Bitcoin vs. Ethereum in the Quantum Threat: Why One Can Migrate and One Faces a Constitutional Crisis
Ethereum has Vitalik and active governance to migrate from quantum-vulnerable cryptography. Bitcoin does not — and Satoshi's wallet could be the first casualty.
The Quantum Clock Is Ticking — and Bitcoin and Ethereum Are Not in the Same Position
Bitcoin and Ethereum are both sitting on cryptographic foundations that a fault-tolerant quantum computer will be able to crack. That much is settled. What is not settled — and what almost nobody is talking about clearly — is that these two networks face completely different versions of the same problem. Ethereum has active governance and a known leader who can push through a migration. Bitcoin has neither, and Satoshi’s dormant wallet could become the most visible casualty of a crisis the network has no mechanism to resolve.
This is not a theoretical concern. Scott Aaronson — the Schlumberger Centennial Chair of Computer Science at UT Austin, co-founding director of UT Austin’s Quantum Information Center, and the person the internet’s quantum computing community treats as its most reliable skeptic — published a post in May 2026 titled “Will you heed my warnings?” In it, he states that “some of the most reputable people in quantum hardware and quantum error correction… now tell me that a fault-tolerant quantum computer able to break deployed crypto systems ought to be possible by around 2029.” Aaronson is not a hype merchant. He spent years correcting people who overstated what quantum computers could do. When he says 2029, you should take that seriously.
Remy doesn't write the code. It manages the agents who do.
Remy runs the project. The specialists do the work. You work with the PM, not the implementers.
Google already has. Their March 25, 2026 post on blog.google — “Quantum Frontiers may be closer than they appear” — sets an internal 2029 deadline to migrate all infrastructure to post-quantum cryptography. The reason they accelerated: faster-than-expected progress in reducing the number of qubits needed to break RSA. They also published a zero-knowledge proof showing they know how to break elliptic curve cryptography with fewer qubits and gates than previously realized — without releasing the actual attack recipe. Cloudflare is targeting the same 2029 date.
That is the backdrop. Now here is the actual question you should be thinking about: when the cryptographic locks break, which network can change them?
What “Quantum-Vulnerable” Actually Means for These Two Networks
Both Bitcoin and Ethereum rely on elliptic curve cryptography for wallet security. Shor’s algorithm — published in 1994, with fault-tolerant quantum computation shown to be possible in principle by 1996 — breaks elliptic curve cryptography on a sufficiently large fault-tolerant quantum computer. Bitcoin launched more than a decade after Shor’s paper. Ethereum launched in 2015, two full decades after it. Both chose quantum-vulnerable cryptography with full knowledge that this vulnerability existed in principle.
The attack vector is straightforward. Elliptic curve cryptography protects private keys. On most blockchain networks, when you spend or transfer funds, your public key gets exposed on-chain. A quantum computer running Shor’s algorithm can derive the private key from the public key. At that point, whoever runs the attack can impersonate the wallet owner and move the funds.
The exposure is not uniform across all wallets. Addresses that have never spent funds — where only the hash of the public key is visible, not the key itself — have a layer of additional protection. But addresses that have transacted, and especially addresses where the public key is permanently visible on-chain, are directly in the crosshairs. For a broader look at how AI capabilities are intersecting with cryptographic attack surfaces, the Claude Mythos vs Opus 4.6 cybersecurity capability gap analysis is worth reading alongside this — AI’s role in both accelerating and defending against these threats is not separable from the quantum story.
This is where Satoshi’s wallet enters the picture. Satoshi’s coins have never moved. They sit in dormant addresses from Bitcoin’s earliest days. If elliptic curve keys can be broken, someone could derive the private key for those addresses, impersonate Satoshi, and move the coins. There is no technical mechanism in Bitcoin today to prevent this. There is also no governance mechanism to preemptively protect those coins — or to decide who has the authority to try.
The Governance Dimension: Where Bitcoin and Ethereum Diverge
This is the part that does not get enough attention in the quantum threat conversation.
Ethereum has Vitalik Buterin. That is not a trivial fact. Ethereum has a functioning governance structure — a core development team, an Ethereum Foundation, active researchers like Justin Drake (who co-authored the Coinbase paper on quantum risk to blockchain alongside Aaronson and Dan Boneh, one of the world’s leading cryptographers), and a track record of executing hard forks when the network needs to change direction. The Merge — Ethereum’s transition from proof-of-work to proof-of-stake — was one of the most complex protocol migrations in blockchain history, and it shipped. Ethereum can make decisions.
