The Wolf Of All Streets - They Can Hack Your Bitcoin - Unless You Do This Now! | David Carvalho, Naoris
Episode Date: May 25, 2025I sat down with David Carvalho, founder of Naoris Protocol, to talk about one of the biggest threats to crypto and the internet itself – quantum computing. If quantum machines arrive sooner than exp...ected, everything from Bitcoin to your bank account could be at risk. We explore how post-quantum infrastructure is being built right now to secure the future of blockchain, finance, and even national security. David Carvalho: https://x.com/katanationcyber Naoris protocol: https://x.com/NaorisProtocol ►► JOIN THE FREE WOLF DEN NEWSLETTER, DELIVERED EVERY WEEKDAY! 👉https://thewolfden.substack.com/ ►► Arch Public Unleash algorithmic trading. Discover how algorithms used by hedge-funds are now accessible to traders looking for unparalleled insights and opportunities! 👉https://archpublic.com/ ►►TRADING ALPHA READY TO TRADE LIKE THE PROS? THE BEST TRADERS IN CRYPTO ARE RELYING ON THESE INDICATORS TO MAKE TRADES. Use code '10OFF' for a 10% discount. 👉https://tradingalpha.io/?via=scottmelker Follow Scott Melker: Twitter: https://x.com/scottmelker Web: https://www.thewolfofallstreets.io Spotify: https://spoti.fi/30N5FDe Apple podcast: https://apple.co/3FASB2c #Bitcoin #Crypto #Naoris0:00 Intro 1:02 Quantum Threat Explained 3:43 Postquantum Infrastructure Basics 6:25 Wallets and Security Layers 8:57 Retrofitting Ethereum and Bitcoin 11:31 336 Million Threats Stopped 14:20 How Fast Quantum Is Coming 17:18 Redefining Trust in Web3 20:14 Can Bitcoin Survive Quantum? 23:27 Nation-State Quantum Race 25:29 Naoris Token Launch 27:49 Final Thoughts The views and opinions expressed here are solely my own and should in no way be interpreted as financial advice. This video was created for entertainment. Every investment and trading move involves risk. You should conduct your own research when making a decision. I am not a financial advisor. Nothing contained in this video constitutes or shall be construed as an offering of financial instruments or as investment advice or recommendations of an investment strategy or whether or not to "Buy," "Sell," or "Hold" an investment.
Transcript
Discussion (0)
62 million post quantum transactions processed, 2.1 million wallets onboarded.
We are an infrastructure that uses post quantum fingerprints.
A post quantum fingerprint.
How can we have a post quantum fingerprint when we don't yet have quantum computing?
You're not going to be running Need for Speed on a quantum computer anytime soon.
822,000 security nodes deployed.
I'm not going to mention their names, but...
Mention them. Come on.
Well, it would be the biggest geopolitical upset ever.
This one got me.
336 million plus threats mitigated.
Quantum computing is coming and it is a threat to everything.
It sounds hyperbolic, but it's actually true.
What happens in a world where quantum computers can literally hack
every system in existence,
be it Bitcoin, the Department of Defense, the nuclear codes, your banks, or literally
anything else.
This is a problem that needs to be solved.
Luckily, we have amazing people like David Carvalho, the founder of Nailr's protocol,
who are fixing this now, and they are building infrastructure that's already quantum resistant and that will be able
to be used to retrofit existing systems to make sure that they are quantum resistant as well.
This is an exceptionally important conversation that you must listen to. One of the biggest fears in crypto that's been discussed for years and years and years
is what happens when we get quantum computing.
Everybody's wondering, will the Bitcoin network be hacked?
Will the hidden Bitcoin come back? Well, you describe yourself at Neorus as the world's first to centralize
post-quantum infrastructure.
Perhaps you can start by telling us what that means.
Yeah, that's good.
I mean, obviously quantum computing won't ask provisions before it arrives.
So a post-quantum infrastructure, we call it the sub-zero layer.
So in blockchain, you have a number of layers.
So you have layer three, layer two, layer one, layer zero.
