Bankless - Bitcoin Has 3 Years to Survive | Nic Carter on Bitcoin’s Quantum Vulnerability
Episode Date: April 6, 2026What if Bitcoin’s biggest strength becomes its fatal weakness? Nic Carter joins Bankless to unpack why the latest quantum papers changed the threat model, why a 2029 migration window could leave Bit...coin dangerously behind, what a real post-quantum transition would require, and why the fight over Satoshi’s dormant coins may become the most explosive governance battle in Bitcoin history. --- 🎬 DEBRIEF | RYAN & DAVID UNPACKING THE EPISODE https://www.bankless.com/podcast/debrief-bitcoin-has-3-years-to-survive-nic-carter --- BANKLESS SPONSOR TOOLS: 🔮POLYMARKET | #1 PREDICTION MARKET https://bankless.cc/polymarket-podcast 🪐GALAXYONE | SOLANA STAKING https://bankless.cc/GalaxyOne 🦊 METAMASK | DOWNLOAD NOW https://go.metamask.io/BL-Pod-Download 🏅BITGET TRADFI | TRADE GOLD WITH USDT https://bankless.cc/bitget 🎯THE DEFI REPORT | ONCHAIN INSIGHTS https://thedefireport.io/bankless 🐇MEGAETH | 1ST REAL-TIME BLOCKCHAIN https://bankless.cc/megaeth --- TIMESTAMPS 0:00 Nic Carter’s Stark Warning 3:55 Bitcoin’s Status Quo Problem 9:36 The New Quantum Papers 12:07 When Breakthroughs Go Dark 16:28 “We will not get significant prior notice” 21:24 The 9-Minute Attack 31:33 Why 2029 suddenly matters 34:24 Post-Quantum Tradeoffs 46:03 Why Bitcoin Isn’t Reacting 52:21 The Satoshi coin problem 1:02:54 Nic’s salvage-law alternative 1:10:13 Why Ethereum looks more prepared 1:12:25 Does Bitcoin Survive? --- RESOURCES Nic Carter https://x.com/nic_carter Nic’s takeaways from quantum papers https://murmurationstwo.substack.com/p/my-takeaways-from-googles-and-oratomics --- Not financial or tax advice. See our investment disclosures here: https://www.bankless.com/disclosures
Transcript
Discussion (0)
I think the assumption inherent in what Saylor is saying and what others have said is,
we will have a very clear notice period before QDA comes.
That's the assumption.
It's, well, you know, the technology will progress gradually,
and we will know, we'll be able to do the extrapolations,
and we'll know, all right, it's going to hit in 2041 or whatever.
So all we have to do is target that date, but it's not like Y2K, right?
Nobody knows the day or the hour, right?
it will just happen one day.
Nick Carter, welcome to Banklist once again.
Hello, gentlemen. Thank you for having me.
Is this the seventh or eighth time?
Yes, we're approaching double digits.
Yeah.
But I think this might be the longest gap since we've had you on.
I heard you went on a decently long podcast hiatus.
No, I mean, I've been retired from podcasts, yeah, but, you know, I heard someone who's coming
from my record on this show, so.
Yeah, I think it's a good time to have you on,
because I've heard you're bullish on the ETH Bitcoin ratio, actually.
Yeah, I mean, I'm already in trouble with the Bitcoiners.
So, you know, yeah, I think if nothing changes in Bitcoin,
ETHBTC could look pretty interesting here.
I agree.
Do you think that there is a window of possibility
where Bitcoin really fails this challenge?
Ethereum succeeds in overcoming this challenge,
and then Ethereum takes the number one spot.
Wow, David.
Yeah, I think that's possible.
I don't want that to happen, but...
We don't want that to happen, but it's possible.
Yeah, I mean, the complacency I'm seeing on the Bitcoin side is really disconcerting.
And only matched by the I Syrian Foundation's proactiveness, peractivity, I mean, there's a deadline, right, to transition on 2029.
Is that what they're saying?
Yeah.
That's what the Google paper seems to say.
we'll talk about this.
So I guess maybe the theme of this episode is saving Bitcoin.
We're going to figure out how to save it today.
Yeah, you know, that's not my base case.
That's not my base case.
I mean, I think things could go right.
But the reason I'm getting in so much trouble
and fighting so much is because I want things to go right
and it's going to take a lot of work for that to happen.
If you're already holding soul, here's something you may want to pay attention to.
Galaxy 1 just launched Solana Staking,
and you can earn up to an estimated 6.5% in variable staking rewards on your soul
with no platform commission fee charged throughout December,
31st, 2026. While many other platforms charge up to 35% commission fees on staking rewards,
Galaxy 1 offers you 0% platform commission through December 31st. Other fees may apply. You should
see the terms. This is powered by Galaxy Digital's own validator infrastructure, one of the
largest salon of validator operations in the world, and now available to individual investors
directly within the Galaxy 1 platform. Once you stake, rewards accrue and compound automatically.
No active management needed. You can track everything in one place, including balances, rewards,
and tax reporting through tax bit.
Getting started is straightforward.
You can buy soul directly in the app or transfer it in.
If you want to put your soul to work, you can now start staking on Galaxy One today.
Click the link in the show notes to learn more and get started.
Not investment advice.
Bankless isn't just a name.
It's a genuine belief that you shouldn't need permission from an institution to use your money.
Metamask has been around since the beginning of Ethereum and they carry the same
DNA we do.
Metamask was my first wallet.
And well, if you haven't opened up the app recently, let me tell you, they've been
shipping, creating the one app to finally replace your bank and exchange.
You can trade just about everything right from within Metamask.
Leverage perps via hyperliquid.
Prediction markets through polymarket.
Tokenized stocks like Nvidia.
And you can swap tokens gasslessly and across networks and even spend your crypto with your
Metamask card at real merchants all around the world.
It's better than institution services, but from a self-custodial wallet.
And this is what we've been talking about for years.
Money that's open and is happening.
So give Metamask trading features a look at the link below.
The reason why you're getting into trouble is that the status quo for Bitcoin is something
bad happens. And Bitcoin really likes the status quo, like the small blockers or the status quo,
they won. Bitcoin always defaults to the status quo. And this is the one instance that we know
in Bitcoin history where the status quo does not work. And you're the one who's like pulling the
alarm bells being like, hey guys, the status quo is actually the failure scenario here.
That's precisely correct. Bitcoin governance is spectacularly
unsuited to a threat that is of an uncertain timeline and requires total mobilization.
It's not clear if Bitcoin governance can accommodate that, actually.
Nobody knows how it works.
We're not even sure if it's possible to make a change to Bitcoin, let alone a sweeping
set of numerous changes that need to occur.
So Bitcoin works great when nothing has to change.
that's, you know, its strength.
But when there is something existential that requires a core
infrastructural change, we've actually never dealt with that before,
not in the whole history of Bitcoin ever.
Yeah.
So this is the first time.
Yeah.
And it's been the practice of Bitcoin culture to create that reality.
And that has been Bitcoin's strength to the detriment of all the other crypto assets,
is that it has become incredibly hard to make changes to Bitcoin.
And this is the first time where that actually is,
its weakness, not its strength.
Yeah, and one weird dynamic is, you know,
Bitcoin is this like evolutionary environment
where Bitcoin selects for people that are, you know,
relentlessly optimistic and,
and you are willing to ignore fuds,
you know, for lack of a better word.
And so now, you know,
everybody that's sold because they're worried about something or other,
the only people that are left are the people that ignored
every successive wave of fud, whether there's energy or B-CAT,
or B-cash, big blocks, or double-spend attacks,
or like all the various fuds over the years.
So now you have this ecosystem of people
that just are optimistic 100% of the time
and are totally happy with the status quo.
But that's very ill-suited for the predicament we find ourselves in.
You know, it's so funny is what you're describing
sounds like it's an immune system response, right?
