Harvest Now, Decrypt Later
The silent quantum threat already underway. Adversaries are collecting encrypted data today, waiting for quantum computers powerful enough to break its protection tomorrow.
The Attack Is Already Happening
Nation-state actors and sophisticated adversaries are actively harvesting encrypted communications, financial transactions, and blockchain data. They cannot read it today—but they are storing it for the day quantum computers can decrypt it. For blockchain data, that day means permanent, irreversible theft.
What Is Harvest Now, Decrypt Later?
Harvest Now, Decrypt Later (HNDL)—also called “Store Now, Decrypt Later” or retrospective decryption—is an attack strategy where adversaries collect encrypted data today with the intention of decrypting it once sufficiently powerful quantum computers become available.
The strategy is straightforward:
- Harvest: Intercept and store encrypted data—network traffic, stored files, blockchain transactions
- Wait: Store the data securely until cryptographically relevant quantum computers (CRQCs) exist
- Decrypt: Use Shor’s algorithm to break the encryption and access the plaintext
For traditional encrypted communications, HNDL threatens confidentiality of past messages. For cryptocurrencies, the stakes are far higher: HNDL threatens permanent, irreversible theft of assets.
Why Cryptocurrency Is Uniquely Vulnerable
Blockchain technology creates a perfect storm for HNDL attacks:
| Factor | Traditional Data | Blockchain Data |
|---|---|---|
| Data Availability | Must intercept in transit | Permanently public on-chain |
| Storage Cost | Attacker pays storage | Network stores it forever for free |
| Consequence | Privacy breach | Direct financial theft |
| Reversibility | Damage may be contained | Transactions are final |
| Target Identification | Must identify targets | Balances visible on-chain |
The critical difference: Attackers don’t need to intercept anything. Every blockchain transaction with an exposed public key is already harvested and waiting—stored permanently in the public ledger by the network itself.
The Attack Timeline
Understanding the HNDL timeline reveals why action is needed now, not later:
Today (2024-2025)
Data Collection Phase
All blockchain transactions with exposed public keys are recorded permanently. High-value targets (exchanges, whales, institutional addresses) are catalogued. The harvest is already complete—it’s stored on every full node.
Near Future (2030-2035)
Q-Day Approaches
Cryptographically relevant quantum computers become available. Estimates vary, but most experts place this window within the next decade. The security of today’s signatures begins to erode.
Q-Day and Beyond
Mass Decryption
Attackers run Shor’s algorithm against harvested public keys. Private keys are derived in minutes to hours per key. Funds are drained from vulnerable addresses. No recourse exists—blockchain transactions are irreversible.
What’s At Risk
Not all cryptocurrency holdings are equally vulnerable to HNDL. The key factor is public key exposure:
| Exposure Type | Risk Level | Description |
|---|---|---|
| Reused Addresses | Critical | Public key revealed in first spend; funds sent to same address are permanently exposed |
| Active Accounts (ETH model) | Critical | Any outgoing transaction permanently exposes the account’s public key |
| Validator Keys | Critical | PoS validators have permanently exposed public keys for block signing |
| Fresh UTXO (never spent) | Protected | Public key hidden behind hash; safe until first spend |
| Quantum-Resistant Signatures | Protected | XMSS, Dilithium, SPHINCS+ resist Shor’s algorithm |
Current Exposure Across Tracked Cryptocurrencies
We track 49 cryptocurrencies. Currently, 36 are in the RED risk band (0-30), indicating critical quantum vulnerability with high key exposure. Only 1 are in the GREEN band (71-100), demonstrating quantum readiness. View the full rankings →
Protection Strategies
While perfect protection requires quantum-resistant cryptography, several strategies can reduce HNDL exposure today:
1. Never Reuse Addresses
On UTXO chains like Bitcoin, generate a fresh address for each transaction. Once you spend from an address, the public key is exposed forever. Move remaining funds to a new, unexposed address.
2. Migrate to PQC Chains
Consider moving high-value holdings to blockchains with quantum-resistant signatures. QRL uses XMSS, a hash-based signature scheme that resists Shor’s algorithm completely.
3. Monitor Project Roadmaps
Track which projects are actively developing PQC migration plans. Chains with native account abstraction or flexible signature verification can upgrade more easily than those with hardcoded ECDSA.
4. Time-Lock Large Holdings
Use time-lock contracts or multi-signature wallets that provide additional hurdles for attackers. While not quantum-proof, these add operational complexity to mass-theft scenarios.
The Window Is Closing
HNDL creates urgency because the data is already harvested. Unlike traditional security threats where you can “patch and move on,” blockchain transactions are permanent. Any address with an exposed public key before Q-Day remains vulnerable forever.
The time to protect your holdings is before Q-Day, not after. Once quantum computers can break ECDSA, every transaction ever made with exposed keys becomes a target. There is no “emergency patch” for a blockchain—the history is immutable.
Take Action: Review your holdings against our quantum resistance rankings. Understand which of your cryptocurrencies have high key exposure. Consider your migration strategy now, while you still have time.
Assess Your Exposure
See how 49 cryptocurrencies rank on quantum resistance. Understand which are prepared for Q-Day and which face critical exposure.
Last updated: December 4, 2025 | Methodology Version V5.1