But we target the sub-zero layer, which is really the infrastructure itself.
So all blockchains, they're not running from the atmosphere.
They're running from servers somewhere in the cloud, and validators running from people's houses,
and home servers, and different things.
And these are all single points of failure.
So these are centralized things.
Even though they serve the chain, they are not the chain.
So this is the part that is outside of the cryptography
that we use for transactions and things like that on a chain.
So that's where we sit.
We are an infrastructure that uses post-quantum fingerprints
to prove that everything in a centralized way,
from a centralized consensus perspective,
is actually in the right state.
So we can prove state for centralized systems
of any kind backed by these post-quantum fingerprints that
are highly resilient
cryptographic principles to validate if something is actually trusted or not, or it's following
some sort of principle or not that you want it to follow for it to give you some sort
of service, including blockchain services.
A post quantum fingerprint.
How can we have a post quantum fingerprint when we don't yet have quantum computing?
Yeah, that's a fun one. So post-quantum
or quantum safe or quantum ready or quantum resistant are all the same things. And this
actually applies to cryptography. So we do have quantum chips. So for example, Google sells them,
Microsoft sells them, you have quantum chips. Well, obviously we have quantum computing,
but it's very specific. Like you're not going to be running Need for Speed on a quantum computer
anytime soon, but you're going to or running a wallet there. But they are excellent calculators.
They can do calculations that would take a septillion years with all the computing
partners right now. They can do it in a millisecond
or something like that.
So unfortunately, all cryptography we have is vulnerable to this.
It's so scary.
Which is what they're good at.
So post-quantum cryptography is really what we use to be resilient to these chips.
So there has been a huge competition
from a number of environments.
You've probably heard of NIST,
the National Institute for Standards and Technology in the US.
So they define standards for cryptography
for everything that matters in the world,
for banking, for defense, for government technology,
critical infrastructure, you name it, right?
That are used in everything from
signal to just normal encryption.
And there has been a competition running for the last six years on post-quantum cryptography.
We have been working with one of the winners, let's say, there for a while, embedding their
algorithm into our chain and also working
with the IEEE Foundation, which is the biggest engineering group in the world. And we ended up
creating a paper together towards bringing post-quantum into blockchains. So the idea
initially was to use these for kind of like defense environments, the hardest defense places
in the world. And that's some of the people that we actually were since the beginning, had the idea with
myself, including the former chief of intelligence of the whole of NATO, to bring these into
those environments.
And because we wanted to do that from a decentralized perspective, we had to do that in a web-free
context. We're talking about cryptography that makes the cryptographic proof of something be extremely
resilient.
Let's say, imagine I take a fingerprint of yours and I use it as a two-factor authentication
for something.
Right now, that would be enveloped, let's say, in traditional cryptography. Okay, elliptic curve-based cryptography.
What we're talking about is,
which is obviously vulnerable to quantum computers and quantum chips.
So these post-quantum cryptographic principles
are actually defined as such because
they have been tested pretty much at the infinity against cyber threats,
mathematical threats,
and also existing quantum chip threats in an exponential way, extrapolated, and they
have resisted those.
Those are the ones that we're using for blockchain transactions, for validations of state of
wallets, for example, under consensus.
For example, if something tempers with your wallet, you are not allowed to make a transaction
because that is part of a decentralized consensus
that is very resilient because it has this post quantum
fingerprint.
In other words, the only way for you to break that
is not only to attack this wallet,
you will have to attack every wallet.
Break the consensus, which is a post quantum level.
So you would probably need quantum computers that are orders of magnitude better than what
exists right now.
So you're obviously, you said a sub zero, layer sub zero, it is its own chain, correct?
It's its own chain.
So it operates at infrastructure level, and which is the stuff that supports the chain
itself, its infrastructure, can't escape that.
It decentralizes that.
And then it operates as a metal layer otherwise.
So we can use this kind of like wrapping at layer 2s, layer 1 level and integrate with
them as well without any hard works.
Right.