And maybe what you're saying is Bitcoin has an overactive immune system
because part of the immune system has been to fight FUD.
So David and I just did a recording yesterday with Michael Saylor.
And this was post the Google quantum paper coming out.
We asked him about it.
We were just like, hey, Michael, here's the situation.
They say 2029.
The Shores algorithm enhancements have got 20x faster.
You know, like, is this something we should be worried about?
And you have Satoshi's supply, you know, 2.3 million Bitcoin, according to the paper.
It seems like a decision will have to be made.
if quantum happens, right?
And his response, which I think bagless listeners can go listen to it for themselves,
was very much like, hey, there's two types of people in the world.
There's optimists and there's pessimists.
And you have to choose which one you want to be.
I'm an optimist.
Everybody else who's worried about this is an alarmist.
That doesn't mean we shouldn't be prepared.
But the core devs will figure it out.
We always do.
We'll come to consensus.
And to say anything otherwise.
And we'll find a solution.
And so it's kind of the panic intake.
Like it was just like there's a bunch of chicken littles going around.
You know, he compared this to kind of like other scares in the past.
Global warming other things that haven't come to pass.
Why should this time be any different?
And maybe that's just part of the default immune system response.
Maybe Michael is kind of representing the immune system at some level,
kind of the cultural trait that many Bitcoiners share.
Yeah, there's panikins and there's process trust.
and I'm a process truster, actually generally speaking, you know, with regards to politics,
I trust the process.
With regards to this issue, I'm a panicking, which is embarrassing to admit, you never
want to be a panicking.
But I just think the data is actually pretty clear.
And trusting the process is great when it's peacetime, but it's not peace time, it's
wartime.
And the process in Bitcoin, it's very unclear as to how a change might even be effectuated,
how consensus could occur.
And I hear the same exact thing
from the Bitcoin developers,
and I've been hearing from them a lot
over the last couple days.
And they tell me the exact same thing.
They say, you know,
when it's time to make a change,
we'll just go with what the community wants.
Well, you know, the general will.
And it's this kind of like incredibly vague concept.
It's just like, well,
how are you going to solicit that input from the people?
You know, like, what's the mechanism to get this input?
From my seat,
I'm the one providing that feedback.
but they're not hearing the feedback, right?
So, you know, what happens if Coinbase and BlackRock and et cetera, et cetera,
go to the developers and say, hey, we need to fix this,
that will be perceived as an attack.
So the mechanism that they say leads to success
is something that they're also attuned to ignore.
So it's very unclear to me how this problem would spontaneously solve itself,
how they would even measure what the community wants.
So we're actually in a kind of a huge pickle.
Fortunately for us, we actually were given some solutions by the writers, the authors of the paper that came out on Monday.
We'll get to that, I think, further on in this conversation.
But let's talk about these two papers that got revealed, released on Monday of this week.
One was from Google.
One was from another organization called Oratomac, another set of academia authors.
Nick, can you just kind of like summarize the significance of these papers?
What do we need to know about them as it relates to quantum and Bitcoin and Crypto?
Yeah.
So I'll start by being very, very explicitly clear.
These are not academics that are saying they have broken elliptic curves.
They are not claiming that they've built a scaled quantum computer that can do it.
The hardware has not been built, right?
No hardware.
It doesn't exist.
The hardware that exists today is like miniature tiny versions of this stuff.
They can't do anything.
Both of these papers pertain to resource estimates for what it would take to run a circuit,
to run Shores algorithm to crack ECC-256.
which is the core cryptographic algorithm
that powers most of Bitcoin parts of the theorem.
So that's what it is.
These are improved resource estimates.
So they're trying to estimate
how many logical qubits do you need,
how many physical qubits,
how many taffoli gates.
Actually, I don't know how to pronounce that.
I've only ever read the word.
I've never heard anyone say it.
So is it toffily gates or tofoli gates, whatever.
That just means how many operations
need to occur to run the circuit.
And from that, you can back out
how long it would take in terms of wall clock time.
So you devise an algorithm that are on shores to break ECC,
and then you make estimates as to what the requirements would be.
Based on that, we can kind of look out into the future and say,
well, we seem to be improving, you know, the logical cubic count by this much per year
on this modality, you know, because actually one was for superconducting qubits,
one was for neutral items, different architectures.
So, you know, based on these now lowered thresholds, we can look and say, well, we think actually might be easier than we thought to break ECC-256.
The Google, Dan Bonae, Justin Drake paper was pretty notable in that they didn't actually publish the circuit.
They published a ZK proof of the circuit because they didn't want to tip their hand to some black hat.
So I can go into much more detail, but that's at a high level what the papers are all about.
Let's talk about that last piece for a minute.
So they didn't publish the circuit.
Instead, they published a ZK proof that they had the ability to improve these algorithms in the way that they were stating.
Because this is kind of both methods are an improvement, a software improvement, basically, ensures algorithm,
the ability to potentially attack and break ECC-256.
Do you think that this is a mark of these types of breakthroughs,
no longer being public.
There's something to the fact that this was a secret such that they couldn't tell people
how they actually did it or else they would inform black hat or adversaries or maybe nation states
outside of the United States.
Have we also entered an era where some of these breakthroughs may not be so public?
I mean, there's almost like if we want to get tinfoil hats on, right?
There's like kind of like, if we know about this, what about like what might we not know that nation states with, you know,
cryptographers are actually executing on?
Run with that.
Like, what do you think it means that they didn't actually publish the algorithms and how they did this?
Yeah, I like to compare this to the race for, you know, a nuclear fission device, aka an atomic bomb, right?
So what happened was in 1938 or 1939, someone theoretically proved the,
efficient was possible with uranium isotopes. For the next year or so, all these physicists started
self-censoring because they didn't want to tip off their colleagues in Germany that were also
working on the same idea. Then, then Manhattan Project began and there was an official censorship
regime. So then it was a total blackout. We're in the equivalent time. It's the equivalent stakes,
frankly, and we're in the equivalent of 1940, where basically since 2024, since the Google Willow result,
we have known that this was theoretically possible.
There were no new physics discoveries that needed to occur.
Now we're at the point where we just have to do the engineering.
And so you do get scientists that are self-censoring
because they don't want China or North Korea or whomever to get this technology.
And eventually we'll enter a hard censorship regime too.
So then we'll just be in the dark.
But yeah, I think it's actually really, I'm glad they did it, frankly.
I can tell you these papers are published in consultation with the U.S.
government. So NIST and the NSA are fully aware of this and were aware of, you know, well before
the publication of the papers. And so this was done with government approval. But yeah, it doesn't
surprise you that they censored the exact architecture, although it may not actually inhibit that
much progress because they're still demonstrating this is possible. So anybody independently
working on it, that might be enough information for them. I mean, if I was trying to, I would be like,
thank you for informing me that you guys know something.
I am now going to send all of my operatives to try and figure out what that thing is.
And I have names on the paper too, so thanks for that.
Yeah.
Yeah, it might be easier to hack these labs than actually do the physics work yourself.
Right.
This comparison to kind of the fission bomb in 1940, I think I saw Scott Aronson make this
comparison as well.
So it's not just kind of a Nick Carter drawing these parallels, right?
Yeah, I mean, it's similar to that in some respects.
is also similar to the discussion around AI superintelligence,
especially with regards to hard takeoff versus soft takeoff, right?
So that's a huge parallel, which is if it is the case that AI becomes recursively
self-improving really quickly, that's sort of like maybe a very bad outcome.
If it is the case that we do not get any kind of gradual runway lead in to a CRQC
cryptographically relevant quantum computer, if it's the case that,
it's more of a jump, a sudden break, that's also a very bad outcome.
So what we're arguing about here, actually the crux of the debate is, what is the first derivative,
actually even the second derivative, look like of growth here?
If it's abrupt, then we're in huge trouble.
