What Is HNDL? The Quantum Threat to Blockchain Explained

What Is Harvest Now, Decrypt Later (HNDL)?

Harvest Now, Decrypt Later (HNDL) is a cyberattack strategy in which adversaries collect encrypted data today with the intention of decrypting it in the future using quantum computers. Unlike conventional attacks that exploit current vulnerabilities, HNDL targets the future obsolescence of today's encryption algorithms.

The term was first widely used by the National Institute of Standards and Technology (NIST) and the Global Risk Institute in the context of post-quantum cryptography migration planning. It is now recognized as one of the most pressing near-term quantum threats by the U.S. National Security Agency (NSA), the European Union Agency for Cybersecurity (ENISA), and the World Economic Forum.

The Four Stages of an HNDL Attack

An HNDL attack follows a predictable four-stage lifecycle. Understanding these stages is critical for assessing your organization's quantum risk exposure.

1. Harvest (Now): Adversaries passively collect encrypted network traffic, blockchain transactions, and cryptographic signatures. On public blockchains like Ethereum, every transaction that reveals a public key becomes a permanent, immutable harvest target — the data cannot be deleted or hidden after the fact.
2. Store: Harvested data is stored indefinitely, often in state-sponsored data warehouses. Storage costs continue to decline, making long-term retention economically trivial. A single 1 TB drive can store millions of blockchain transactions.
3. Wait for Quantum: Adversaries wait for the arrival of cryptographically-relevant quantum computers (CRQCs). Current projections from NIST and the Global Risk Institute place this timeline at 2030–2035, though some estimates are as early as 2028.
4. Decrypt (Later): Once a CRQC is available, adversaries use Shor's algorithm to derive private keys from harvested public keys. For blockchain, this means the ability to forge signatures, steal funds, and impersonate wallet owners.

Why Blockchain Is Uniquely Vulnerable to HNDL

Blockchain networks face a qualitatively different HNDL risk compared to traditional IT systems. Here's why:

• Public Key Exposure Is Permanent: Once an Ethereum wallet sends a transaction, its ECDSA public key is permanently recorded on-chain. Unlike TLS sessions that are ephemeral, blockchain transactions are immutable. An estimated 60–70% of active Ethereum wallets have at least one transaction that exposes their public key.
• Immutable Ledger = Permanent Harvest: Blockchain data cannot be rotated, encrypted, or deleted. The harvest is already complete for any wallet that has ever transacted.
• High-Value Targets: Unlike encrypted emails that may lose relevance over time, cryptocurrency holdings retain and often increase in value. A wallet holding ETH today may hold significantly more value by 2030.
• No Central Authority for Key Rotation: Traditional systems can mandate certificate rotation. Blockchain wallets are self-custodied — there is no central authority that can force a migration to quantum-safe keys.

The HNDL Timeline: How Much Time Do We Have?

The critical question is not if quantum computers will break ECDSA, but when. Multiple authoritative sources have published timeline estimates:

The key insight is that the migration timeline matters more than the threat timeline. If migrating to post-quantum cryptography takes 5–10 years (a realistic estimate for large blockchain ecosystems), and CRQCs arrive by 2033, then the window to begin migration is already closing.

How Does HNDL Affect Different Blockchain Participants?

Individual Wallet Holders

Any wallet that has sent a transaction has an exposed public key. The risk is proportional to the value held and the reuse frequency of the address. High-value wallets and institutional custodians face the greatest immediate risk.

DApp Developers

Smart contracts that verify ECDSA signatures on-chain are vulnerable. When quantum computers arrive, an attacker could forge valid signatures for any contract that relies on ecrecover. DApp developers should begin planning for hybrid signature verification that accepts both ECDSA and PQC signatures.

DAO Treasuries

Multisig wallets controlling large treasuries are high-value HNDL targets. The governance keys controlling millions of dollars in DAO assets are permanent targets once their public keys are exposed.

Exchanges and Custodians

Centralized exchanges hold custody of billions of dollars in hot and cold wallets. A quantum attack on exchange hot wallet keys would be catastrophic. Exchanges should be evaluating PQC key management solutions as part of their security roadmap.

What Can You Do Today? Practical Steps to Counter HNDL

1. Assess Your Exposure: Use a quantum vulnerability scanner (like QuantumSafe's free scanner) to identify which of your wallets have exposed public keys and assess your risk score.
2. Understand the NIST Standards: NIST has finalized three post-quantum cryptographic standards: FIPS 203 (ML-KEM), FIPS 204 (ML-DSA), and FIPS 205 (SLH-DSA). ML-DSA is the recommended default for blockchain digital signatures.
3. Begin PQC Key Generation: Generate post-quantum key pairs using ML-DSA-65 or SLH-DSA alongside your existing ECDSA keys. A hybrid approach allows you to maintain backward compatibility while building quantum resilience.
4. Plan Your Migration Path: Develop a timeline for transitioning from ECDSA-only signing to hybrid (ECDSA + PQC) and eventually PQC-only signing. The earlier you start, the less disruptive the transition will be.
5. Monitor the Quantum Landscape: Track quantum computing milestones from IBM, Google, and other quantum hardware providers. Adjust your migration timeline based on hardware progress.

Conclusion

HNDL is not a theoretical future threat — it is a present-day data collection campaign that will become exploitable when quantum computers mature. For blockchain participants, the immutable nature of on-chain data makes HNDL uniquely dangerous: you cannot retroactively protect data that has already been recorded on a public ledger.

The time to act is now. Assess your quantum vulnerability, understand the NIST standards, and begin the migration to post-quantum cryptography before the window closes.

QuantumSafe provides free quantum vulnerability scanning and NIST-standardized PQC key generation for blockchain developers. Scan your wallet now or get started free.