As global big banks expand bitcoin custody as a strategic business, a warning has emerged that today’s crypto custody infrastructure could be exposed to structural risks in a future quantum-computing era.

On June 14 local time, blockchain outlet CryptoSlate reported that Swiss digital asset technology company Taurus said in a recent report that all major custody providers face significant risk during a future transition to quantum resistance.

Custody has been growing rapidly as institutional demand for cryptocurrencies increases. BNY, one of the biggest custodian banks in the United States, announced in May in Abu Dhabi plans to expand custody services for bitcoin and ether. UK-based bank Standard Chartered also decided to fully acquire digital asset custodian Zodia Custody, with the transaction set to be completed in August. As global finance builds crypto custody into a core business, concerns about long-term security frameworks are also growing.

At the heart of custody is keeping private keys safe and performing transaction signing. With digital assets such as bitcoin, losing a private key means the asset itself cannot be recovered, making key management a core competitive factor.

In the market, MPC (Multi-Party Computation) and HSM (Hardware Security Module) are widely used custody technologies. MPC splits a private key into multiple pieces stored across different systems and jointly performs signing. HSM, by contrast, generates, stores and uses keys inside dedicated tamper-resistant hardware.

Taurus said the two technologies are likely to face different challenges during a transition to quantum resistance. The starting point is the cryptographic systems used by bitcoin and ethereum. Both networks use electronic signatures based on elliptic curve cryptography (ECC). If sufficiently advanced quantum computers emerge and run Shor's Algorithm, it has been raised that private keys could be derived from public keys and forged transactions created.

Taurus assessed, however, that the likelihood of a quantum computer capable of threatening cryptographic systems emerging before 2040 is very low. It said the task is less an immediate threat than preparation for a transition over the coming decades.

Standardisation has already begun. The U.S. National Institute of Standards and Technology (NIST) last year released its first post-quantum cryptography standards. In later guidelines, it proposed phasing out current electronic signature systems after 2030 and not using them after 2035. As a result, discussions are intensifying on Wall Street and in the crypto industry over how bitcoin and ethereum will transition to quantum-resistant systems.

But even if custody providers adopt quantum-resistant signatures on their own, transactions will be impossible if blockchain networks do not accept them. Taurus said, "Even if custody providers apply quantum-resistant signatures today, the current bitcoin and ethereum networks will not recognise those transactions as valid." It said protocol upgrades, wallet software updates, agreement among node operators and users moving their assets would need to happen at the same time.

The report said in particular that MPC structures face bigger challenges in the quantum transition. MPC has the advantage that even if a single system is hacked, the full key is not exposed. But because the final signature is still based on the existing cryptographic system used by current blockchains, the mathematical target of a quantum-computer attack remains unchanged. It added that participant authentication and communications security used in MPC environments are also built on the same cryptographic assumptions and may require additional transition work.

Some HSM devices, by contrast, are known to already be able to support quantum-resistant algorithms internally. Taurus cited commercial HSM devices from French security company Thales as an example and said applying new algorithms is relatively more about installation and configuration.

MPC, however, requires redesigning new protocols each time a new signing method appears so that multiple systems can jointly compute without sharing keys. Related technologies remain at the research stage, and real-world operational validation has not been sufficiently carried out.

Even so, the report’s claims are not being accepted as an industry-wide consensus. Taurus develops HSM-based custody solutions, and the report was written internally without external independent verification. There is also a counterargument that the MPC camp can respond sufficiently depending on which quantum-resistant signature methods bitcoin and ethereum adopt.

Still, the industry sees an important question being raised. Banks, ETF custodians and exchanges are storing customer assets worth billions of dollars under specific custody structures. But it has not yet been decided which quantum-resistant standard will be the final winner.

If an actual transition begins, institutions may have to redesign operations across the board, including creating new wallets and migrating addresses, customer approval procedures, system upgrades and managing service interruptions.

The industry sees a key competitive factor ahead as whether the bitcoin custody infrastructure being built now goes beyond simply keeping assets safe and is structured to enable a smooth transition to future quantum-resistant systems.