Loading prices…
STKR NewsSTKR News0 of 3 free this month
Bitcoin News

BitGo Adds Quantum-Risk Controls to Bitcoin Custody

BitGo just launched a quantum-risk management suite. It is a calculated move that addresses a problem lingering on the horizon for Bitcoin holders: the threat of decryption.

Originally on Bitcoin Magazine
AB

Adrian Boysel

Contributor

Jul 9, 2026

5 min read

Photo illustration / STKR News

When you spend enough time around developers and miners, the conversation eventually drifts toward the heat death of cryptography. We usually call it the quantum threat. There is this vague awareness that if a powerful enough quantum computer ever comes online, the math protecting your private keys becomes about as useful as a screen door on a submarine. Up until now, we have mostly ignored it because current quantum tech is still in its infancy. But BitGo is deciding it is time to stop ignoring it.

The Long Game in Custody

BitGo just announced a new set of tools aimed strictly at institutional bitcoin holders. These tools are designed to identify and mitigate exposure to future quantum computing risks. It is a proactive step, though I have to wonder if it is more about real risk management or just being the first to put a marketable face on a theoretical problem. For BitGo, which handles a massive chunk of the institutional custody market, the move makes sense. They are selling peace of mind to the people most likely to be terrified by high-level academic research papers.

The threat is simple to understand but difficult to fix. Shor’s algorithm is the main bogeyman here. Theoretically, it allows a quantum computer to derive a private key from a public key. Since Bitcoin relies on the difficulty of that specific mathematical derivation, a quantum-capable adversary could, in theory, spend anyone’s funds. The catch is that current quantum computers don't have enough qubits to pull this off yet. We are probably a decade or more away from a "Shor-capable" machine that can crack ECDSA, the signature algorithm Bitcoin uses.

Scanning for Vulnerability

What BitGo is actually shipping is a way to look at existing wallet architectures and flag addresses that are most at risk. In the early days of Bitcoin, public keys were often exposed directly on the ledger. Today, we use hashed addresses, which provides a layer of protection until the moment you actually spend from that address. Once you send a transaction, your public key is revealed to the network. This is where the risk lives. If your funds are sitting in an old-style P2PK address, you are effectively a sitting duck for a future quantum attacker.

BitGo’s tools help large-scale holders identify these "naked" public keys. For a fund manager holding billions, knowing which vintage of Bitcoin addresses their assets reside in is a basic auditing requirement. It allows them to rotate funds into newer, more secure address types before the threat becomes active. It is basically the digital equivalent of checking the structural integrity of a vault before a known earthquake hits ten years from now.

The Architect's Perspective

From a builder's point of view, this move by BitGo is interesting because it signals a shift in what "security" means for institutional infrastructure. We are moving past the era where keeping keys in a cold room was enough. Now, we have to start thinking about the underlying math itself becoming obsolete. If you are building custody tech today, you can't just rely on the existing standards and assume they are permanent. You have to build with agility in mind.

One of the biggest hurdles for Bitcoin is that it isn't easy to upgrade. For the network to become fully quantum-resistant, we would likely need a soft fork to introduce post-quantum cryptography (PQC) signature schemes like Lamport signatures or something similar. These signatures are much larger than the current Schnorr or ECDSA signatures, which means they take up more space on the blockchain and lead to higher fees. It’s a trade-off: security versus scalability. BitGo is positioning themselves to handle that transition whenever the network finally decides to make it.

Is This Premature?

I tend to stay skeptical of anything that sounds like it was born in a marketing brainstorm session for "Quantum-Resistant Blockchain." We have seen plenty of shitcoins claim quantum resistance as a feature, usually to distract from the fact that no one is using their network. However, BitGo isn't a startup looking for VC hype. They are the plumbing. When the plumbing company starts talking about rust, you should probably pay attention.

There is also the "harvest now, decrypt later" strategy to consider. This is a tactic where state actors or wealthy entities capture encrypted data today and store it until quantum computers are powerful enough to crack it in the future. For Bitcoin, you can't really "hide" your public key once it has been broadcast to the mempool. If an attacker records the blockchain today, and in 2035 they get a 10,000-qubit computer, they can go back and scrape every exposed key they recorded decades prior. BitGo’s push for address rotation is a direct counter to this long-term data harvesting.

Building for the Next Decade

If you are a founder in this space, the takeaway here isn't to go out and rewrite your entire codebase for quantum resistance tomorrow morning. You have time. But you should be looking at your wallet implementations and how you handle key rotation. If your system makes it difficult for a user to move funds from an old address type to a new one, you are creating a future liability. The best way to survive a quantum-capable future is to facilitate movement to newer, more robust standards as they emerge.

We also need to look at the pressure this puts on the core developers. As institutional giants like BitGo start offering these tools, the demand for a post-quantum Bitcoin improvement proposal (BIP) will increase. The builders who win the next decade are the ones who realize that "immutable" shouldn't mean "un-upgradable." We need systems that can withstand the evolution of computing power without losing the properties that make Bitcoin valuable in the first place.

The Founder's Takeaway

BitGo’s move is a signal that institutional risk management is maturing. It’s no longer just about preventing hacks or insider theft; it’s about future-proofing against the inevitable progress of hardware. Don't fall for the hype of people selling "quantum blockchains," but do start auditing your own exposure to legacy address formats. The best way to compete with giants like BitGo is to ensure your users have the same level of visibility and control over their long-term cryptographic health.

  • Check Legacy Addresses: Funds in P2PK (Pay to Public Key) are the highest risk category.
  • Promote Rotation: Encourage users to move assets into modern, hashed address formats.
  • Watch the Standards: Keep an eye on NIST and the Bitcoin core mailing list for consensus on post-quantum signature schemes.

Read the original at Bitcoin Magazine →

The Brief

Stay Updated on Cutting-Edge Tech

A six-minute morning dispatch on the markets and the technology shaping them.

Free. No spam. Unsubscribe anytime.

Write for STKR

Become a Contributor

Earn $STKR for published stories on markets, protocols, and culture.

  • Earn $STKR for every published piece
  • Editorial support from the STKR desk
  • Byline visibility across the network
  • First look at the upcoming creator program
Apply to Write

Keep reading

All stories

Comments

24 reader responses