Migrating Ethereum to post-quantum cryptography is still enormously complex. Everything built on top of the network — smart contracts, DeFi protocols, NFT infrastructure, layer-2 systems — would need to be addressed. But the question of whether Ethereum can organize a migration has a defensible answer: probably yes, given enough lead time and coordination.
Bitcoin does not have this. Bitcoin’s design philosophy treats the absence of central authority as a feature, not a bug. There is no Satoshi. There is no foundation with recognized authority to push through protocol changes. Bitcoin Improvement Proposals exist, but contentious changes have historically fractured the community — Bitcoin Cash, Bitcoin SV, and other forks are the record of what happens when Bitcoin’s stakeholders disagree. A post-quantum migration is not a minor parameter change. It would require replacing the cryptographic primitives that underpin every wallet and every transaction. Getting consensus on that, on a timeline driven by an external threat, with no recognized authority to coordinate the effort, is a different problem than anything Ethereum faces.
This is what Aaronson means when he frames the quantum threat to crypto as not just a technical problem but a governance and constitutional problem. The question is not only “can we build quantum-resistant cryptography?” — NIST has been standardizing post-quantum algorithms for years, and the answer is yes. The question is “who gets to change the locks, and when, and what happens to the coins that were locked with the old keys?”
For Bitcoin, that question does not have a clean answer.
The Specific Vulnerabilities, Ranked by Severity
Satoshi’s wallet. This is the symbolic and practical flashpoint. The coins have never moved. The addresses are known. If elliptic curve cryptography breaks, those coins become accessible to whoever runs the attack first. The Bitcoin network would have no way to distinguish a legitimate Satoshi transaction from an impersonation. And there is no governance body with the authority to freeze those addresses preemptively — doing so would itself be seen as violating the foundational rules of the network.
Old dormant addresses from the early Bitcoin era. Many early Bitcoin addresses used a format (Pay-to-Public-Key, or P2PK) that permanently exposes the public key on-chain. These are not protected even by the hash layer that newer address formats provide. They are directly exposed to a Shor’s algorithm attack.
Any address that has spent funds. When you send Bitcoin, your public key becomes visible on-chain. Every address that has ever made an outgoing transaction has its public key permanently recorded. On a long enough timeline with a capable enough quantum computer, those keys are derivable.
Ethereum smart contracts. Ethereum’s exposure is different in character. The governance problem is more tractable, but the technical surface area is larger. Smart contracts are code deployed on-chain. Many of them handle funds. A post-quantum migration would need to address not just wallet infrastructure but the entire contract ecosystem.
What “Faster Than Expected” Actually Means
One coffee. One working app.
You bring the idea. Remy manages the project.
The Google disclosure is worth dwelling on. They did not just set a 2029 internal deadline. They published a zero-knowledge proof demonstrating that they know how to break elliptic curve cryptography with fewer qubits and gates than the field previously believed necessary. They withheld the actual method — responsible disclosure — but the proof of knowledge is itself significant. It means the attack is closer to practical than the prior consensus assumed.
Part of what accelerated this is AI. AlphaQubit, built by Google DeepMind, is an AI-based quantum error decoder that identifies and corrects quantum computing errors with state-of-the-art accuracy. Quantum error correction was one of the primary bottlenecks blocking fault-tolerant quantum computers at scale. AlphaQubit addressed it. The same dynamic that produced AlphaFold for protein structure prediction produced AlphaQubit for quantum error correction — and the downstream consequence is that the timeline for cryptographically relevant quantum computers compressed faster than most people expected.
This is also why the “store now, decrypt later” threat is not hypothetical. Governments — the US, Russia, China — have been collecting encrypted internet traffic for decades, storing data they cannot currently read with the explicit plan to decrypt it once quantum computers arrive. That data is already captured. The quantum computer does not need to exist yet for the collection to have happened. The intersection of AI capability growth and quantum hardware progress is also explored in the Claude Mythos benchmark results — the same AI systems accelerating quantum error correction are also being evaluated for their ability to reason about and exploit cryptographic weaknesses.
The Migration Path: What Each Network Would Actually Have to Do
For Ethereum, a post-quantum migration would look something like this: agree on a quantum-resistant signature scheme (NIST has standardized several, including CRYSTALS-Dilithium and FALCON), implement it at the protocol level via a hard fork, give users a migration window to move funds to new quantum-resistant addresses, and handle the legacy contract ecosystem through a combination of upgrades and deprecation. This is hard. It is not impossible. Ethereum has the governance infrastructure to attempt it, and researchers like Justin Drake are already working on the problem.