And one thing they said in the paper, and the Google paper, is we think it's going to be abrupt.
And why did they say that they think it's going to be abrupt?
because of the engineering of quantum computers, which is once you sort of solve error correction at scale,
you can just kind of add a bunch of logical qubits or physical qubits effectively.
And there's a net amount of noise reduction in the system.
And you can go very quickly from a computer that can break five or 10 bits to 256 bits.
So it scales, I think it's polylog arithmetic, is the scaling model.
So that was actually the thing that I read on Monday or whenever it came out that scared me the most was they are explicitly, and these are the best subject matter experts in the world on their respective fields. Dan Bonae, Justin Drake, and the Google Quantum AI team, Craig Gidney on the Google team, has written the two prior state-of-the-art papers on this for RSA. He's the guy on this. They are saying collectively, we should assume that it will be a thing.
threshold model and that we will not get significant prior notice before a CRQC exists.
We will not get significant prior notice. It'll just happen. So this is the notice. Actually,
this paper is the notice. This is not necessarily anything else. This is a warning shot.
And then the next thing that will happen will be actual real and production attacks in
So this difference between a fast take off or a fast takeoff and a slow takeoff. Or a fast takeoff.
really is kind of this engineering problem of kind of scaling the physical and logical
qubits. And what I was trying to ascertain was, is this an engineering problem like the
engineering problem of fusion, which is, it's always like 10 to 15 years out. We can't seem to
like figure it out and it's still hypothetical, you know, may take many more decades for us to do.
Or is this more like the engineering problem of like scaling up transformer architecture
and AI's, which is kind of a known thing, which is like you just add a whole.
bunch of hardware and compute and you get smarter AI. And it seems to be more maybe in the
AI scaling side than fusion, which is like, it's hypothetical. We may never get quantum computers.
Is that your take? Yeah, it's kind of a little bit like both and then also not like either one.
So like fusion, we sort of need new physics breakthroughs to get to a fusion reaction that
produces energy on that, which is actually kind of similar in some ways to scaling a
up quantum computer so that the amount of net error reduction is negative as opposed to positive
because there's this problem with quantum computers where you put a bunch of qubits together.
It introduces error on net.
But that fusion breakthrough type thing, the Willow Google processor in 2024 demonstrated that,
my opinion.
The way it is not like the AI scaling model is that what the transformer architecture showed us in
I think 2017, was that you can hold some variables fix and scale up some other variables like
the amount of data for pre-training, and you just get a better loss function mathematically out of
that. We don't have that level of certainty yet, where you can hold a bunch of variables fix,
you increase one initial variable, and you get a better output. Well, we don't have that yet
in quantum computing because there's like 30 different variables that you, all these different
levels that you're pulling. And there's also six different major modalities, like types,
like what these things are made of, you know? So the two papers actually exemplify this.
You have superconducting qubits. This is a Google paper. Those are just atoms that are super
cooled to like 0.000 Kelvin, 0.01 Kelvin or whatever. The challenge was scaling that up
is you have to cool these atoms to incredibly,
like literally colder than outer space, right?
So that's why it looks like this big chandelier thing.
All of that is cooling, refrigeration.
And so it's really hard to scale that up
and keep it super cold, right?
The other paper, the Oratomic Caltech paper,
they have a neutral atom modality.
So it's a totally different architecture,
doesn't have the same cooling requirements,
but the clock speed is much slower.
So way slower computation.
And there's like five other modalities.
There's photonics and there's trapped ions.
There's all kinds of stuff.
So for each of these modalities,
this is a different lab or a dozen or so labs working on it.
So what we don't have is this equation
where more X yields more Y because there's so many variables.
These modalities, I'm just kind of beginning to understand it,
but the difference between the Google,
quantum paper and the oratomic paper was a difference in kind of a fast clock versus a slow
clock. That's kind of what you're saying. And some of the implications for, so for the Google
paper, there was like a 20x reduction or improvement ensures algorithm for a fast clock type of
attack. And that would literally mean if you're trying to crack an ECDSA key, it would take like nine
minutes, this would also, they said in the paper, give you the ability to intercept transactions
before they confirm, right? Because you can do it in nine minutes. So if I'm sending Bitcoin,
this is what I took it to mean. If I'm sending Bitcoin from myself to you, Nick, a quantum
computer running this with enough logical and physical qubits could actually intercept that message.
That's the fast attack. The other modality was kind of the slow attack. It would take longer to crack a
key, like a few days maybe to crack a key. You couldn't do that intercept transaction type of maneuver,
but that's another whole path that can be pursued. And you're saying there's even more than these
two paths. There might be like close to half a dozen of these paths, almost like mini transformer
type architectures that could be pursued. Is that somewhat of the picture here? Yeah, that's why quantum
computing is so hard to analyze is it's actually not just one thing. There's so many different
approaches to the problem, and they're actually proliferating. So like the superconducting
cubit thing, that's like what most of the big labs do. That's what Google does. That's what IBM does.
That's what you think of when you think of a quantum computer. But in recent years,
we've discovered better ways to get high fidelity, less noisy cubits, but that, yeah, they
introduce different tradeoffs. So yeah, what you're talking about, the on spend attack is what they
called in the paper, I called a short range attack. This was actually the thing when I read the paper,
I'm like, oh my God, I didn't expect that this would be the case. This whole time I've been
studying quantum computing and its relevance to blockchains, I thought on spend attacks would not
be possible, right? I thought the first attack, and this is based on modeling that Project 11 has done,
for instance, I thought that the first attacks we would see on ECC would take 200 days. So like really,
long-range attacks, or maybe a month, a few weeks at least. I'd never ever seen a result
with a low amount of logical cubits like the Google paper where they're saying, no, this could
be done in nine minutes. So it completely changes the threat model, right? My threat model going
into this was we have to worry about the long-range of taxes and the coins that are published
on the blockchain that we can't unpublished. So the Satoshi coins. But this model now threatens
all transactions.
Because when you spend Bitcoin,
only on Bitcoin, by the way,
not Ethereum or Solana,
when you spend Bitcoin,
you publish your public key to the world
and you give the attacker a window of time
to take the public key,
reverse engineer the private key,
broadcast a different high fee transaction
and steal the coins.
This on spend attack,
this short range attack,
that is basically like an ender
of Bitcoin transactions.
It means that you have to fully transition the whole network into a post-quantum exclusive regime before that computer is built.
Because we have less time than we thought.
It doesn't.
Because draw us for the example of like we're in a post-quantam world.
Bitcoin hasn't made the transition.
And I'm just a normal guy making a normal Bitcoin transaction.
And there's a motivated attacker who's got a quantum computer.
You get yoint.
If you try to send it, your Bitcoin gets going to.
So you can kind of protect your.
from a quantum computer just by practicing good wallet hygiene, right? Like you use one of the newer
types and you don't reuse addresses. So you don't expose your public key. But that becomes irrelevant
in the world of on spend attacks. So the whole system has to be 100% fully post quantum if you
are to protect against short range attacks. Otherwise, you know, even if I'm spending out of a
protected hashed address, I'm still exposed for the 10 minutes.
or 20 minutes it takes for that to confirm.
One other difference worth highlighting between these two papers,
and again, they represent two modalities of quantum
that can each be pursued and probably will be pursued in parallel, right?
So we had the fast clock from Google
and the slow clock from Oratomic.
The fast clock method, the Google method,
they both use Schwarz algorithm,
but the Google method was a 20x reduction in qubits,
I believe from what was perceived before,
the oratomic approach was a 50x reduction
and improvement in the efficiency of Shores algorithm.
So was I reading that correct?
And by the way, I didn't read the oratomic paper.
This is Claude helped me read this, okay?
That's okay.
It was out of my deaf.
Okay, but like that even has a lower threshold
in terms of the amount of logical qubits
required to actually go crack some of our cryptography
Was I reading that correctly?