So in Bitcoin, in Ethereum, Solana, all of the popular chains that we know now, can they
be retrofitted to be quantum resistant?
Can they in some way become
post quantum ready? And is that something they would utilize your technology for or
would they just rather, you know, anyone who wants to be quantum resistant use Neorus and
start from the base layer?
That's the whole point. I mean, you know, to tell the truth, that is the whole point. To tell the truth, that is the whole point from a Web3 perspective.
Obviously, the idea of the creation of this was to decentralize networks in a very resilient
environment. So this works for any infrastructure. It doesn't matter if it's a nuclear power station
or a nuclear environment or a wallet ecosystem or whatever, or a node-validated ecosystem for Web 3. But the objective here was exactly that, was so that other chains can focus on the things
that they focus on, which is having their own consensus and having more speed and more
scalability while we take care of the other side of the dilemma, which is security.
Both from an infrastructure perspective, in a decentralized way, which is security, right? And both from an infrastructure perspective in a decentralized way,
which right now all chains run on centralized things, which is the
Achilles heel of everything.
If you look at hacks on exchanges.
Yeah, like Amazon Web Services and Google Cloud and all these things.
I mean, we've seen Cloudflare goes down and, you know, the biggest social
media platforms in the world go down.
The wallets go down.
Everything goes down.
Yeah.
It's a collection of tons of failure. Not very much decentralized, unfortunately.
Exactly. So our objective is to make them all decentralized, right? So make them adopt DPE in
a very resilient way, prove that everything is at a trusted stake as it operates, so on, and add to
the resiliency of the whole thing. But from a transaction perspective also, for example,
one of the biggest risks to any chain a transaction perspective also, for example,
one of the biggest risks to any chain right now, say Ethereum or Solana, as you're saying,
from a cryptographic perspective, and again, this is not infrastructure, this is cryptography,
is a quantum risk.
Maybe in one year, two years, three years, God knows, there's going to be a global risk
in the quantum computer would be breaking all cryptography at the same time everywhere.
In other words, it would probably be able to derive all the private keys that are possible
to exist in a certain memory space.
That's not scary at all.
It means that consensus wouldn't matter.
It means that once transactions are actually done, we've actually wrote a paper about
this with a couple of universities,
they could be actually snatched up
because they have already been signed by the executor.
So you're the smart contract owner,
the wallet owner, you sign the transaction,
you push it out.
These transactions, because it's already been approved
by you, could then be double spent,
could be reissued again.
And because it's already signed, that can just change
maybe the destination and the amount, and it's going to be validated. So in other words,
it would tamper with consensus mechanisms without needing gas costs, which is really scary.
So it's about dealing with that without needing for other blockchains to go and
that without needing for other blockchains to go and hard fork and repeat all transactions since the beginning of time.
Can you imagine that for DeFi and stuff like that, it would be something else.
Yeah.
So, as I read through here, your testnet January 31st, 2025, I just happened to pull up a bunch
of your metrics if you don't mind. 62 million post-quantum transactions processed, 2.1 million wallets onboarded, 822,000 security nodes deployed.
This one got me. 336 million plus threats mitigated. How does Neorus achieve 336 million threats
mitigated with a blockchain? Because you don't usually, when you think about security
and things, you don't necessarily think about it
at a sub-zero blockchain level.
Right, you think about it as like a Norton antivirus
or something, right?
I go, yeah, yeah, yeah, exactly.
But we have done that in two months.
So basically this is actually the first situation
where you have had a Web 3 infrastructure break through the web 3 bubble
and go into the web 2 and make it web 3. This is literally what's happening. So this is one of more
than 30 use cases, but this one is one that we made available. This is kind of like a hive mind
of intelligence sharing use case that was actually part of one of our former NATO mandates,
that we made basically an add-on for the browser, that's a node, and you go to Chrome, you download this add-on,
and as you visit the internet, what it does is it looks at the code of the web pages you're in,
and it checks if there's malicious scripts that are de-anonymizing you or stealing your credit card data or distributing malware to you or phishing related and that it blacklists that and shares that with
every other nodeholder. So this normally would be a centralized operation. In this case,
it's completely autonomous and everybody acts as a node. So they all can be validators or broadcasters.
