If bitcoin and Ethereum had been invented on the same day, no one would have heard of bitcoin. I sold every Bit Digital bitcoin I had and deposited the proceeds into Ethereum. I have built one of the largest corporate Ethereum treasury positions in the world and said, on the record, that we will never sell it. People have asked me to articulate the strongest argument for that belief. On March 30, 2026, that argument came. Last month, Citi confirmed it.
In a research note published on May 18, Citi analysts warned that advances in quantum computing have shortened the timeline for practical attacks on digital assets, reaching a conclusion that should give any institutional bitcoin holder pause: bitcoin faces significantly greater quantum risk than Ethereum, and the gap between them comes not just to technology, but to governance.
This finding echoes the landmark paper published in late March by Google Quantum AI in collaboration with Stanford University and the Ethereum Foundation, which found that the computing resources required to break bitcoin’s basic cryptography are approximately 20 times lower than previously estimated. A sufficiently advanced quantum computer operating with fewer than 500,000 physical qubits could derive a bitcoin private key from its public key in about nine minutes. That machine does not exist today. But the window to act responsibly is narrowing faster than most institutions realize. When Google sounds the alarm and Citi confirms it in the same quarter, this is no longer a fringe concern. This is the silver bullet. And it points directly to bitcoin.
Why bitcoin is exposed
Bitcoin’s security rests on elliptic curve digital signature algorithms. When you use bitcoin, your public key appears briefly on the chain. Under classical computing, it is impossible to reverse it to obtain a private key. Quantum computers running Shor’s algorithm can, in principle, do exactly that during the short window that a transaction is issued. The Google paper doesn’t just confirm this theoretically; it quantifies it with a precision that removes comfortable ambiguity.
Nic Carter, co-founder of Coin Metrics and one of the sharpest minds in digital assets, has been sounding this alarm for months. In a series of essays starting in October 2025, Carter called quantum computers “the biggest long-term risk to bitcoin’s core cryptography” and accused developers of “sleepwalking toward collapse.” He estimates that a quantum computer could meaningfully break elliptic curve cryptography as early as 2028. Approximately 6.9 million BTC could be vulnerable at a sufficient quantum scale, including legacy wallets and Taproot output, which already represented more than 21% of all bitcoin transactions in 2025.
Bitcoin’s Governance Problem
One might ask: can’t bitcoin just upgrade? Yes, in theory. In practice, this is where the risk is amplified.
Bitcoin’s governance is deliberately conservative and consensus-driven, making it extraordinarily slow. SegWit took about 8.5 years from conception to widespread adoption. Poleroot took approximately 7.5 years. The current quantum proposals, BIP-360 and BIP-361, are still at the draft or early testnet stage as of 2026. A full base layer transition to post-quantum signatures would be the most contentious change bitcoin has ever attempted. As Carter documented, most bitcoin Core developers have expressed limited concern about urgency, a disposition that is, at minimum, a serious management responsibility for any institution holding bitcoin in its treasury. A quantum breakthrough does not politely wait for committee consensus.
Ethereum has already traded
This is where the picture diverges sharply. Ethereum’s approach to quantum resistance is not a reactive scramble. It is a structured roadmap already underway, built on the NIST post-quantum cryptography standards that were finalized in August 2024.
The Pectra upgrade, which shipped on the Ethereum mainnet in May 2025, introduced EIP-7702, a critical stepping stone towards full account abstraction. Rather than requiring a single network-wide fork, Ethereum’s architecture allows individual accounts to choose their own signature verification and switch to quantum-safe signatures voluntarily. The upcoming Hegotá hard fork, planned for the second half of 2026, embeds this further at the protocol level. The Ethereum Foundation has set structured milestones aimed at completing core post-quantum infrastructure by approximately 2029, with active interop devnets already running across multiple clients.
The contrast with bitcoin’s governance paralysis could not be starker. Ethereum was designed, in ways that bitcoin simply wasn’t, to accommodate just this kind of fundamental upgrade. It’s not an accident. It is architecture.
The institutional calculation
For corporate treasurers and sovereign wealth managers, quantum risk is no longer a tail scenario to be noted and rejected. Governments are already treating it as operational. US federal agencies faced an April 2026 deadline to submit post-quantum cryptography transition plans under National Security Memorandum 10. The EU has set a 2030 quantum resistance target for critical infrastructure. The G7 Cyber Expert Group published a coordinated roadmap for the financial sector in January 2026. This compliance architecture will be extended over time to include holdings of digital assets.
The question for any institution holding bitcoin is whether they are comfortable with an asset whose quantum resistance roadmap is still being drafted, whose governance is moving at geological speed, and whose developer community is divided on whether it is even justified.
The question for any institution considering Ethereum is whether they want the asset with a structured, transparent and already underway upgrade path.
Ethereum is the more adaptive, more capable and more durable asset. I put the balance sheet of a Nasdaq-listed company behind that judgment. The Google paper is what finally gives that conviction a simple, undeniable, technically sound answer to the toughest question in digital asset treasury strategy: which asset is built to last?
Ethereum is not a perfect asset. Nothing active is. But in the context of quantum risk, it is the asset whose architecture was built to survive what is to come. If Carter and Google are right, that distinction will have a big impact, and sooner than most expect.
