Key Takeaways
- Moody’s has identified quantum computing as an emerging cybersecurity threat to financial institutions, cryptocurrency exchanges, digital asset custodians, and stablecoin operators as blockchain technology becomes more prevalent in finance.
- Advanced quantum computers of the future could potentially compromise encryption methods that currently protect private keys, digital wallets, and secure banking communications, creating pathways for unauthorized asset access.
- JPMorgan is developing quantum-resistant infrastructure while HSBC has already conducted trials of quantum-secure communication technology for internal operations.
- The European Union’s DORA framework, now active, requires financial entities to enhance technology risk management, while regulators in the United States and Asia are intensifying oversight.
- Research from Citi Institute referenced in the Moody’s report suggests a quantum-based attack on payment systems could result in $2–3 trillion in broader economic damage.
A newly released sector analysis from Moody’s Ratings highlights quantum computing as an emerging cybersecurity challenge for banking institutions, cryptocurrency platforms, and digital financial service providers.
The analysis indicates that cyber vulnerabilities associated with blockchain-based financial systems have evolved from a specialized concern into a significant consideration for major financial organizations.
Moody’s attributes this transition to the accelerating adoption of institutional digital finance solutions, encompassing tokenized securities, stablecoin infrastructure, and blockchain-enabled payment networks.
The primary risk isn’t that quantum computers represent an immediate threat today. Rather, the concern centers on what occurs when these systems achieve sufficient computational power to compromise current encryption standards.
Quantum computing systems could theoretically calculate private cryptographic keys using publicly available information. This capability would enable malicious actors to penetrate digital wallets, custodial platforms, and the digital authentication mechanisms that validate financial transactions.
This vulnerability presents particular challenges for public blockchain networks. In contrast to conventional banking systems where institutions can halt accounts or reverse fraudulent transactions, most public blockchains create immutable records once transactions receive confirmation.
Major Financial Institutions Taking Preventive Action
JPMorgan is cataloging its cryptographic infrastructure and developing what Moody’s describes as “crypto-agile” technology — frameworks designed to rapidly replace compromised encryption protocols.
HSBC has advanced even further, conducting experimental implementations of quantum key distribution, a security approach leveraging quantum mechanics to protect data communications. The institution has tested this technology across internal networks and simulated currency trading operations.
Moody’s observed that numerous leading financial institutions are participating in collaborative initiatives through the Bank for International Settlements and G7 countries to initiate early transition strategies.
The objective is to avoid waiting for “Q-Day,” the hypothetical point when quantum computers gain the capability to break commonly deployed encryption standards such as RSA and ECC.
There’s also mounting apprehension regarding what cybersecurity professionals term “harvest now, decrypt later” — a strategy where encrypted information is exfiltrated immediately and archived for future decryption once quantum technology matures.
Regulatory Oversight and Market Forces Intensifying
Regulatory bodies are increasing their scrutiny. The European Union’s Digital Operational Resilience Act became operational in 2025 and mandates that financial organizations exhibit enhanced technology risk oversight capabilities.
United States regulatory authorities have heightened their emphasis on cybersecurity governance and vendor risk management. The Monetary Authority of Singapore has recommended that institutions begin evaluating their cryptographic infrastructure dependencies.
Moody’s cautioned that organizations postponing investment in cryptographic readiness may encounter elevated expenses, intensified regulatory scrutiny, or erosion of stakeholder confidence.
The analysis also identified that custodial service providers, stablecoin operators, and asset tokenization platforms may face heightened vulnerability compared to other entities, given their extensive dependence on cryptographic key management.
From an investment standpoint, these findings could generate sustained interest in enterprises developing quantum and artificial intelligence infrastructure, including IBM, Nvidia, Microsoft, Alphabet, IonQ, and Rigetti Computing.
However, Moody’s primary emphasis concerns risk mitigation. While quantum computing may remain several years from compromising existing security protocols, the report stresses that the appropriate time to prepare is immediately.