Yeah, I mean, as someone that is primarily concerned about long-range attacks,
because that's the easier threshold to get to, right?
So I'm worried about what does the first attack look like, and when does that happen, right?
And what does the quantum computer look like that that attack is possible on?
The Oratomic Caltech paper is the more concerning of the two.
Because they, because neutral atom systems, the biggest neutral atom array that exists already is 6,000.
physical qubits, right?
So...
And does that collapse down
with kind of air correction,
like 50 or something,
logical?
Yeah, so it's 6,000...
6,000 physical,
unclear with the exchange rate is logical.
That's like the source of uncertainty.
This or atomic paper doesn't actually talk
about logical at all.
It just says,
ECC could be cracked with between 10K and 26K
physical, physical cubits.
The prior estimate,
estimates we had state of the art was half a million physical cubits, millions of physical cubits.
So this is a vast, fast reduction. And it's with the neutral atom, which in my circles is
considered the most promising approach, actually. Why is this? Because we don't need
refrigeration, like refrigeration, kind of like, you know, zero Kelvin temperatures and such.
Because they're more stable, yeah, and they have a lower noise ratio. So it seems, based on the
or atomic paper, that you're getting a really good exchange rate between physical and logical.
And so you could get to as few, they say as few as 10K physical, which is basically in the kind
range that we're in state of the art today. And I'm not saying this is going to be broken next
week at all, by the way. I know people think I'm an alarmist, but I mean, you just have to read the
papers and then compare them to what exists. It is quite frightening. So to summarize things, as I
understand it and correct me if I'm wrong. We have two attack vectors that we need to account for.
We have the long range attacks, which is all exposed wallets that are exposed as of today. Notably,
the Satoshi coins, but there's also a very large supply of otherwise dormant coins that have some
chunk of them that are very likely to be lost and therefore are not going to move in the face of a
quantum computer. These are the long range attacks. The operator of said computer has infinite
amounts of time to crack these wallets.
And so we just assume that they're going to get cracked.
That's one problem.
That's the long-range problem.
That's going to be the perceived to be the first problem that we run into.
And then there's the short-range attacks is eventually once quantum computers scale up
so incredibly powerful, powerfully, like no one is safe because your address, which you have
to reveal to make a Bitcoin transaction gets revealed.
And then a quantum computer starts racing to crack your private key before your transaction lands.
Is that, these are the complete set of problems?
Is there anything else?
Yeah, I mean, those are some big problems, though.
The big problems, but I just want to make sure that we have them accounted for.
You know what's something that's nice, though, David, some good news?
Is my reading of the Google paper, there was no problem with proof of work.
So I remember a few years ago, there was some speculation that quantum computers could kind of like nerf through like Grover's algorithm could kind of like nerf a Bitcoin mining and hashing.
And that doesn't seem to be a near-term horizon problem.
Yeah, I mean, it is true.
that Grover's is a more efficient way
to search for the pre-image of a hash
but it's only quadratic at best.
So take the square route
Bitcoin mining and you have a slightly
better Bitcoin miner.
No one that has an insanely good
quantum computer would waste it on
Bitcoin mining.
That'd be a terrible misuse of resources.
Okay.
Prove works fine, whatever.
That's good.
So we're down to these
very two low number.
of each respectively very large problems.
I'll also say,
even though it's not the best outcome,
the long-range attacks,
the Satoshi coins,
at least it doesn't break the whole blockchain.
Like, the blockchain still runs.
Then with a short-range attack,
then we start getting into the conversation
of like, oh, is Bitcoin,
I can't even store my value on Bitcoin
if there's a short-range attack all the time, right?
Yeah, I mean, it breaks the core assumption
underpinning Bitcoin,
which is that the person with knowledge
of the key is the owner of the coins.
And that's pretty key, you know.
Okay, so Nick, it's April 2026 right now.
The Google, a paper, two weeks before Google released the paper,
they released the statement saying,
hey, we are accelerating our quantum transition plans
from where I think it was at 2032 to 2029.
So they have moved up their own standard
of when they are transitioning all of their systems
to be post-quantum.
Do you think that that also means
Bitcoin needs to become post-quantum
by that same timeline,
or is Bitcoin on a different timeline?
What timeline do you think Bitcoin is on?
I mean, undoubtedly, it'll be slower.
I think it would be a little embarrassing
if Bitcoin is trailing Google
and Cloudflare has already migrated, by the way.
Probably this internet infrastructure
that we're using right now is post-quantam.
The U.S. government has this
window of 2030, 2035, critical functions by 2030. You know, every CSO on the planet, every bank,
and this is something Bitcoiners say, oh, quantum breaks everything. No, dude. Everyone else is aware of
this and actively mitigating it. Apple is on it. Cloudflare has already done it. Google has set
themselves this incredibly near, that's 2.7 years away for the biggest internet company on the
planet. So I think it would be quite embarrassing if Bitcoin was much later, because we like to think
we're the state of the art cutting edge guys, but we're actually going to be the laggards. So yeah,
and the problem is this transition for Bitcoin is, you know, there's a chain code paper about it.
They said a reasonable time horizon is seven years. And they said, maybe you can rush it and do it in two
years. But there's so many parts of this that are slow. We have to agree that we're going to do it. We
haven't even agreed. We have to pick
some kind of cryptographic
function. We have to determine how
we're going to make the change, and we don't
have any consensus on how changes get made
in Bitcoin anymore. The last three
soft forks all happen in different ways,
different activation pathways.
Then everyone has to
migrate their coins. Every single address
on Bitcoin has to turn over.
Every single one. That's 50
million addresses. They'll take three months
if blocks are full the whole time.
And then you want to give people time,
to migrate before deprecating their old coins, which you don't want to, you know, commit theft,
right? And then we also have to debate and deliberate and decide what we're going to do about
these Satoshi coins that can't migrate. That's a huge debate on its own. That's a fundamental
debate. How long do you think all that would take? Five years, ten years? So, yeah, I mean,
I don't see it happening for Bitcoin before 2030. Can I just add another problem to that list just to make
chart, we're cataloging it or I'm understanding it, which is, it seems like some of the post-quantum
hashing algorithms that Bitcoin might need to adopt are radically less efficient than the
cryptography it's adopting right now. So Justin Drake came on the podcast and said, you know,
like by way of estimate, you have Bitcoin's doing three transactions per second or something.
You know, if we use lattice space or something, that could drop it under, to under one second,
right? Bitcoin transactions per second could be 0.3. And so there's also,
also the challenge of can we actually find performant cryptography for a blockchain-based system?
At least I think that's a problem. Google mentioned it in the paper at least.
Yeah, no, you're right. I mean, the NIST, the government body that standards standardizes things,
they've helpfully provided with us three post-quantum algorithms. There's lattice-based
cryptography. MLDSA is a variant of that. There is hash-based cryptography, which
Bitcoiners like, and I actually think the Ethereum people like as well, as far as I can tell,
because it introduces no additional new assumption. We already trust hashes, right?
So lattices, we don't trust them. We think that probably they're hard to break,
but it's actually the same model as elliptic curves. We don't really have a proof that elliptic
curves can't be reverse engineered. So, but we just trust them because they've been around for
while, lattices are the same. So it's kind of an unknown. Latices are smaller, much smaller,
but much bigger than elliptic curve. Eliptic curve signatures are tiny, like less than 100
bytes. So you're going to deal with a minimum 10x deterioration or increase in signature sizes and
byte terms all the way up to maybe 1,000x. So obviously work is being done on this. But if you use
hash-based signatures like Sphinx, you know, you might be dealing with 100 to a thousand X
additional resource requirements. Of course, if this happens, there would be an offsetting
block size increase. So, because that's not going to be controversial anymore because we're
already changing so much, right? Okay, there wouldn't be another block war, you think, if there was a
block size increase? No, because the fight around what we're going to do with quantum is a much more
contentious thing. If we agree
we're like in a fixed quantum, then it's just
understood that there would be a block size
increase. That's like a
tiny detail. You know,
it's a footnote. But yeah, this
is going to be a problem for actually every blockchain
and it's
a problem for Bitcoin, but
relatively speaking, it's actually more of a problem
for the super high performance blockchains
that are hyper-optimized
around
tiny signatures
and specific variants.
