yet to treat network-level harvesting as a present danger.

The asymmetry is stark: harvesting encrypted traffic on a massive scale is cheap, silent, and can be conducted by state actors or advanced criminal groups without detection. Post-quantum defense is expensive and requires coordinated upgrades across an entire industry. Unless the sector starts treating authentication messages with the same urgency as wallet cryptography, Gault's scenario could leave the financial plumbing of crypto permanently compromised.

What Comes Next and What Remains Uncertain

The quantum timescale remains the open question. No one can predict when a fault-tolerant quantum computer capable of breaking elliptic curve or RSA encryption will emerge. Estimates range from five to twenty years. But the "harvest now" part isn't dependent on any breakthrough — it depends only on attackers believing that decryption will eventually be possible. And that belief appears to be priced into the behavior of intelligence agencies and sophisticated cybercrime operations.

For crypto exchanges, prime brokers, and custodians, the practical implication is unsettling: every API call, every cross-venue trade settlement, and every institutional login could already be sitting in a foreign adversary's storage array somewhere. Post-compromise recovery in such a scenario is extremely limited. Rotating API keys after the fact does nothing if the old session data was already captured.

The industry may need to migrate to quantum-resistant key exchange protocols for inter-institutional links long before quantum wallets become standard. Gault's warning makes the case that waiting for quantum computers to actually arrive before addressing the harvest-now threat is like changing the locks on your house only after the burglars have already moved in — technically possible, but somewhat beside the point.