a16z Crypto: Quantum threats are overrated; real risks like code vulnerabilities deserve more attention

DeepTech TechFlow News, January 25th, a16z Crypto posted on X platform stating that the timeline for the emergence of quantum computers capable of cracking cryptocurrencies (CRQC) has been generally exaggerated, and the likelihood of their appearance before 2030 is extremely low. There are also significant differences in quantum risks faced by different cryptographic primitives.\n\na16z believes that, due to potential “harvest-now, decrypt-later” (HNDL) attacks, post-quantum cryptography needs to be deployed as early as possible; however, post-quantum signatures and zkSNARKs are less susceptible to HNDL, and migrating too early could introduce new risks such as performance degradation, immature implementation, and code vulnerabilities. A cautious and gradual approach should be adopted.\n\nAt the blockchain layer, most non-private public chains (such as Bitcoin and Ethereum) mainly rely on digital signatures for transaction authorization, which do not pose HNDL risks. Their quantum migration pressure is more related to governance efficiency, social coordination, and technical implementation rather than technical vulnerabilities. Bitcoin also faces issues such as slow governance and a large number of tokens that may be abandoned but are vulnerable to quantum attacks. In contrast, privacy chains, which hide transaction details, indeed face HNDL risks due to their confidentiality, and should transition earlier.\n\na16z emphasizes that in the foreseeable future, compared to quantum computing, real security issues such as code vulnerabilities, side-channel attacks, and fault injection attacks are more urgent. Developers should prioritize code audits, fuzz testing, and formal verification.