So, I mean, not to like name names, but Solana is going to have to rebuild everything from scratch.
And they've already massively optimized hardware around these signatures,
which they're going to have to rip out and replace.
So if you're a very performant blockchain, it's actually a big problem
because now you have these slow, ugly, clunky signatures.
So the deadline for Bitcoin to get over these hurdles to solve these problems is Q-Day.
Q-Day is defined, loosely defined.
as the day that a quantum computer becomes sufficiently capable
that they can actually do these some of attacks.
But it's not actually a particular day.
There's not a date in the future.
It's a prediction of when Q-Day actually does arrive.
But we do know that there is something out there.
It's going to be called Q-Day,
and it's when these attacks start to, like, come online.
So, Nick, do you have a sort of just predictive deadline,
and just an arbitrary date that you kind of think
it would be in the best interest of Bitcoin
of hitting that date of becoming post-quantum?
Yeah, I mean, we don't know when QDA is, of course.
We do know that it just got a lot closer.
Everyone agrees, everyone.
We don't know when it is.
We can only rely on what these companies
building quantum computers expect,
so their own internal published roadmaps,
so we can look at what they're saying.
So they're saying they expect to get
to a scaled functional quantum computer
for the most part, they all say around the early 2030s.
So if you ask IBM or you ask Google or Microsoft or Continuum or QERA or CyQuonum,
generally late 2020s, early 2030s, but maybe they're biased because they're selling a product
or, you know, they're raising money.
You look at what the U.S. government and frankly most other governments are they're putting
the window in the early 2030s.
Google has now put their death.
line in 2029, which is very aggressive.
So one nuance there, though, is you might want to upgrade long before you think Q-Day
will happen, right?
Because if you're the U.S. government, you know, what China could do is just monitor your
communications, read or store all your encrypted data, and then later decrypt it.
So what you might want to do is just make sure that the encryption that protects that data is post-quanim long before Q-Day comes.
So the U.S. government's saying they want to upgrade between 2030 and 2035 doesn't necessarily mean they think Q-Day is falling in that range.
But if I had to guess, I believe they will revise this forward, actually.
So I think it's going to change to become earlier.
But yeah, to answer your question, based on like my analysis,
analysis and the modeling I've done, which is primitive, you know, I think it'll happen in, you know, between
2030 and 2035 based on extrapolating progress rates because you're looking at two curves,
the declining resource requirement curve and then the increasing hardware curve. So if you plot those,
you get an intersection in the early 2030s. Remind listeners, 2030 is only four years away.
So not a lot of time.
You guys are both talking about Q-Day as if there's an inevitability about that day.
Like, it's going to happen.
Like, quantum computers are going to happen.
There have been some that are pushing back on that.
And so Anatoly founder of Solana, I saw him saying, look, it's still hypothetical.
We haven't really solved that engineering problem of us being able to scale up qubits
in kind of meat space.
And therefore, it's kind of a hypothetical.
The same way AI DOOMers will talk about,
hey, like, what's your P-Doom?
You know, is AI going to kill us all or not?
It's like something that can't really be known at this stage.
What's your reaction to that?
Like, I mean, is there some probability in your mind, Nick,
that, like, quantum computers will never happen
or, like, not in your lifetime?
It could still be decades out.
is like we won't be, we'll find something,
there's some reason on the engineering side
that we won't be able to scale this out in the physical space.
Yeah, that's certainly possible.
That's definitely possible.
The consensus of experts appears to be that it probably will happen,
but of course there might be a fat, you know,
right tail on when it happens.
I mean, Scott Aronson is a guy that I trust on this.
He's a very well-known professor of quantum computing
and other disciplines,
And he says, he's said in recent months, like, it's just an engineering challenge.
There's no, like, sort of like fundamental physics things that need to be discovered.
And that's notable for him, because he's been basically a skeptic of any kind of real world quantum scaling up to this point.
100%.
And he's really dramatically changed his tone in recent events, including reaction to this new paper.
So, yeah, I mean, I think it's certainly possible.
But, you know, why would we as Bitcoiners?
So we're meant to have a pretty paranoid outlook.
right? Why would we want to be extremely lackadaisical about something that every other organization is
preparing for? We look lazy by contrast. If the US government has a mandate that all cryptography
running through its veins be post-quantam, if Google is doing it in Cloudflare, why would Bitcoin,
this software project that defines money as a valid cryptographic signature exclusively,
why would we not transition when everyone else is?
We look terrible.
And something ironic about being paranoid about paranoia.
Like it's self-terminating, whereas as like they are,
Bitcoin culture is paranoid,
and then they are pointing paranoia at people being paranoid about quantum.
Like there's something self-referential about that.
Yeah, there's a conspiratorial tone inherent in Bitcoin culture,
which is unfortunate.
But yeah, I mean, I find it to actually really bizarre.
You know, Bitcoin Core used to be the most paranoid organization on the planet.
You know, they would write their own implementations of, I think they wrote their own
implementation of ECDSA because they didn't trust anyone else.
They didn't want any dependency.
And the whole thing is just architect of this intensely paranoid approach.
Yet when it comes to the whole notion of the, you know, all of the underlying cryptography
being undermined, there is a real less a fair attitude to it. It's very puzzling.
What if you could trade gold, 4x, and global markets with the same tools and speed that you
use for crypto? That's exactly what BitGet TradFi unlocks. After strong beta demand,
including over $100 million in single-day gold trading volume, BitGet Tradify is now live
for all users. Inside of your existing BitGet account, you can trade 79 instruments across
4x, precious metals, indices, and commodities all settled directly in USDT, no platform switching
and no fiatte conversions. This is BitGET's universal exchange vision in action. Crypto and
traditional finance side by side. You get deep liquidity, low slippage, and leverage up to 500x,
letting you apply crypto strategies to macro markets. New to Tradfai? Start with gold. The gold
USD pair is liquid, macro driven, and a familiar natural bridge between crypto and traditional markets.
Try trading gold on BitGET now at bitgett.com.
the link in the show notes. For more information, this is not financial advice. Some exciting news.
We are launching a new podcast to help people figure out the crypto cycle, how to navigate it.
The best crypto cycle investor I know, his name is Michael Nato. He runs the Defi report.
This is the guy that sent me a sell alert before the 1010 price drop happened. His cycle analysis
has been absolutely on point. I've been following him for years. And this year, we started recording
weekly podcast episodes. Each one, we get into his portfolio, what he's holding, the market
structure, entry targets, fair market value of Bitcoin and Ether, and where we are in the cycle,
there's new episodes that are released every Wednesday. They're 30 minutes. They're short. They're
punchy. I think this crypto cycle is harder to navigate than most. So let's do it together.
Go subscribe to this podcast. Search the DeFi report wherever you get your podcast, YouTube,
Apple, Spotify, or find a link in the show notes. There's a new episode waiting for you now.
What's your answer to that same question of why wouldn't they treat this more seriously?
Why are they not more paranoid? Why?
Institutional incentives is my answer.
I've been really wondering about this.
I mean, now I'm at odds with the whole Bitcoin community again, for some reason.
I don't know why this keeps happening.
I think as far as core developers are concerned, they don't want to take responsibility for the protocol.
They don't want to be seen as the leaders.
That has caused them a huge amount of problems, legal harassment.
You know, like right now there's a BIP 110 people that are harassing the core devs.