This is just one use case.
That's probably an infinity of use cases
where you want to create trust over something digital.
And that's the case.
So if you go to, for example, the Block Explorer,
you will see, and if you click a transaction,
you will see, for example, five pages long hashes,
which are post-plantam hashes.
If you've never seen one, I advise you to go there and see one,
compared to the little micro hash that you would see normally.
And these are basically validated on a ZK environment by post-quantum validators.
So very trusted environment that then validates that critical bit of the transaction
and then sends the answer back to the layer one or whatever. In this case, it's using our chain. It's a EVM-based chain,
custom PBFT. But looking at the threats mitigated, they're absolutely right. Of course, it's a
different kind of thing. But if we compare, for example, these with, I'm not going to mention
their names, but- Mention them, come, but everybody knows their names that are worth
like $200-$100 billion in more that have taken decades to get to a fraction of these a month.
So we are currently the biggest decentralized security infrastructure ever and the fastest
growing by far.
And this is, by the way, we're calling it the test net, but it's
really, it's, it's only for structure already.
We're just going to migrate these to main net and that's it.
Um, yeah, it's just a mirror of something we're doing on a, on a
private setting with countries before.
So let's assume that the quantum threat becomes real.
I don't know what the timeline is.
I've heard everything from one to a hundred years.
Hopefully, but I doubt it very much.
I would say every year it looks like it's 50% closer.
Yeah, that makes sense.
But you can always step 50% closer to a wall without ever getting there, right?
But hopefully, hopefully for all of us.
But if not, you know, the Irish protocol is here
and it's ready for it.
So assuming that happens, which it will eventually,
quantum computing, as you said, quantum chips,
it's coming, what does web three look like
with post-quantum infrastructure?
Like what happens to existing blockchains
that don't retrofit?
And what
does it actually look like for the ones who do and for those who are using, you know,
a native chain like Neorus in that environment?
Well, just like everything else. And again, this is not the problem only of blockchains.
This is a problem of all cryptography. Blockchain just happens to use similar cryptography than
anything else. In many cases, much weaker because the strength is at the consensus level.
Right.
What would happen?
It would mean that you wouldn't be the owner of your own wallet.
It would mean that your private keys all over yours.
It would mean that probably whatever value was locked into that chain was not
secured anymore because there's a difference between value locked and value secured.
Right.
And it'd just be chaos to say the least, just like it would be for the rest of the world.
As soon as Q day comes, quote, quote, well, it would be the biggest geopolitical upset ever.
Yeah. I've always kind of joked. I'm like, yes, maybe Bitcoin would be at risk,
but so would the nuclear codes and the Department of Defense and every bank account in the world. So Bitcoin might not be the first thing that they attack, but it's still a
huge problem. Absolutely. I mean, if you look at like, okay, let's talk about like native web 3
with real world application situations, which are going to be more and more and more and more.
Doesn't matter if they're layer 0s, layer 1s, layer 2s, or DeFi, or Dops, or whatever, right?
they're layer zeros, layer ones, layer twos, or DeFi, or Dops, or whatever. Right?
Like we need to have a proven, demonstrated, very high level, kind of
like nation-state ready because the adversary might be a nation-state.
Um, the backbone for this.
So we of course view web three as the future backbone of digital infrastructure
in general, like if you look at like what Google and Microsoft are talking about, like Web4, like it's going to be decentralized, fully trusted, always on online quantum-based
internet, right? That's kind of like what they're saying. You need to have this kind of like backbone
of trust in a decentralized way, otherwise you're just pretty much extending the same problems we
have now into an environment
that would be or this magnitude more complex.
Right.
So our objective is to ensure that blockchains are ready for whatever comes next and that
this doesn't happen to them.
And so how does all this redefine sort of the idea of trust in decentralized systems?
Because we always talk about crypto and DeFi being trustless,
but it seems like in a quantum environment, that's not necessarily the case.
