coindesk.com
If bitcoin and Ethereum had been invented on the same day, nobody would have heard of bitcoin. I sold every bitcoin Bit Digital held and deployed the proceeds into Ethereum. I have built one of the largest corporate Ethereum treasury positions in the world and said, on the record, that we will never sell it. People have asked me to articulate the single strongest argument for that conviction. On March 30, 2026, that argument arrived. Last month, Citi confirmed it.
In a research note published on May 18, Citi analysts warned that quantum computing advances have shortened the timeline for practical attacks on digital assets, and reached a conclusion that should give every institutional bitcoin holder pause: bitcoin faces significantly greater quantum risk than Ethereum, and the gap between them comes down not just to technology but to governance.
That finding echoes the landmark paper released in late March by Google Quantum AI in collaboration with Stanford University and the Ethereum Foundation, which found that the computing resources required to break bitcoin's foundational cryptography are approximately 20 times lower than previously estimated. A sufficiently advanced quantum computer, operating with fewer than 500,000 physical qubits, could derive a bitcoin private key from its public key in roughly nine minutes. That machine does not exist today. But the window to act responsibly is narrowing faster than most institutions realize. When Google raises the alarm, and Citi confirms it in the same quarter, this is no longer a fringe concern. This is the silver bullet. And it points directly at bitcoin.
Why bitcoin is exposed
Bitcoin's security rests on elliptic curve digital signature algorithms. When you spend bitcoin, your public key is briefly exposed onchain. Under classical computing, reversing that to obtain a private key is infeasible. Quantum computers running Shor's algorithm can, in principle, do exactly that during the brief window a transaction is broadcast. The Google paper doesn't merely confirm this theoretically; it quantifies it with a precision that removes comfortable ambiguity.
Nic Carter, co-founder of Coin Metrics and one of the sharpest minds in digital assets, has been sounding this alarm for months. In a series of essays beginning in October 2025, Carter called quantum computing "the biggest long-term risk to bitcoin's core cryptography" and accused developers of "sleepwalking towards collapse." He estimates a quantum computer could meaningfully break elliptic curve cryptography as early as 2028. Approximately 6.9 million BTC could be vulnerable at a sufficient quantum scale, including legacy wallets and Taproot outputs, which already represented more than 21% of all bitcoin transactions in 2025.
Bitcoin's governance problem
One might ask: can't bitcoin simply upgrade? Yes, in theory. In practice, this is where the risk compounds.
Bitcoin's governance is intentionally conservative and consensus-driven, which makes it extraordinarily slow. SegWit took roughly 8.5 years from conception to widespread adoption. Taproot took approximately 7.5 years. The current quantum proposals, BIP-360 and BIP-361, are still at the draft or early testnet stage as of 2026. A full base-layer transition to post-quantum signatures would be the most contentious change bitcoin has ever attempted. As Carter documented, most bitcoin Core developers have expressed limited concern about urgency, a disposition that is, at minimum, a serious governance liability for any institution holding bitcoin in treasury. A quantum breakthrough does not politely wait for committee consensus.
Ethereum has already acted
This is where the picture diverges sharply. Ethereum's approach to quantum resistance is not a reactive scramble. It is a structured road map already in execution, built on the NIST post-quantum cryptography standards finalized in August 2024.
The Pectra upgrade, which shipped on Ethereum mainnet in May 2025, introduced EIP-7702, a critical stepping stone toward full account abstraction. Rather than requiring a single network-wide hard fork, Ethereum's architecture allows individual accounts to choose their own signature verification and switch to quantum-safe signatures voluntarily. The upcoming Hegotá hard fork, planned for the second half of 2026, embeds this further at the protocol level. The Ethereum Foundation has set structured milestones targeting completion of core post-quantum infrastructure by approximately 2029, with active interop devnets already running across multiple clients.
The contrast with bitcoin's governance paralysis could not be more stark. Ethereum was designed, in ways bitcoin simply was not, to accommodate exactly this kind of foundational upgrade. That is not an accident. It is architecture.
The institutional calculus
For corporate treasurers and sovereign wealth managers, quantum risk is no longer a tail scenario to be footnoted and dismissed. Governments are already treating it as operational. U.S. federal agencies faced an April 2026 deadline to submit post-quantum cryptography transition plans under National Security Memorandum 10. The EU has set a 2030 quantum-resistance target for critical infrastructure. The G7 Cyber Expert Group published a coordinated financial sector road map in January 2026. This compliance architecture will, over time, extend to digital asset treasury holdings.
The question for any institution holding bitcoin is whether they are comfortable with an asset whose quantum-resistance road map is still in draft, whose governance moves at geological speed, and whose developer community is divided on whether urgency is even warranted.
The question for any institution considering Ethereum is whether they want the asset with a structured, transparent, and already in motion upgrade path.
Ethereum is the more adaptive, more capable, and more durable asset. I have put the balance sheet of a Nasdaq-listed company behind that conviction. The Google paper is what finally gives that conviction a single, undeniable, technically grounded answer to the hardest question in digital asset treasury strategy: which asset is built to last?
Ethereum is not a perfect asset. No asset is. But in the context of quantum risk, it is the asset whose architecture was built to survive what is coming. If Carter and Google are right, that distinction will matter enormously, and sooner than most people expect.