So the reaction of the core devs is a disclaim responsibility.
say, don't target me, I'm not in control.
I'm not the guy in charge.
The same with Craig Wright, legally harassing the devs.
A lot of them retired or semi-retired in response to this.
Their reaction to the legal threat was to be like,
I am not in control.
I have no responsibility.
So you end up with this enormous power vacuum.
And this is reflected in the lack of updates to Bitcoin.
It's been two changes in the last decade, right?
So the system is now in a state of total stasis with,
People that are influential and they matter, but no one will admit that they have real influence over what gets implemented in Bitcoin.
So that's one issue.
And also there's this, you know, culture of like, well, if you want to change something, do it yourself.
You know, you write the code.
I think it's like an absurd thing.
It's like, really, the only way to contribute to Bitcoin is to write a BIP?
Like, that's a waste of time.
Nobody ever, they wouldn't look at my BIP, right?
so they're incapable of taking feedback from the market.
It's really weird.
Then the incentive of individual holders,
including the largest holders in the world,
is to deny that there's a problem
because they don't want to admit
that there's anything they could undermine Bitcoin.
Because to them, like, Bitcoin is ontologically perfect.
You know, inherently, it's, you know, a perfect money.
There could never be any problem with it.
So they're insulted that someone might say,
hey, this whole thing has a huge tail risk attached to it.
They don't want to convey any weakness to the market,
you know, because a lot of these people's jobs
is to basically sell Bitcoin to third parties.
So I think that's why there's been this reaction.
Something else we heard from Michael Saylor was,
in addition to don't worry about the alarmists
and the fudsters and the panicans,
was this idea that the cure could be worse than the disease.
and so we shouldn't rush anything.
And I've heard this from Bitcoin developers as well.
Just like, hey, we're looking at it now.
Sure, quantum computers could happen at some point in the future.
Maybe they will.
Maybe they won't.
But there's no real need to rush things.
Let's take this slowly.
And look, we're upgrading all of the cryptography here.
Let's make sure we do the right thing before we commit to something.
Yeah, I mean, the cure is not going to be pleasant.
As you guys know, like,
if you've seen the Ethereum's roadmap,
it's not like a fun exercise to go through.
The new signatures are more annoying
and harder to work with than the old signatures.
But I think the assumption inherent
in what Saylor is saying and what others have said is
we will have a very clear notice period
before Q-Day comes.
That's the assumption.
It's, well, you know,
the technology will progress gradually
and we will know
we'll be able to do the extrapolations and we'll know, all right, it's going to hit in 2041 or whatever.
So all we have to do is target that date, but it's not like Y2K, right? Nobody knows the day or the hour,
right? It will just happen one day. So unfortunately, we have to make a decision under conditions of
uncertainty, a very costly decision, right, because it's going to be very hard to do this. But the problem is
this is the crux of it. There is no one with the executive ability in Bick's,
to coordinate this, not like a theorem.
There's a foundation.
There's a guy who makes a decision.
It's not just one guy, of course.
But there's more order in terms of the governance.
In Bitcoin, the governance is deliberately people disclaim responsibility by choice.
If you talk to any individual core developer and I have, they will all say, I'm not in charge.
We're going to let the community decide.
So the whole structure is leaderless, enormously leaderless.
I mean, the thing's running on autopilot.
basically. And so that's the problem. We have something where someone needs to step up to the plate and say,
we have to make this costly decision today. And the system can't accommodate that structurally.
Let's talk about what we actually have to do. Once we get consensus that we have to do something,
what do we actually have to do? So we are at A. We need to be at B by 2030, 2032 sometime around then.
what is actually A to B?
What are the things that we actually need to get done?
Yeah, people keep asking me for my roadmap.
It's like, I don't know, man.
I feel like I can just be the guy that like pulls a fire alarm
and doesn't do anything else.
But if I have to give one,
we need to settle on a signature scheme.
And it could be more than one, actually.
There's no reason why we couldn't have two signature schemes.
So what I think it will actually look like in practice
is a period where you can sign a transaction
with traditional signature plus maybe a hash-based signature or a lattice-based signature,
and those live in parallel for a time. And maybe after X years of that, enough people have
moved over to the new signature scheme, and you can deprecate elliptic curves entirely.
In parallel, we also need to decide what the fate of the Satoshi coins is going to be.
And that's going to be a huge fight, so that's going to take years.
So eventually then you would just turn off the legacy signatures and retain exclusively the new signatures.
I mean, that's like broadly what it's going to have to look like, but it's going to be a mess, of course.
At some level, the technical challenges of upgrading the cryptography are less scary to me than kind of the social issues of what to do with the Satoshi coins.
And let's talk about what that is.
So this is from the Google paper again.
It was nice of them to quantify all this for us, too.
It was a great paper.
I was shocked at how much they knew about our crypto-like systems, right?
This is coming from Google.
It did not expect this level of depth.
Well, I think that's why they brought in Justin.
Yeah, I wonder if that's part of the intel here.
But their numbers were 6.9 million Bitcoin that would be vulnerable to this, which is one-third of all supply.
But of course, those could be transitioned to different addresses.
but there might be 2.3 million Bitcoin that are kind of the Satoshi keys, the loss keys,
the, you know, you cannot be moved.
And I don't know, that's like 10% to 15% of all Bitcoin supply.
And to the question for the Bitcoin community to somehow find consensus is,
what do we do with the Satoshi coins and these lost coins?
They gave four options, the do nothing option, the burn option, which is you just take
the Satoshi coins, you just burn them forever, you make them permanently unspendable.
The do-nothing option is obviously you just wait for the first quantum attack to go get the booty
and they win the treasure. Congratulations. They also had two other approaches, one called an
hourglass where it's kind of like a you just slow down the dormant coins, the slow down the speed
at which they can be sent, you just avoid the quick confiscation. And then they had another approach
they called bad side chain. This is like you take the Satoshi supply, you put
it in some pegged side chain, and then if an owner shows up later, they can prove ownership
somehow cryptographically and unlock their coins. So these were the four options. Which of those
is best to you? Are there more than those four options? How do you think this gets resolved?
Yeah, I mean, I think this is actually the question. Like, I think basically in a few months
from now, everybody in Bitcoin is going to agree with me and we'll all understand that there's
important. We need to transition to PQ. So I think that'll happen.
But this is the thing that'll be outstanding is like the immensely tricky question of like,
how do you save Bitcoin from this without undermining Bitcoin's core values?
Because you would be.
If you burn the Satoshi coins, we've now arbitrarily changed Bitcoin supply from 21 million to 19.
Something million.
That's an enormous change.
The whole point of Bitcoin is, you know, no one's meddling with the money supply, right?
That's a huge, huge issue.
I think what is likely to happen is that.
I think, you know, once the institutions get involved,
they'll just say, okay, we're burning the coins.
We will only support a fork where the coins are burned.
So that will canonically become Bitcoin.
Wow.
Okay, so what would that look like?
You say the institutions coming together.
So I'm imagining like Brian Armstrong this morning tweeted,
hey, this is something we're going to have to look into.
I'm personally looking into this.
He was talking about the quantum issue.
We had Michael Saylor on earlier.
He didn't really have a comment on this piece other than,
And it's kind of like, you know, fud,
but I'm sure BlackRock will have a perspective.
I'm sure all of the major exchanges will have a perspective.
CZ yesterday tweeted out, well, one thing we could do is maybe just burn the supply.
He just threw that out as a floater on Twitter.
What does that practically look like when you say the institutions will all come together
and likely want to like burn this supply?
Yeah, I mean, it's really unprecedented times truly.
But I think you'll have, I think it'll happen, actually.
