Growing Concern Over Quantum Computing Threats to Cryptography and Post-Quantum Migration
Concerns about quantum computing undermining today’s cryptography are influencing both market behavior and policy planning. A Jefferies strategist reportedly removed a 10% Bitcoin allocation from a model portfolio, citing the risk that future quantum advances could eventually compromise cryptographic protections underpinning cryptocurrencies (e.g., long-term concerns around breaking schemes associated with Bitcoin’s security model, which relies on SHA-256 hashing and public-key cryptography for ownership control). The decision reflects broader investor anxiety that a surprise cryptographic break could rapidly erode confidence and value across crypto markets.
In parallel, the G7 Cyber Expert Group published a roadmap calling for the financial sector to complete post-quantum cryptography (PQC) implementation by 2034, emphasizing early-stage quantum risk awareness, sensitive data and critical system mapping, and building detailed inventories that include third-party dependencies. The roadmap recommends beginning migration activities in the 2026–2029 window, progressing to quantum-resistant solutions through 2034, and prioritizing cryptographic agility so organizations can adapt as standards and threats evolve. Separate reporting on a 58% increase in ransomware victims in 2025 describes a fragmented ransomware ecosystem and sector targeting trends, but it is not directly tied to quantum-driven cryptographic risk or PQC migration planning.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
11 events from the most recent confirmed update back to the earliest known activity.
G7 target date for financial-sector PQC implementation arrives
The G7 Cyber Expert Group roadmap sets 2034 as the deadline for the financial sector to complete implementation of post-quantum cryptography. This is the roadmap's principal end-state milestone for quantum-safe adoption.
Validation and monitoring phase begins for quantum-safe deployments
From 2033 to 2035, the G7 roadmap calls for validation and ongoing monitoring of migrated financial systems. This final phase is intended to confirm resilience and maintain security as threats and vulnerabilities evolve.
Testing phase for migrated financial systems begins
The roadmap schedules testing of migrated systems from 2032 to 2035 to verify that quantum-safe implementations function correctly. This phase follows the main migration effort and supports operational readiness.
Progressive migration to quantum-resistant solutions starts
The G7 roadmap calls for progressive migration to quantum-resistant solutions from 2027 through 2034. This phase covers the broader rollout of post-quantum cryptography across financial-sector systems.
Jefferies removes Bitcoin from recommendations over quantum concerns
Christopher Wood said he is removing a 10% Bitcoin allocation from his recommended portfolio, citing long-term risk that advances in quantum computing could eventually undermine Bitcoin's cryptographic security. He proposed reallocating the position into physical gold and gold mining stocks instead.
G7 CEG releases PQC migration roadmap for financial sector
The G7 Cyber Expert Group released a roadmap directing the financial sector to complete post-quantum cryptography implementation by 2034. The plan recommends phased migration, cryptographic agility, testing, and validation to prepare for quantum-era threats.
Financial sector migration phase to quantum-safe systems begins
Under the G7 roadmap, financial entities are urged to begin migration planning and implementation for all systems between 2026 and 2029. This marks the start of the sector's active transition toward quantum-resistant cryptography.
G7 roadmap begins quantum-risk awareness and system mapping phase
The G7 Cyber Expert Group roadmap says financial institutions should start increasing awareness of quantum threats and mapping critical systems and sensitive data during 2025 to 2027. It also calls for building inventories of systems, third-party dependencies, and security issues beginning in 2025.
Traficom urges preparation for quantum-safe cryptography transition
Finland’s Transport and Communications Agency Traficom recommended that organizations begin preparing to adopt quantum-safe encryption algorithms and published guidance outlining key steps for the transition. The agency warned that required system upgrades could take years, increasing exposure to future quantum-computing risks.
Jefferies increases Bitcoin allocation to 10%
In 2021, Christopher Wood increased Bitcoin's weighting in his model portfolio to 10%, citing inflation concerns linked to COVID-19-era stimulus. The move made Bitcoin a significant recommended allocation before its later removal.
