Quantum Threat Puts Bitcoin on the Clock
Our conversation on quantum with Nic Carter went live today.
He's one of the few prominent Bitcoiners sounding the alarm about quantum computing's threat to crypto. Over the past few weeks, two papers dropped that moved the quantum threat timeline from "someday" to "soon," and Carter came on Bankless to lay out the damage. Together, they show the hardware threshold for breaking crypto's signature schemes fell by 20x to 50x, and the estimated attack window shrank from months to minutes.
Here are the five key takeaways 👇
The Google Paper Changes Bitcoin's Threat Model
Until recently, the prevailing assumption among researchers was that the first quantum attacks on blockchain cryptography would take weeks or months and require millions of qubits, the raw processing units inside a quantum computer.
Those parameters gave everyone a comfortable buffer.
The Google paper, co-authored by cryptographer Dan Boneh, Google Quantum AI's Craig Gidney, and Ethereum Foundation researcher Justin Drake, eliminated that "safety net." Previous estimates put the requirement at hundreds of thousands of physical qubits. The Google paper cut that threshold by roughly 20x and reduced the attack window to just nine minutes to crack ECDSA, the cryptographic signature scheme that authorizes every Bitcoin and Ethereum transaction. A second paper from Oratomic and Caltech went further, estimating that a different hardware approach could crack the same cryptography with as few as 10,000 physical qubits.
The largest array of that hardware type in existence today already runs 6,000.
My latest: My Takeaways from Google’s and Oratomic’s Quantum Resource Estimate papershttps://t.co/s1HBsZhbv9 pic.twitter.com/Cm30mgVOY0
— nic carter (@nic_carter) April 3, 2026
2029 Could Be the Real Deadline
The prevailing belief among Bitcoin holders and even some developers is that Q-Day, the day a quantum computer can crack Bitcoin's cryptography in production, will announce itself gradually – i.e. we'll see the technology progressing, we'll have time to prepare, and we'll target a date years out.
Carter says the Google paper explicitly suggests the opposite: Q-Day will arrive as a threshold event. Once quantum error correction is solved at scale, progress from weak attacks to full 256-bit key-cracking will happen fast.
Another really interesting detail is that the Google team didn't publish the actual quantum algorithm. They released a zero-knowledge proof of it, effectively verifying it without revealing how it works, because they didn't want to show their hand. Both papers were published in consultation with the U.S. government's cryptographic standards body (NIST) and the National Security Agency (NSA). Carter expects a formal censorship regime to follow, after which we'll simply be in the dark on quantum advances. There will only be the before and after.
LIVE NOW - Nic Carter: Bitcoin Has 3 Years to Survive the Quantum Threat
— Bankless (@Bankless) April 6, 2026
Bitcoin may be heading into its first true existential governance test.@nic_carter is back on Bankless to talk through:
- Why the latest Google quantum paper changes the threat model for Bitcoin,
- why… pic.twitter.com/WTOXK0QbsW
Google has already moved its own internal quantum transition deadline to 2029. The U.S. government wants critical systems upgraded by 2030. A Chaincode paper estimated Bitcoin's post-quantum transition would take seven years under reasonable conditions, two if rushed. Carter doesn't see the transition happening before 2030 - a year after Google's own deadline.
The Nine-Minute Attack Changes Everything
The Google paper surfaced an attack vector that Carter had previously considered unlikely.
When you send Bitcoin, your public key gets briefly exposed to the network before your transaction confirms. Under the Google paper's estimates, a quantum computer could crack your private key within that confirmation window and broadcast a competing transaction to steal your funds before yours settles. No amount of careful wallet practice, fresh addresses, etc. would protect you if the attack happens in that window.
The entire network has to be 100% post-quantum before the hardware exists for these attacks, or no transaction is safe.
The Fight Over Satoshi's Coins Could Become Bitcoin's Hardest Governance Battle
6.9 million BTC, one-third of all supply, sits in addresses with exposed public keys.
Of those, 2.3 million are Satoshi-era or presumed-lost coins with no key holders, meaning they will never migrate voluntarily.
To deal with these, the Google paper laid out four options:
- Do nothing
- Burn them permanently
- Rate-limit how fast they can be spent
- Park them on a sidechain where owners could reclaim them with cryptographic proof
Carter expects institutions to push for the second.
He imagines 10 to 20 of the largest Bitcoin custodians (BlackRock, Coinbase, etc.) will sign a joint letter declaring they will only support a fork where dormant coins are burned. That fork becomes canonical Bitcoin. The alternative dies, while reducing supply from 21 million to roughly 19 million. Carter acknowledges this "permanently ruins the thing we said we were doing" and would represent the greatest theft in human history.
The hardest part of the quantum transition may not be the cryptography.
— Bankless (@Bankless) April 6, 2026
It may be deciding whether Bitcoin should burn Satoshi’s coins.@nic_carter: "The con is that we permanently ruin the thing that we said we were doing, which is maintaining an absolutely immaculate supply… pic.twitter.com/gUxOSkpUXx
But the deeper problem is that Bitcoin has no mechanism to reach this decision. The network has made two protocol changes in the last decade, SegWit in 2017 and Taproot in 2021, and each one reached consensus through a different process. Plus, Carter claims, core developers have been driven into retreat by legal threats and harassment, and actively disclaim authority over the protocol. He describes a power vacuum where the people with influence refuse to acknowledge it, and the feedback channel they point to, "what the community wants," has no actual intake mechanism.
Every step of the transition, agreeing to act, picking a signature scheme, migrating 50 million addresses, resolving the Satoshi coins, runs through this broken governance layer.
Ethereum May Be Better Positioned for the Transition
In the podcast, Mr. Carter, a lifelong Bitcoiner, does acknowledge the possibility that Ethereum could take the number one spot, even if he doesn't want that to happen.
Is there a possibility that Bitcoin fails the Quantum challenge, and $ETH takes the #1 spot?@nic_carter: "Yeah, I think that's possible...
— Bankless (@Bankless) April 6, 2026
The complacency im seeing on the Bitcoin side is only matched by the @ethereumfndn's proactivity." pic.twitter.com/J9K4n6kdSD
Yes, Ethereum's engineering workload is larger. Beyond just upgrading wallet signatures, the network needs to upgrade the consensus layer and the rollup layer. But the Ethereum Foundation (EF) already has a published roadmap, Justin Drake co-authored the Google paper, and account abstraction makes it easier to swap signature schemes without changing user addresses.
Carter reached the same conclusion: Ethereum has a broader quantum attack surface than Bitcoin, but stronger, more cohesive community leadership compensates. He praised the EF and contrasted it with Bitcoin, where he says it's just him and a few other people worrying about this.
2 years ago, at @EFDevcon in Bangkok, @drakefjustin released his '5 Year Plan' for Lean Ethereum
— David Hoffman (@TrustlessState) April 6, 2026
It was ridiculed by CT for being out-of-touch with the market
Now, thanks to Justin's foresight and leadership, Ethereum is in pole position for capitalizing on the quantum… pic.twitter.com/RFeg51IGqF
So far, Bitcoin has survived every threat by refusing to change. But quantum looks like it will punish that reflex, and the chains that move first will set the terms for what crypto looks like on the other side of the quantum divide.