And I don't have any private knowledge of conversations.
behind the scenes. But my guess is that the 10, 15, 20 most important custodians Bitcoin on the
planet will sign a letter saying, we will only honor a fork where the Stochi coins are burned,
period. That will be BTC, Bitcoin, Tigger Bitcoin, that will be Bitcoin. The other thing
will be something else. And you can go buy that one, but we're not going to support it. It's
not going to be on exchange. The ETF, the thing that the ETF holds is going to be this new
Bitcoin thing. That's going to canonically be Bitcoin. Is that the institution is kind of just
like strong arming the whole rest of the ecosystem? Well, someone's going to have to do it.
Someone, you know, these times call for a dictator. I'm sorry. Like, we can't have this like passive,
oh, I'm not in charge. Maybe he's in charge. No, I'm not in charge. Like, that's not going to work,
Right. And I'm not saying, I'm not advocating for this. I'm not saying I want to be the dictator. I'm not telling anyone to do this. I'm just saying I think this is how it's going to play out. Why? Because the incentives line there. That's good for everyone, I suppose, at some level. If you can coordinate, then you have whatever, over 19 million and, you know, everyone gets positive, whatever the opposite of dilution is, positive. Reverse dilution. Yeah. Reverse dilution. Yeah, no, that's a real thing. I mean, yeah, I mean, of course, like,
Of course, you would prefer that there be fewer bitcoins.
But yeah, I mean, this is what people don't understand.
These custodians, exchanges, et cetera, especially custodians, they are fiduciaries.
They have a responsibility for their clients' coins.
And they can't accept a situation where, you know, China or whoever steals 1.7 million
bitcoins and markets sells them.
A situation that's a foreseeable total wipeout loss of value that's catastrophic for these
companies. So they are forced into one of two choices, right? They can delist Bitcoin and not support it.
So they can just end their Bitcoin business completely. Probably that will happen to.
Or they can go to the Bitcoin community and say, hey, look, man, my hands are tied. I can only do
this. So there's only two things they can do. De-list Bitcoin or insist that the coins be burned.
Those are their options.
Do the miners have a role in this, or are they weaker powers here?
Yeah, I mean, the miners are price takers.
You know, they're basically irrelevant today.
In the absence of the Bitcoin community being proactive and coming up with the solution
ahead of institutions strong arming, I actually do feel some level of comfort that it seems
like these institutions will provide a solid backstop of, you know, Q days around the corner.
we haven't come up a solution, therefore, you know, we're in charge here, and we're going to strong
on you guys. It seems like there could at least be space for, you know, Black Rock, Anchorage,
all the custodians to say, to like give space for Bitcoiners to come up with their own organic
solution. But if they don't, then they pull the fire alarm and like, okay, this is what we're doing now.
Yeah, that's what's happening right now. Every single Bitcoin institution on the planet has a
perspective on this already. So they're watching.
and they're waiting and they're hoping that the devs
get under control. But if they don't.
Why is that so bad?
So the burn option, let's say.
So everyone gets reverse diluted.
You know, there's a world where maybe Bitcoin holders
are excited about that.
If you have Bitcoin, you have, you know,
greater percentage of the network after that.
Why is this a bad thing?
What are the cons to this?
The con is that we permanently ruin
the thing that we said we were doing,
which is maintaining an absolutely immaculate supply schedule.
You know, remember the amount of crap
that Ethereum people got for the Dow hack remediation,
where you guys remember, right?
Yeah.
This is like that times a trillion.
Yeah, but it's, this is the self-referential part about that is
Bitcoiners talking to the Ethereum community
and the Ethereum community talking back to the Bitcoiners,
and that was in 2016.
And like, yes, Bitcoiners have elevated
the role of property rights
and the story of Bitcoin's
immaculate conception and the $20,
all the espousing of the cool things about Bitcoin.
And now we're in 2026.
And now we got BlackRock and the ETF.
We got Michael Saylor.
And maybe the market,
the world just doesn't give a fuck
nearly as much as Bitcoiners think that they do.
Like we're in the real world now.
We're out of the imagination.
Like if we go from 21 million units to,
18.5 million units.
Everyone actually has a larger share of the network.
People are profit motivated.
People are pragmatic.
Who cares about the property rights being violated the one time that we had.
The one time.
It's only a one time with like a promise.
A very valid reason.
Like, fuck it.
Like we're doing the thing.
And all the Bitcoin or intellectual masturbation about like for strong property rights
can stay inside of that silo,
but we're in the world of like pragmatism.
Like, I don't see...
I would care.
I would care.
Okay.
Okay.
All right.
I mean, I'm not like falling in on one side of the other, but I think it basically
ruins Bitcoin as this true, you know, true ideological project.
I think it's over at that point.
It's become something that's effectively captured and any feature of the system can
be changed arbitrarily.
So, and it would be the greatest theft in human history.
That would be on our conscience.
You know, it's like me and to Satoshi.
Is it captured in like the, quote, quote, the right direction, which is,
it's not captured in a way that's inflationary to some unaccountable third party.
I guess maybe in a way it is sort of, right?
Because you're benefiting existing holders.
Yeah, it's no different from some socialist, you know, being elected and saying,
we're just going to steal all of Jeff Bezos's wealth.
And like, yeah, okay.
It is different, though, because this assumption, the presumption is that Satoshi
doesn't actually have those coins.
They are Satoshi's coins, no matter what.
or his estate at their estate.
I think Satoshi needs to wake up and say that
in order for that to be valid.
Satoshi's not waking up, though.
Which is why it's okay.
It would be really great if Satoshi came back
right about now.
I think I know who it is and I don't think they are.
But yeah, unfortunately, I think this is how it's going to be
and that'll be the end of the Bitcoin project.
What about this other approach then,
the side chain type approach where you don't confiscate it forever,
You just take that supply, you shove it somewhere else.
And if a holder, if Satoshi comes back and provides the cryptographic proof,
then Satoshi gets coins back.
Yeah, I mean, that's what should happen, actually, in a more legalistic and less
cryptographic way.
So I wrote a short story about this called Trillion Dollar Salvage.
I recommend you guys read it.
I have read it.
It's fantastic.
I feel like I should read it to my kids, a little bedtime story.
I put a lot of work into it.
I think what should actually happen is what happens to shipwrecks.
Like the Titanic is a good example.
The Titanic, there's this legal doctrine called Salwar in Possession,
where one company was granted basically the right to salvage and protect the wreck.
And, you know, they were not granted ownership of it.
So it's like the stuff in there is not theirs, but they're the custodians of it.
So something similar could play out.
And this is actually how a lot of shipwrecks end up.
It's like basically you, as the person doing the salvage, you get a finder's fee, like 10%.
But the, you know, the gold or the doubloons still belongs to whoever the original owner was.
And this can trace over hundreds of years, by the way.
And so what I think should happen is the government should effectively appoint someone or some lab to salvage the coins, hold them in trust
for Satoshi or Satoshi's estate, and the person doing the salvage entity should get 10% or 15% or whatever.
And then if Satoshi does come back, then they can claim their coins. And if not, they get
cheated, I think is the word, and actually the government gets them. So I think that would be a much
more neat solution that does not involve ruining Bitcoin at the protocol level.
So with salvage law, how is it governed international?
in kind of the law of the jungle that we find ourselves in, which is like who gets to make
the rules from an international perspective. Yeah, I mean, this is a very well-established international
law on this actually. So there was this big famous shipwreck that this guy in the 80s found
had $500 million worth of gold from a Spanish ship from 200 years earlier. Spain got all that
gold, actually, because Spain was considered to be the unbroken owner that had not, even though it was
the Empire of Spain, and then it became Spain.
She was like, the Empire found it.
Like, what nationality found it?
This Floridian guy.
Okay.
So an American found it.
Tommy Thompson was his name.
Sounds like a fake name.
Actually, sorry, I might be mixing up two cases, but, yeah, sorry, I'm thinking about
the Neuestres Signora.
This was sunk in 1804.
500 million was recovered in 2007.
Spain declared sovereign immunity.
