Post-quantum harvest-now-decrypt-later (HNDL) extortion lure — "We have stored your encrypted traffic; pay BTC/Monero ransom within 72h or once Y2Q quantum hardware matures we sell your retroactively-decrypted data." NIST FIPS 203/204/205 (Aug 2024) + Apple PQ3 + Google Workspace PQ-Sigs beta drove the HNDL narrative; attackers ride that pretext to monetise via crypto-ransom. Distinct from `pqc-certificate-migration-phishing` (CA-cert-migration narrative) — this is the ransom variant. FP-controlled by requiring a BTC bech32 / legacy / XMR address to co-occur with the HNDL phrase set + PQC framing + extortion-urgency, so legit security newsletters discussing HNDL (no payment address) do not fire. Canonical PQC-publisher allowlist (NIST, IETF, Cloudflare, Google, Microsoft, Apple, Mozilla, Let's Encrypt) + .gov bypasses the signal. Source: Red-Team R9 multi-agent council S1 (post-quantum specialist), Lead consensus C1 + dissent S1-D.

Post-quantum harvest-now-decrypt-later (HNDL) extortion lure targeting any user worried about historical traffic exposure. The phish narrative arrives as: "We have been storing your encrypted traffic for the past 18 months. The harvest now decrypt later HNDL approach means once Y2Q quantum decryption arrives in 2030, every email and password you sent will be readable. Pay 0.5 BTC to bc1q… within 72 hours or we begin selling your stored encrypted traffic to nation-state buyers," or "We have stored your encrypted communications and are waiting for ML-KEM and ML-DSA quantum hardware to mature. Pay 5 XMR to 4Adu… within 7 days to remove your traffic from our quantum decryption queue." NIST FIPS 203 (ML-KEM/Kyber), FIPS 204 (ML-DSA/Dilithium), FIPS 205 (SLH-DSA/SPHINCS+) ratified Aug 2024 plus Apple iMessage PQ3 (2024) plus Chrome/Edge X25519MLKEM768 default plus Google Workspace "Quantum-Safe Digital Signatures for Gmail" beta (2025) drove the HNDL narrative through the mainstream tech press, lending the extortion lure immediate credibility — even technical users may believe a state-level adversary has already begun harvest-now-decrypt-later collection. Distinct from `pqc-certificate-migration-phishing` (CA-cert-migration narrative — fake renewals from spoofed Let's Encrypt / DigiCert / Sectigo / Entrust) — this is the ransom variant. False-positive control (Lead R9 dissent S1-D): the signal requires a Bitcoin bech32 (bc1…) / Bitcoin legacy (1… / 3…) / Monero (4…, 95-char) address to co-occur with the HNDL phrase set, the post-quantum framing token, and an extortion-urgency token, so legit security newsletters discussing HNDL (no payment address) do not fire. Canonical PQC-publisher allowlist (NIST, IETF, Cloudflare, Google, Microsoft, Apple, Mozilla, Let's Encrypt) plus the broader .gov umbrella bypasses the signal. Fires when body contains harvest-now-decrypt-later / store-now-decrypt-later / HNDL / stored encrypted traffic / state actor … decrypt / quantum decryption / retroactive(ly) decrypt / Y2Q AND post-quantum / quantum / ML-KEM / ML-DSA / Kyber / Dilithium / FIPS 203-205 framing AND a BTC bech32 / BTC legacy / XMR address AND pay (BTC/Bitcoin/XMR/Monero) / ransom / deadline / within N hours-days / or we (release/leak/sell/publish) urgency. Auto-classified as danger via the `-lure` suffix. Source: Red-Team R9 multi-agent council S1 (post-quantum specialist), Lead consensus C1 + dissent S1-D.