No, I think that's absolutely true. And I want to make a parallel between what you said and reality
because blockchain, what you're saying, it's absolutely true. Yes, it's trustless, or it can
also have private change, but it's more good.
However, the issue is you can trust the transactions and the cryptography.
When quantum comes in, all of that goes out the window.
You need another level of trust that doesn't exist right now.
You need a completely new paradigm of trust.
And that trust needs to be ready for the future.
And the future is quantum.
We have basically reached the limit of what we can miniaturize CPUs and GPUs and transistors.
We have reached the atomic limit, or very close to it.
So there's no doubt that the future is going to be quantum.
But then there is the other side, which is the trust over the infrastructure that supports
it. If your baseline is not trusted, which currently is the trust over the infrastructure that supports it.
If your baseline is not trusted, which currently is the case, then you gave some examples for everything.
It's not just blockchains. Of course, blockchains still run on centralized systems.
You need to ensure that that trust is not only quantum resilient so that you can have,
I'm going to say you can trust whatever is being told to you as truth, if that makes sense.
You want to prove that.
Otherwise you're not going to make good decisions.
So we believe this is the only direction and so do all the critical
environments we're connected to.
And I speak to a lot, we speak to a lot of the national states that have like
2030, 2040 plans, if you look at the 2030, 2040 plans of countries,
it's all about trust, like trust of the AI and trust of the infrastructure and this and that.
I'm not sure if they know what that means, but as part of those plans, Quantum is also part of that
and they really understand the risks. Actually, this came initially from kind of like a defense
nation-state infrastructure objective, maybe six years ago, I would say,
that now is maturing.
As you know, most new technologies appeared on the military sphere, and then they slowly
get adopted and go into regulatory pressures and so on.
I think that's what we're seeing.
People are quite aware of the quantum risk because blockchain is a cryptographic space.
But in our context,
we focus on the two sides. So we focus on the cryptographic space, which is important,
but you cannot have trust over the cryptographic space without trust over the infrastructure space.
And right now, we don't have trust over whatever you're seeing.
So we need to level up that and decentralize what is basically the last frontier
of blockchains, which is proper infrastructure, cloud, like decentralizing the truth and the
trust around it so that you can make good decisions.
So I have to ask you, slightly a different direction, but Bitcoin itself, this has been
the concern for so many people, Is Bitcoin at risk with quantum computing?
And can something like this also add security to the Bitcoin network?
Well, I know this is not the real percentage, but yes, a million percent, of course.
It couldn't be more at risk because it's one thing, it's one day to the other.
It's like the consensus mechanism makes no sense anymore at that point. Transactions can be
tampered with by an adversary that is not even part of the consensus, and the cryptography that's
backed with the whole infrastructure crumbles. That means that you cannot trust anything there.
Yes, there needs to be a move, there needs to be a migration. If that's a hard fork, or if that's
some kind of adaptation to actually deal with the entering problems,
which are more focused on transactions, not so much on the privates because privates are
private, but transactions are public.
Those are much more risky.
Those I think they should be post-quantum first.
The risk is massive. The opportunity for Bitcoin and Bitcoinists and Bitcoin lovers to join the conversation
is now, honestly, because there is a massive race by nation states to achieve this, not
only but mainly.
Because what you hear is Google, is Microsoft, but really, if you look at, for example, China
expenditure just on this area, they spent
more on quantum technologies than they spent on their nuclear program last year.
So that tells you what strategic that is for them, right?
Both to protect themselves and as I would imagine, as effectively spending on your military.
If you can attack someone with quantum, it takes the whole cybersecurity and cyber attack
and cyber war to an exponential level.
I mean, see, even what North Korea is doing
just with hacking in crypto,
imagine that with quantum computing.
Yeah, and they have done that basically
without any resources.
And of course, quantum computing and quantum cryptography
and things like that around this are an engineering problem. So it's not theoretical, like it's happened.
If you throw enough bodies, enough good people at it, you're going to solve it.