Jefferies adds Bitcoin to model portfolio
Jefferies Global Head of Equity Strategy Christopher Wood originally added Bitcoin to his recommended portfolio in December 2020. This established the position he later cited when reversing course over quantum-computing risk concerns.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
3 references tracked. Mallory keeps watching after this page renders.
Fear that quantum computing is on the cusp of cracking cryptocurrency's encryption spurs a global investment firm to remove Bitcoin from recommendations | Tom's Hardware
tomshardware.com
Open sourceG7: Quantum-safe system adoption in financial sector due by 2034 | SC Media
scworld.com
Open sourceTraficom kehottaa valmistautumaan kvanttiturvallisiin salausalgoritmeihin siirtymiseen | Traficom
kyberturvallisuuskeskus.fi
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Post-Quantum Cryptography Migration and Its Impact on Security Infrastructure
Security experts are intensifying efforts to develop and implement post-quantum cryptography (PQC) in anticipation of the eventual arrival of quantum computers capable of breaking current encryption algorithms, a milestone referred to as "Q-Day." The transition to PQC is recognized as a complex, multi-year process that requires not only new cryptographic algorithms but also significant changes to cybersecurity infrastructure, including the adoption of hybrid solutions and the integration of PQC into zero-trust architectures. High-security sectors are particularly urged to begin migration early to mitigate the risk of "harvest now, decrypt later" attacks, where adversaries collect encrypted data now to decrypt once quantum capabilities are available. Industry analysts highlight that the migration to post-quantum encryption presents unique challenges compared to previous cryptographic upgrades, as it involves extensive updates to hardware, software, and system architectures. While some areas, such as blockchain, are not immediately threatened by quantum computing, the scale and complexity of the migration require coordinated efforts across security, product management, and IT operations. Experts emphasize the need for proactive planning and the adoption of best practices to ensure a smooth transition before quantum computers become a practical threat to digital security.
May 5, 2026
Quantum Computing Threats Prompt Urgent Shift to Post-Quantum Cryptography
Cybersecurity leaders are raising alarms about the accelerating timeline for quantum computing to break current public encryption methods, a milestone known as Q-Day. Experts warn that Q-Day could arrive as soon as 2030, threatening to undermine the core trust mechanisms of the internet, including HTTPS, digital certificates, and public-key infrastructure. In response, governments and industries are developing plans to transition to post-quantum cryptography (PQC), but concerns remain that critical sectors such as banking, healthcare, and government may not be fully prepared in time. One of the earliest operational changes in anticipation of quantum threats is the reduction of SSL/TLS certificate lifespans to 47 days. This move, aligned with evolving browser requirements and NIST guidance, is designed to improve crypto agility and security hygiene, helping organizations adapt to a future where static cryptography is no longer viable. Security executives emphasize the need for urgent action, drawing parallels to the unpreparedness seen during the rapid adoption of AI, and stress that building operational readiness for PQC is now a strategic imperative for digital trust and business continuity.
Apr 17, 2026
Post-Quantum Cryptography Transition Planning to Mitigate “Harvest Now, Decrypt Later” Risk
Organizations are accelerating **post-quantum cryptography (PQC)** planning amid concerns that adversaries are already conducting “**harvest now, decrypt later**” operations—collecting encrypted traffic today for future decryption once sufficiently capable quantum computers emerge. A supply-chain-focused analysis highlighted that procurement and third-party ecosystems often rely on long-lived trust anchored in **RSA** and **ECC**, and that sensitive data exchanged across supplier onboarding, invoicing, contracts, pricing, and banking workflows could be exposed retroactively if captured now and decrypted later. A U.S. State Department cybersecurity official urged tighter **public-private coordination** on PQC migration, framing quantum resilience as an ecosystem-wide modernization effort rather than isolated upgrades by individual organizations. The official emphasized that adversaries (including **China**) can target entire digital ecosystems, and argued that transition plans must account for long-term national security risks such as data harvesting, with modernization efforts designed to reduce predictability and strengthen collective defenses across interconnected systems, devices, and data flows.
May 27, 2026