They said they had an unbroken ownership claim over the
ship and all of that gold went back to Spain. So this is the thing. The courts generally,
they have an extremely high bar for what's considered abandonment. They actually need the owner
to come out and say, I have abandoned this. And no one ever says that. So unless Satoshi says that,
the new owner, I don't think would get everything. If I recall in your story, it was like the
ones who were able to salvage it, it was actually like US domiciled. So it was a US-based company.
and ultimately kind of the U.S. government got it.
And I can see the scenario you're talking about
with international law working among allies, right?
And then your scenario, by the way,
had a nice happy ending, I think, right?
Which was U.S. government.
Kind of dark in a way, but...
Yeah, yeah.
The U.S. government got a portion of it.
Bitcoin kind of like dipped in price for a time.
Then everyone realized, oh, the U.S. government has it
and there's the strategic Bitcoin Reserve
and, you know, things resumed on the ascent.
However, what happens if an adversary
you know, gets it.
So what we're talking about is not necessarily kind of Western Alliance type companies.
I mean, Russia could crack the Q-Day stuff or it could be China or something.
And are they going to respect salvage laws?
Isn't this like an international race, I guess?
And it's more akin to kind of the law of the jungle unless the U.S. unilaterally is able to marshal
the tech to make this happen?
Yeah, I mean, hell, you know, Europe may not like honor our laws after what we've done
of them recently.
Right.
Yeah, I mean, in the story, actually, the reason the government authorizes the theft
is because they know that China is just right around the corner.
And this is actually what's happening in the quantum race in the real world.
You know, we are racing against China to get it the same way we're racing for AGI.
So quantum is much more important than just Bitcoin, of course.
It's the ability to spy on your enemies completely, you know, with impunity.
and the ability to make these amazing breakthroughs
and physics and material science and chemistry and stuff.
So we are actively racing them.
They're spending tens of billions of dollars a year on this stuff.
Do you know who's spending more, us or them?
It's about the same, but it's mostly private sector in the U.S.
and it's mostly public sector in China.
Sure, sure.
So there's a race, and does China, like, really care about Bitcoin?
I don't think so.
I think they actually dislike Bitcoin.
So people always say to me, like, well,
who would rationally steal the Bitcoin,
they won't be able to sell it.
China doesn't care about that.
They might just want to embarrass us,
you know, if Bitcoin is perceived
to be a very American thing.
So you can't trust that the first entity
who gets a quantum computer
is altruistic or benevolent.
So, you know, if they get there first,
we're in trouble.
So let's say that at the end of all of this,
the Bitcoin, the Satoshi coins,
all the dormant coins,
the ones that are exploitable by a quantum computer,
they do get exploited,
and they either end up inside of the Bitcoin Strategic Reserve in America
or they end up getting markets sold by China.
Add those two properties together,
what is the total probability of either of these two outcomes happening?
My modal outcome is that we freeze the coins.
So I think it would actually be pretty unlikely that we don't,
but I mean, I'm totally guessing.
Your modal outcome is the institutions come together and they opt for the burn option.
I don't think the Bitcoinists will do that spontaneously.
This will cause a fork.
We get freeze and burn.
This will cause a fork.
There will be some Bitcoin classic out there.
Well, no or not.
Yeah, but nobody will support it, right?
Right.
It'll be worth it.
It will be a fork, but it will be like, you'll support it, Nick.
You'll be out there.
Like, I supported Ethereum Classic.
It didn't go well for me.
You might ideologically support Ethereum Classic.
but you're going to also hold the Bitcoins
that are having the market value,
which is going to be the other one.
It's okay.
Yeah, I'll go with Ticker Bitcoin, ticker BTC,
whatever that is, you know.
You said at the beginning of the episode, Nick,
that Ethereum, you saw the EF is positioning things better.
It's funny because on the Ethereum side,
I think it's a past time to complain about the EF
where it has become so lately.
I've seen that, yeah.
All right, what are you seeing from the outside
that Ethereum is doing right,
and maybe the EF is doing right on this issue?
Whenever I talk to anyone in the theorem, they're like,
oh, Ethereum is so messed up.
Like, they're making a sign this woke pledge to, like,
be trans or something.
I don't know what it is.
Like, it's completely indecipherable from where I said, by the way.
But I did see a very cool website called pqetherium.org or whatever.
And the fact that Justin is on this paper is also quite telling.
I mean, it's in night and day.
You know, Ethereum is basically,
in Bitcoin, it's just me
worrying about this and like a half
dozen other people. In Ethereum,
it's already been decided. The transition
is going to occur. So I mean, it's just
and the roadmap is, it's like
I was reading the blog on the
PQ Ethereum side. I'm like, I could have written this.
Like, I completely agree with every
word written on here.
And I think, you know, Ethereum is also
beneficiary in the sense that
it has not gone for this relentless
optimization route. So like some of
the high bandwidths or high throughput
blockchains have because they're going to suffer from this, as I said. The transition is more
complex for Ethereum though. It's multi-layered. As you know, it's not just the address layer. It's
also, you know, the consensus layer and the roller player. I think the push towards account
abstraction is actually really helpful though. That means it's easier to kind of like hot swap out
underlying algorithms whilst, you know, having one address that's consistent. So
Yeah, I was very impressed by the roadmap.
I hope you guys can do it by 2029.
I mean, it's going to be very painful because we're still standardizing these
cryptographic functions.
We haven't picked the good ones yet.
So that's the hardest part is you want to rush, but you also want to wait for the
functions to get better.
Nick, there's kind of a final question, I think, to wrap all this up.
And it's sort of the question of like, does Bitcoin, do you think Bitcoin survives this?
And I want you to put maybe your investor cap on, right?
I've heard Ray Dalio talking about Bitcoin whenever he's asked.
He's like, I prefer gold because it can't be hacked.
Part of what he might mean is kind of quantum hacked.
Do you think Bitcoin survives this?
And what's like the investment case, right?
Is there a case in your investor mind to just like maybe not be bullish on crypto until
there's demonstrated capability that our chains will upgrade to quantum?
Like maybe you hedge to gold for a period of time.
until this is resolved.
Round this out for us and tell us what you think this means for investors.
Yeah, I mean, I'm all in on crypto,
to save my career, my fund, everything, you know.
So I'm not a panic into the core.
I have the confidence we'll be able to surmount this.
And I think it's actually very helpful that Ethereum has shown
what a roadmap looks like.
I think at the, as EFBTC rallies,
that's like a dagger into the heart of the Bitcoin process trusters.
And eventually Bitcoin will come around.
purely through price signals. It'll have to happen. And, you know, the scary thing is
what has to happen in Bitcoin is unprecedented. It basically will be commandeered by corporate
interests, I think. So I think Bitcoin can and will survive, but it'll be changed in the process
and it won't be the same way it was before. You know, the ideology will probably have to be
compromised. But yeah, you know, as an investor, this is the number one question I get now from, you know,
big investors.
And I think it is ultimately an opportunity for blockchain to show that, yeah, we can be
very rigid and anti-fragile and not change very much, but also we can adapt when it, you know,
is necessary.
We've seen that, you know, Ethereum and to a lesser degree salon are willing to adapt.
We haven't seen the willingness from Bitcoin.
It is the thing that has, you know, scared long time Bitcoin is the most for sure.
You know, a lot of the people I talk to you, their face.
is being shaken. But luckily, there's still time to react. So I hope that the, you know,
the devs come around. Well, thanks for sending the smoke signals, Nick, and for your tireless work,
you know, fighting for this issue. We appreciate you stopping by. Yeah, thanks, guys. Bankless Nation,
got to let you know, of course, crypto is risky. You could lose what you put in, hopefully not to a
quantum computer. We are headed west. This is the frontier. It's not for everyone, but we're glad
you're with us on the bankless journey. Thanks a lot.