For Bitcoin, the same technical steps apply — but the governance path is missing. Who calls the hard fork? Who sets the migration deadline? What happens to coins in addresses that never migrate — are they frozen, burned, left vulnerable? What happens to Satoshi’s coins specifically? Every one of these questions is a potential schism. And unlike the Merge, which Ethereum’s community broadly supported, a quantum migration would be forced by an external threat on a timeline that may not allow for the years of deliberation Bitcoin governance typically requires.
The Coinbase paper — co-authored by Aaronson, Boneh, and Drake — is the most serious public attempt to map this problem. The fact that it exists, and that it involves the Ethereum Foundation’s own researchers, tells you something about where the serious thinking is happening.
Remy is new. The platform isn't.
Remy is the latest expression of years of platform work. Not a hastily wrapped LLM.
If you are building spec-driven systems that need to adapt as cryptographic standards change, Remy takes an interesting approach: you write your application as an annotated markdown spec, and it compiles a complete TypeScript backend, database, auth, and deployment from that spec — meaning when the underlying cryptographic requirements change, you update the spec and recompile rather than hunting through a codebase. That kind of architecture is meaningfully easier to migrate than systems where cryptographic assumptions are baked into dozens of interdependent modules.
What You Should Actually Do With This Information
If you hold Bitcoin in old addresses — particularly P2PK addresses from the early era, or any address that has made outgoing transactions — the prudent move is to migrate to newer address formats now, before the threat is realized. This does not require waiting for a protocol-level solution. It just requires moving funds to a fresh address using a modern format.
If you are building on Ethereum, watch the Ethereum Foundation’s post-quantum working group. The migration will happen with lead time if it happens at all, and being early means you are not scrambling.
If you are building security-sensitive infrastructure more broadly, the 2029 timeline from Google and Cloudflare is the most credible public estimate available. Apple has post-quantum cryptography in iMessage, but the full Apple ecosystem is not protected. The gap between “we have a post-quantum product” and “our entire infrastructure is post-quantum” is enormous, and most organizations have not closed it.
The teams thinking seriously about this kind of infrastructure risk often need to monitor a lot of moving signals simultaneously — protocol updates, NIST standardization progress, hardware announcements, governance proposals across multiple chains. MindStudio is useful here: with 200+ models, 1,000+ integrations, and a visual builder for orchestrating agents and workflows, you can build monitoring and alerting systems that track these signals without writing the orchestration from scratch. For teams that need to stay current on rapidly shifting cryptographic and AI capability developments, that kind of composable infrastructure matters.
The Deeper Problem Bitcoin Has
Here is the opinion: Bitcoin’s governance-by-absence was a reasonable design choice in 2009. It is a liability in 2026.
The quantum threat is not the first time Bitcoin’s lack of governance has created problems — it is just the most consequential one on the horizon. The network has survived contentious forks, scaling debates, and fee market crises. But those were internal disputes. The quantum threat is external, on a fixed timeline, and requires coordinated action across the entire ecosystem before the threat materializes — not after.
Ethereum is not immune to the quantum threat. But Ethereum has a mechanism for responding to it. Bitcoin’s response mechanism is “hope the community reaches consensus,” which is not a plan.
The irony is that Shor’s algorithm has been public since 1994. Bitcoin launched in 2009. Ethereum launched in 2015. Both chose elliptic curve cryptography with full knowledge that a quantum vulnerability existed in principle. The question was always whether fault-tolerant quantum computers would arrive before the networks could migrate. The answer, according to the most credible voices in the field, is that the window is closing — and one of these networks is much better positioned to act than the other.
Hire a contractor. Not another power tool.
Cursor, Bolt, Lovable, v0 are tools. You still run the project.
With Remy, the project runs itself.
For a broader frame on how AI model capabilities are evolving in parallel with these hardware developments, the GPT-5.4 vs Claude Opus 4.6 comparison is a useful reference point — the same capability curves driving AlphaQubit’s error correction advances are visible in frontier language model benchmarks.
The 2029 deadline is not a marketing claim. It is Google’s internal infrastructure target, Cloudflare’s public commitment, and Scott Aaronson’s personal endorsement after years of correcting quantum hype. The question for Bitcoin is not whether the threat is real. The question is whether a network with no recognized authority and a history of governance paralysis can execute a coordinated cryptographic migration on a deadline it did not choose.
That is a constitutional crisis. And it is coming whether Bitcoin is ready for it or not.
