How Xapo Bank is preparing for quantum computing risks

Security

August 28, 2025

Written by Xapo Bank Security

Quantum computers are coming. Here's how Xapo Bank is securing your Bitcoin and personal data for a post-quantum future.

Quantum blog featured image

Share this article

The arrival of powerful quantum computers has gone from speculative to increasingly plausible, prompting serious concern across financial services and the wider cryptographic world. 

While many predictions remain speculative at this stage, the potential implications are significant. Customers are rightly asking: How is Xapo Bank preparing for this?

Let’s unpack how we’re securing your Bitcoin and data against potential future threats, and why this matters even today.

Why quantum computing matters to Bitcoin and banking

Quantum computers may one day be able to break widely used cryptographic algorithms: particularly those based on elliptic curves, like the ones securing Bitcoin and many internet communications.

In practice, that could mean:

  • Encrypted data intercepted today could be stored and decrypted years later – a threat known as Harvest Now, Decrypt Later.

  • Bitcoin public keys exposed on the blockchain could potentially be used to steal coins once quantum capabilities are strong enough.

  • Financial institutions may face systemic vulnerabilities in transaction signing, identity verification, and data protection.

Governments, including the US and UK, now expect these threats to become tangible within a decade – prompting global regulatory guidance and post-quantum cryptography (PQC) transition planning.

What Xapo Bank is doing today

At Xapo Bank, we take these risks seriously – well before they become urgent.

1. Bitcoin security: quantum-resilient custody

We protect your Bitcoin using a Multi-Party Computation (MPC) framework – specifically, MPC-CMP – which replaces the concept of a single private key with secure key shares distributed across independent nodes. This design:

  • Never creates a full private key in one place at any point in time.

  • Eliminates single points of failure – physical, insider, or cryptographic.

  • Reduces on-chain exposure of key material, aligning with Bitcoin best practices on  minimising address reuse.

  • Offers built-in protection against common attack vectors that could be amplified by quantum threats.

This architecture, already used by leading financial institutions, is widely seen as inherently more resistant to quantum attacks than traditional hot or cold wallet models – particularly multi-signature wallets, where public keys are often exposed prematurely on-chain.

We also closely monitor and support community-level upgrades to the Bitcoin protocol, such as proposals for quantum-safe signature schemes (e.g. Lamport-based BIP-340 variants or hybrid approaches), and will adopt proven implementations as they mature.

2. Data security: strong encryption, actively updated

Our infrastructure uses industry-standard encryption, notably AES (Advanced Encryption Standard), which is currently considered secure against both classical and near-term quantum attacks.

We actively track developments from the NIST Post-Quantum Cryptography Standardization Project, and are preparing to adopt leading candidates such as:

  • ML-KEM (based on Kyber) for key encapsulation.

  • ML-DSA (based on Dilithium) for digital signatures.

These algorithms are designed to withstand known quantum attacks and are being integrated into migration-ready systems across our technology stack.

3. Layered defence: reduce all attack surface

Quantum resilience doesn’t just come from stronger algorithms. It’s also about hardening the rest of the infrastructure. That includes:

  • Strong access controls, privilege separation, and zero-trust architecture.

  • Regular patching and upgrade cycles to avoid legacy cryptographic dependencies.

  • Ongoing training and internal security awareness.

  • Fully segregated environments with strict runtime policies.

  • Red team and threat modelling exercises considering known post-quantum vectors.

  • Continuous staff education on evolving threat landscapes.

Even in a world with Cryptographically Relevant Quantum Computers (CRQCs), attackers would still face a deeply segregated, monitored, and hardened environment before they could even attempt a cryptographic breach.

Why we’re acting now – even before quantum computers arrive

A fair question from some customers has been: “Quantum computers aren’t here yet – why worry now?”

Because the risks start today. If someone captures your encrypted traffic or records blockchain data now, they could decrypt or exploit it years later when quantum capabilities mature. That’s why the “Harvest Now, Decrypt Later” model is so potent – and why our defence must be proactive, not reactive.

Industry standards and regulatory alignment

We’re not alone in this. In January 2025, the Bank of Israel issued a directive calling on financial institutions to:

  • Map and classify all encrypted data assets.

  • Monitor cryptographic dependencies across vendors and partners.

  • Prepare for post-quantum migration and implement lifecycle plans.

This follows global momentum, including guidance from NIST, the UK NCSC, and others. At Xapo Bank, we are:

  • Conducting a full cryptographic asset inventory.

  • Designing hybrid cryptographic approaches for key systems.

  • Testing post-quantum algorithms in sandboxed environments.

  • Working with vendors to assess and upgrade their quantum readiness.

  • Developing policy-based controls to enable smooth PQC migration.

Looking ahead: from readiness to resilience

While timelines vary, many experts expect Cryptographically Relevant Quantum Computers (CRQCs) by 2030–2035. Some projections suggest it could come sooner.

We’re planning accordingly:

  • Short-term: Adopt hybrid encryption methods when possible and maintain address hygiene and MPC-based custody.

  • Mid-term: Transition key systems to NIST-approved PQC algorithms, as well as retire or phase out non-quantum-resilient protocols.

  • Long-term: Actively support ecosystem-wide Bitcoin migration paths, including future protocol upgrades if consensus emerges and when necessary, re-architect affected systems and governance models to ensure long-term safety.

Final thoughts

Quantum computing is an emerging threat, but not a guaranteed crisis. It’s one of many risks we prepare for to protect your Bitcoin and your data.

At Xapo Bank, we combine MPC-based custody, layered defences, and early adoption of post-quantum standards to give our members confidence not just today, but for the decades to come.

We don’t wait for threats to become urgent. We act now, because your trust depends on it.

Have more questions? We're always here to answer them.

Disclaimer

This article is for general information purposes only and is not intended to constitute legal or other professional advice or a recommendation of any kind whatsoever and should not be relied upon or treated as a substitute for specific advice relevant to particular circumstances. We make no warranties, representations or undertakings about any of the content of this article (including, without limitation, as to the quality, accuracy, completeness or fitness for any particular purpose of such content), or any content of any other material referred to or accessed by hyperlinks through this article. We make no representations, warranties or guarantees, whether express or implied, that the content on our site is accurate, complete or up-to-date.

Share this article

tanding woman engaging with the Xapo Bank app on her mobile phone, overlaid with an orange hue.
Apply now
Join
Xapo Bank
Become a member
Ready to upgrade your finances?

The Xapo
Insider

Catch up on the latest crypto news, and get the inside scoop on our products and services.

Explore The Xapo Insider
Institutional adoption of Bitcoin: Market impact and future outlook
Bitcoin
Article - Aug 25, 2025

Institutional adoption of Bitcoin: Market impact and future outlook

Read Article
When in doubt, zoom out: why Bitcoin’s dips are part of the bigger picture
Cryptocurrency
Article - Aug 21, 2025

When in doubt, zoom out: why Bitcoin’s dips are part of the bigger picture

Read Article
A better way to deposit stablecoins: faster, smarter, and now on more networks
Stablecoins
Article - Aug 20, 2025

A better way to deposit stablecoins: faster, smarter, and now on more networks

Read Article
Common challenges for new Bitcoin users
Cryptocurrency
Article - Jul 31, 2025

Common challenges for new Bitcoin users

Read Article
How to avoid scams: practical steps to secure your Xapo Bank account
Security
Article - Jul 21, 2025

How to avoid scams: practical steps to secure your Xapo Bank account

Read Article
How to {{Send Money}} with UMA (Universal Money Address)?
Cryptocurrency
Resource - May 16, 2024

How to Send Money with UMA (Universal Money Address)?

Discover Resource