If bitcoin and Ethereum had been invented on the same day, no one would have heard of bitcoin. I sold all the bitcoins Bit Digital had and deployed the profits into Ethereum. I have built one of the largest Ethereum corporate treasury positions in the world and said, on record, that we will never sell it. People have asked me to articulate the strongest argument for that conviction. On March 30, 2026, that argument arrived. Last month, Citi confirmed this.
In a research note published on May 18, Citi analysts warned that advances in quantum computing have shortened the timeline for practical attacks on digital assets, and reached a conclusion that should give all institutional bitcoin holders pause: bitcoin faces significantly greater quantum risk than Ethereum, and the gap between them comes down not only to technology but also to governance.
That finding echoes the landmark paper published in late March by Google Quantum AI in collaboration with Stanford University and the Ethereum Foundation, which found that the computing resources needed to break bitcoin’s fundamental cryptography are about 20 times smaller than previously estimated. A sufficiently advanced quantum computer, running on fewer than 500,000 physical qubits, could derive a bitcoin private key from its public key in about nine minutes. That machine does not exist today. But the window to act responsibly is narrowing faster than most institutions realize. When Google raises the alarm and Citi confirms it in the same quarter, this is no longer a marginal concern. This is the miraculous solution. And it points directly to bitcoin.
Why bitcoin is exposed
Bitcoin security is based on elliptic curve digital signature algorithms. When you spend bitcoins, your public key is briefly exposed on-chain. In classical computing, reversing that to obtain a private key is not feasible. Quantum computers running Shor’s algorithm can, in principle, do exactly that during the brief period in which a transaction is transmitted. The Google article does not simply confirm this theoretically; It quantifies it with a precision that eliminates a convenient ambiguity.
Nic Carter, co-founder of Coin Metrics and one of the sharpest minds in digital assets, has been sounding this alarm for months. In a series of essays beginning in October 2025, Carter called quantum computing “the biggest long-term risk to bitcoin’s core cryptography” and accused developers of “sleepwalking toward collapse.” He estimates that a quantum computer could significantly break elliptic curve cryptography as early as 2028. About 6.9 million BTC could be vulnerable at sufficient quantum scaling, including legacy wallets and Taproot outlets, which already accounted for more than 21% of all bitcoin transactions in 2025.
The Bitcoin governance problem
One might ask: can’t Bitcoin just upgrade itself? Yes, in theory. In practice, this is where the risk is compounded.
Bitcoin governance is intentionally conservative and consensus-driven, making it extraordinarily slow. SegWit took approximately 8.5 years from conception to widespread adoption. Taproot took about 7.5 years. The current quantum proposals, BIP-360 and BIP-361, are still in the draft or early testing stage as of 2026. A complete base layer transition to post-quantum signatures would be the most controversial change Bitcoin has ever attempted. As Carter documented, most Bitcoin Core developers have expressed limited concern about urgency, a provision that is, at the very least, a serious governance responsibility for any institution holding Bitcoin in its treasury. A quantum breakthrough does not politely wait for committee consensus.
Ethereum has already acted
This is where the picture diverges markedly. Ethereum’s approach to quantum resistance is not a reactive fight. This is a structured roadmap already underway, based on NIST post-quantum cryptography standards finalized in August 2024.
The Pectra upgrade, which shipped to the Ethereum mainnet in May 2025, introduced EIP-7702, a critical step toward full account abstraction. Instead of requiring a single fork for the entire network, Ethereum’s architecture allows individual accounts to choose their own signature verification and voluntarily switch to quantum-safe signatures. The upcoming Hegotá hard fork, planned for the second half of 2026, integrates this even further at the protocol level. The Ethereum Foundation has set structured milestones that aim to complete the post-quantum core infrastructure by around 2029, with active interoperability development networks already running on multiple clients.
The contrast with the paralysis of bitcoin governance could not be starker. Ethereum was designed, in a way that Bitcoin simply wasn’t, to accommodate exactly this type of fundamental upgrade. That’s not an accident. It is architecture.
The institutional calculation
For corporate treasurers and sovereign wealth managers, quantum risk is no longer a final scenario to be dismissed and footnoted. Governments already consider it operational. US federal agencies were facing an April 2026 deadline to submit plans to transition to post-quantum cryptography under National Security Memorandum 10. The EU has set a 2030 quantum resistance goal for critical infrastructure. The G7 Cyber Expert Group published a coordinated roadmap for the financial sector in January 2026. This compliance architecture will, over time, be extended to treasury holdings of digital assets.
The question for any institution holding bitcoin is whether it is comfortable with an asset whose quantum resistance roadmap is still in draft, whose governance is moving at geological speed, and whose developer community is divided over whether the urgency is warranted.
The question for any institution considering Ethereum is whether they want the asset with a structured, transparent, and already moving upgrade path.
Ethereum is the most adaptable, most capable and most durable asset. I’ve put the balance sheet of a Nasdaq-listed company behind that conviction. The Google document is what finally gives that conviction a unique, undeniable and technically informed answer to the most difficult question in digital asset treasury strategy: what asset is designed to last?
Ethereum is not a perfect asset. No asset is. But in the context of quantum risk, it is the asset whose architecture was built to survive what is coming. If Carter and Google are right, that distinction will matter enormously, and sooner than most people expect.
