If Bitcoin and Ethereum had been invented on the same day, no one would have heard of Bitcoin. I sold all the bitcoins held by Bit Digital and deployed the profits into Ethereum. I built one of the largest Ethereum treasury positions in the world and went on record saying we will never sell it. People have asked me to articulate the strongest argument for this belief. On March 30, 2026, this argument arrived. Last month, Citi confirmed this.
In a research note published on May 18, Citi analysts warned that advances in quantum computing have shortened the timeline for practical attacks against digital assets, and came to a conclusion that should give pause to any institutional bitcoin holder: Bitcoin faces significantly higher quantum risk than Ethereum, and the gap between them comes down not just to technology but also to governance.
This finding echoes the landmark paper published in late March by Google Quantum AI in collaboration with Stanford University and the Ethereum Foundation, which revealed that the computing resources required to break Bitcoin’s fundamental cryptography are approximately 20 times lower than previous estimates. A sufficiently advanced quantum computer, operating with fewer than 500,000 physical qubits, could derive a Bitcoin private key from its public key in about nine minutes. This machine does not exist today. But the opportunity to act responsibly is shrinking faster than most institutions realize. When Google sounds the alarm and Citi confirms it in the same quarter, it’s no longer a marginal concern. This is the miracle solution. And it points directly to Bitcoin.
Why Bitcoin is exposed
Bitcoin security relies on elliptic curve digital signature algorithms. When you spend bitcoin, your public key is briefly exposed on-chain. In traditional computing, reversing this trend to obtain a private key is impossible. Quantum computers running Shor’s algorithm can, in principle, do just that during the brief broadcast window of a transaction. The Google paper doesn’t just confirm this theoretically; he quantifies it with a precision that removes any comfortable ambiguity.
Nic Carter, co-founder of Coin Metrics and one of the sharpest minds on digital assets, has been sounding the alarm for months. In a series of essays beginning in October 2025, Carter called quantum computing “the biggest long-term risk to bitcoin’s core cryptography” and accused developers of “sleepwalking toward collapse.” He estimates that a quantum computer could significantly break elliptic curve cryptography as early as 2028. Around 6.9 million BTC could be vulnerable at sufficient quantum scale, including legacy wallets and Taproot exits, which already accounted for more than 21% of all Bitcoin transactions in 2025.
The Bitcoin Governance Problem
One might ask: can’t bitcoin just be upgraded? Yes, in theory. In practice, this is where the risk worsens.
Bitcoin’s governance is intentionally conservative and consensus-driven, making it extraordinarily slow. SegWit took approximately 8.5 years from conception to widespread adoption. Taproot took about 7.5 years. The current quantum proposals, BIP-360 and BIP-361, are still in the draft or early testnet stage in 2026. A complete base layer transition to post-quantum signatures would be the most controversial change Bitcoin has ever attempted. As Carter has documented, most Bitcoin Core developers have expressed limited concerns about urgency, a provision that constitutes, at a minimum, a serious governance responsibility for any institution holding Bitcoin in treasury. A quantum breakthrough does not politely wait for committee consensus.
Ethereum has already acted
This is where the picture diverges sharply. Ethereum’s approach to quantum resistance is not a reactive rush. This is a structured roadmap already in execution, built on the NIST post-quantum cryptography standards finalized in August 2024.
The Pectra upgrade, delivered to the Ethereum mainnet in May 2025, introduced EIP-7702, a critical step toward full account abstraction. Rather than requiring a single network-wide hard fork, Ethereum’s architecture allows individual accounts to choose their own signature verification and voluntarily switch to quantum-secure signatures. The next Hegotá hard fork, planned for the second half of 2026, further integrates this at the protocol level. The Ethereum Foundation has set structured milestones targeting the completion of core post-quantum infrastructure by approximately 2029, with active interoperability development networks already running across multiple clients.
The contrast with the governance paralysis of Bitcoin could not be starker. Ethereum was designed, unlike Bitcoin, to accommodate exactly this type of fundamental upgrade. It’s not an accident. It’s architecture.
Institutional calculation
For corporate treasurers and sovereign wealth managers, quantum risk is no longer an extreme scenario that should be noted and dismissed. Governments already consider it operational. US federal agencies were facing an April 2026 deadline to submit post-quantum cryptography transition plans under National Security Memorandum 10. The EU has set a 2030 quantum resilience target for critical infrastructure. The G7 Cyber Expert Group published a coordinated roadmap for the financial sector in January 2026. This compliance architecture will extend, over time, to cash holdings of digital assets.
The question for any institution holding bitcoin is whether it is comfortable with an asset whose quantum resistance roadmap is still in draft form, whose governance is evolving at geological speed, and whose developer community is divided on whether the urgency is even warranted.
The question for any institution considering Ethereum is whether they want the asset to have an upgrade path that is structured, transparent, and already in motion.
Ethereum is the most adaptive, efficient and sustainable asset. I put the track record of a Nasdaq-listed company behind this belief. Google’s paper is what ultimately gives this belief a unique, undeniable, and technically sound answer to the hardest question in digital asset cash flow strategy: Which asset is built to last?
Ethereum is not a perfect asset. No assets are. But in the context of quantum risk, it is the asset whose architecture has been built to survive what is to come. If Carter and Google are right, this distinction will have considerable importance, and sooner than expected.
