Citi Warns “Q-Day” Quantum Attack Could Cost U.S. Economy Trillions

February 16, 2026FinTech News
Citi Warns “Q-Day” Quantum Attack Could Cost U.S. Economy Trillions

Citi warns that a quantum computing attack on major U.S. banks’ encrypted systems could trigger economic losses of $2.0 trillion to $3.3 trillion, urging a shift to post-quantum security.

A new report from Citi Global Perspectives & Solutions has sounded the alarm about a growing cybersecurity threat for the financial system — the potential of a quantum computing-powered attack on major banks that could shatter the cryptographic foundations of modern finance and trigger trillions of dollars in economic damage. According to the analysis, a hypothetical “Q-Day” scenario — defined as the point when quantum computers become powerful enough to break widely used public-key encryption — could cost the U.S. economy between $2.0 trillion and $3.3 trillion in indirect economic impacts alone if a major bank’s access to critical payment systems like the Fedwire Funds Service were disrupted.

Citi underscores that quantum computing is no longer merely a distant research topic. Experts estimate that the likelihood of quantum machines capable of defeating current encryption standards may reach 19 %–34 % by 2034 and climb to 60 %–82 % by 2044. The bank warns that financial institutions, regulators and policymakers must urgently prepare for this paradigm-shifting threat by adopting post-quantum cryptography (PQC) and building quantum-resilient systems well before true Q-Day arrives.

Key Highlights

  • “Q-Day” threat: A future quantum computer could break current encryption, exposing financial systems.
  • Economic impact: A single quantum attack on a major bank’s payment access could trigger economic losses of $2.0 trillion–$3.3 trillion in indirect effects such as GDP contraction.
  • Cascading failure risk: Disruption of interbank payment systems like the Fedwire Funds Service could cause systemic contagion across financial markets.
  • Probability estimates: Experts see a 19 %–34 % chance of Q-Day by 2034, rising to 60 %–82 % by 2044.
  • Crypto sector exposure: Roughly 25 % of Bitcoin holdings could be “quantum-exposed” if keys become vulnerable.
  • Urgent action needed: Financial firms must adopt structured, post-quantum readiness programs to mitigate evolving quantum risks.

What “Q-Day” Really Means

Q-Day” refers to the hypothetical moment when quantum computers achieve sufficient scalability and fault tolerance to break commonly used encryption methods — especially RSA and Elliptic Curve Cryptography (ECC) — that underpin digital security for banking, payments, digital identities and interbank messaging.

While such machines do not yet exist, researchers warn that nations and threat actors could be engaging in a “harvest now, decrypt later” strategy — capturing encrypted data today to break it once quantum capabilities arrive. Given the long implementation timelines required to overhaul cryptographic systems across global financial infrastructures, Citi and other experts argue that institutions must act now rather than wait for quantum breakthroughs.

Why Financial Systems Are at Risk

Modern financial systems rely on public-key cryptography for:

  • Secure payment systems (e.g., Fedwire, SWIFT and RTGS networks).
  • Digital signatures and identity verification.
  • Encrypted interbank and consumer data.

If quantum computers can efficiently factor large numbers or solve discrete logarithms — two core hard mathematical problems that current cryptography depends on — adversaries could forge signatures, intercept transactions, and compromise critical infrastructure.

Citi’s analysis suggests that the broader macroprudential implications of such an attack include not only direct financial losses but a sharp contraction in economic activity — possibly a decline in U.S. real GDP of 10 %–17 % lasting several months.

Roadmap to Quantum Readiness

Citi advocates that firms institute structured quantum-risk mitigation strategies, including:

  1. Identifying cryptographic exposure across systems.
  2. Prioritising critical infrastructure and long-lived data for quantum-safe upgrades.
  3. Building crypto-agile systems that can transition between classical and post-quantum algorithms without significant disruption.
  4. Deploying quantum-ready cloud services and collaborating with technology partners.

The good news, Citi notes, is that post-quantum cryptography standards — such as those finalised by the National Institute of Standards and Technology (NIST) — are already available as a defensive solution.