Stablecoins, crypto and quantum risk: Preparing the banking sector for what’s next

By Joshua Hubbard and Uche Obiora

According to  IBM, quantum computing is advancing faster than many experts expected.  Quantum computers could one day solve problems that today’s classical computers cannot, such as complex quantitative financial modeling or advanced drug discovery. IBM’s development roadmap shows that quantum systems may soon work alongside traditional technology to power real-world applications.

ABA’s role in quantum readiness

ABA is supporting the banking industry’s preparation for quantum threats by:

• Raising awareness. ABA is helping banks, lawyers and regulators understand how quantum computing could disrupt encryption. Recent ABA Banking Journal articles and podcasts have dived deep into quantum.
• Supporting NIST’s standards. ABA supports the U.S. government’s moves to create and adopt post-quantum encryption standards, encouraging banks to start preparing now by testing and transitioning to these new algorithms.
• Collaborating. ABA partners with FS-ISAC and others and shares information about papers and best practices. Recent examples include the promotion of this FS-ISAC paper mentioned in the ABA Banking Journal titled “FS-ISAC urges financial sector to adopt timeline for implementing quantum computing defenses” and the ABA Partner Network’s webinar on “Quantum Safe Financial Services: Practical Steps for PQC Migration.”
• Highlighting research and development priorities. ABA co-leads the Financial Services Sector Coordinating Council’s R&D Committee and helped to develop a March 2025 paper on top R&D priorities such as quantum computing’s impact on encryption and privacy, AI’s role in cybersecurity and software supply chain security.

Most banks as of today do not deal directly with cryptocurrencies such as Bitcoin or Ethereum, particularly within a bank’s commercial services operations. However, digital assets are becoming harder to ignore, as they have already been integrated in virtually every asset class, including ETFs and 401k retirement plans.

One type of digital asset, stablecoins, is gaining particular importance, notably with the passage of the Genius Act in July. They are appearing more often in payments, money transfers and fintech applications. Because stablecoins link the crypto ecosystem with traditional banking, it is important for banks to understand the risks that quantum computing may introduce.

How crypto is secured and why it’s at risk

Cryptocurrencies Bitcoin and Ethereum rely on encryption to safeguard transactions and wallets. Encryption is also used by banks and other financial institutions to safeguard information. For cryptocurrencies, there are two core security components:

• Elliptic curve digital signature algorithm ensures that only a private key can authorize a transaction.

• Secure hashing algorithm, or SHA-256, is used for Bitcoin mining and securing transactions by turning data into hashes.

ECDSA is exceedingly difficult for current classical computers to break. A classical computer cannot reverse engineer a private key from its public key given that the estimated time needed for a classical computer to solve far exceeds the age of our universe (~13.8 billion years). Quantum computing changes this. A quantum computer running Shor’s Algorithm could solve the mathematical problem behind ECDSA much faster if given the public key. However, this is limited to certain circumstances, including reused wallet addresses where the public key could be visible to the blockchain or other distributed ledgers to an attacker before a cryptographic signature can verify the transaction with correct authenticity.

Shor’s algorithm, however, is not usable against attacks on SHA-256 as it does not reverse cryptographic hashes (output of encrypted plaintext) by not utilizing the same public-key infrastructure as ECDSA. This means there is urgency for banks regarding attacks against ECDSA and other private and public key-pairing algorithms.

The exact time needed for full deployment is still unknown. IBM indicates that unlocking the full power of quantum computing to scale of this magnitude is estimated to be at least 2033. Google, on the other hand, projects a real breakout to occur closer to 2030.

Why this matters to banks

Even without direct involvement in cryptocurrencies, banks are exposed indirectly to the risk that cryptocurrencies are vulnerable to quantum computing, and this could manifest via involvement in stablecoins. Stablecoins such as USDC (coin) and USDT (Tether) connect the traditional financial system with the crypto market. These coins are pegged to the U.S. dollar and backed by real assets such as cash and short-term government bonds. They are used in cross-border payments, fintech platforms and decentralized finance systems.

Deloitte warns that when quantum computers become powerful enough, they could break the encryption protecting blockchain networks. Because stablecoins operate on the same blockchains as cryptocurrencies such as Bitcoin and Ethereum, a breach could significantly erode trust in stablecoins.

A loss of confidence might lead investors to question whether stablecoins are backed by adequate safe assets. Issuers might respond by holding more Treasurys or increasing transparency. Such changes could influence liquidity, interest rates and the U.S. Treasury market. These are issues that matter to banks and regulators.

Customers may also look to banks for guidance on protecting digital assets and managing crypto-related risks. Institutions unprepared for these conversations could fall behind.

How a quantum attack could work  

To break this down in simple terms, here’s how a quantum attack on a cryptocurrency could unfold:

1. A user sends a crypto transaction to the blockchain reusing a wallet address, meaning the public key is already revealed before the transaction can be authentically signed.
2. A quantum computer captures the public key before the transaction is completed.
3. The attacker runs Shor’s Algorithm to calculate the private key.
4. The private key is derived.
5. The fake transaction is submitted and processed before the original via forged digital signature.
6. The funds are redirected to the attacker’s wallet from the blockchain’s failure of authenticating the digital identity of the true wallet holder.

 What banks can do now

As stablecoin pilots and projects proliferate, here are several steps banks can consider to be ready for the potential breakout in quantum computing capability:

• Conduct quantum-specific risk assessments. Go beyond today’s cyber reviews by modeling when quantum computers could break current encryption and pinpointing where stablecoin reserves and payment systems would be exposed.
• Prioritize migration to PQC. Begin moving stablecoin and digital asset systems from ECDSA/ECC to NIST-selected algorithms (for example, ML-KEM, Dilithium).
• Engage with vendors. Require fintech and cloud providers to share detailed roadmaps for PQC migration, including testing, pilot projects and fallback mechanisms.
• Strengthen internal controls. Use multi-signature wallets, withdrawal limits and employee training to reduce theft risks. Do not place all crypto assets into a single wallet.
• Educate and support Provide clear explanations of how quantum risks affect stablecoins and what steps the bank is taking to protect digital assets. Transparency builds trust.

Quantum computing is moving from theory to reality. Once powerful enough, it could break the encryption that secures cryptocurrencies and the blockchain and other distributed ledgers on which stablecoins operate. A breach in that infrastructure would not only undermine trust in digital assets but could also affect liquidity, bank reserve ratios, interest rates and broader market stability. The potential damage from these operational risks is enough to undermine the broader financial services industry, including banks.

For banks, this is not about whether they hold crypto. It is about preparing for a change that could impact customers, partners and core financial systems. Some may argue that banks will just choose to not deal transactionally in crypto at all. But with an evolving customer base with expressed interest in digital currencies, it may close doors to serving clients, businesses and everyday consumers. The best time to act is now. Learn the risks, strengthen security measures, work with trusted partners and support post-quantum standards. Banks that prepare early will be better positioned to protect trust and stability in the years ahead.

Joshua Hubbard is cybersecurity program manager at ABA. Uche Obiora is cybersecurity intern at ABA.