Just like most technologies, it's a dual-use technology. You can use it for defense,
you can use it for attack, and they are very, very aware of that. And I don't think we
would know for probably a while that Q-Day would be around, because the adversary would have all
the objectives would be for them to be quiet. Like they don't want to make noise. They want to
stay a little bit here, a little bit there. It looks like they're going to be busy.
I'm going to get a breaking press release that North Korea has the ability to attack all of our cyber systems, right?
They're just going to attack all of our cyber systems.
We've seen that.
But from a quantum perspective.
So definitely something of focus, I think, in the industry, there has been a lot of conversation
around that.
Even Vitalik was talking about that.
We need some kind of post-quantum fork or something.
I don't know how that would work on Ethereum, honestly.
Sounds complicated to redo all the transactions since the beginning of time,
especially when you add in all the interoperability with the flyets.
Yeah, layer 2s, the EVM.
Yeah, I mean, it's crazy.
Yeah.
So we just found a way to do that.
That's not hard, especially for EVM environments.
I'm talking like 48 hours maybe for integration.
And we're very excited to bring this to Web3,
even though this was initially a Web3 native,
but with objectives of dealing more
with like defense environments,
but infrastructure is infrastructure, doesn't matter.
Yeah, I mean, that's it.
You use this technology to solve a lot of problems and it doesn't have. Yeah. I mean, that's it.
You use this technology to solve a lot of problems and it doesn't have to be problems
in Web 3, right?
We've seen blockchain can be used to fix a lot of traditional problems.
It doesn't mean that it has to be some DAP or blockchain that is retail ready for that
to happen.
But yours kind of crosses the boundary.
I want to ask then, we mentioned all these statistics on Testnet. When is mainnet? And I assume that then that means that there will be
a token that drives this entire thing. Yeah, totally. So to an extent, this is already a
part of the mainnet because our mainnet is an infrastructure-driven mainnet. We get our own
consensus mechanism, our own cryptographic standard. So it was pretty hard. And we're very happy that this didn't fall over.
That was our biggest risk, because with keys
that are orders of magnitude harder to process than existing,
that's something that we were worried about.
And this is also driving some AI principles
that we call swarm AI.
They mainly focus on security, but we figured that they could
they could work for other areas as well but this is going to be driven by a token the the Nauris
token we have actually just started actually KYC for the public sale today so we'll have our TGE
our oh sorry our public sale on the 20th.
And we have an ever-growing community.
We're very excited about this.
We were expecting to have numbers that you're seeing.
We had a 40k community at the time.
It was nice, but it was an order of magnitude less
than it was two months later.
We expected this to be, I don't know, two zeros less,
but obviously people are interested in this, which is very exciting for us. And we can only
say good things about our community. They've been excellent, very excited about the future and,
you know, to integrate with pretty much everybody out there. We want to help everybody.
I find this both inspiring and exciting and terrifying at the same time.
If you or somebody else doesn't get it right, we're in big trouble.
Yes, I agree with that.
It's obviously a best effort.
I've been very fortunate.
We have been backed by people that were in charge of like tens of billions of dollars projects even for the internet and for countries and so on.
They believe we're on the right track. The same with the academic institutions we have published papers with.
So, you know, if I had to go back and maybe redo some stuff, I don't think I would. I think this is the right place, the right time.
All right. Well, I think we'll all be pulling for you
so that we don't live in a dystopian Mad Max future
of quantum computing and cybersecurity threats.
So I am glad that you're here and that you're figuring all this out.
And it should be noted the level of people
that you're working with to do this, as you mentioned.
I mean, this isn't just some fly-by-night crypto project.
I mean, you're talking about NATO and nation states
and huge backing, I know, from Tim Draper and others
and who have thrown a lot of money at solving this problem.
I think we're just in the beginning.
This is a fundamental technology
problem. So it's going to affect AI, it's going to affect computing in general, it's going to affect
everything that is operational digital. The thing about quantum that's kind of interesting,
just to finish, is that for you to be secure in the future, it's almost like... Do you remember
like the Schwarzenegger movies, the Terminator movies
where you've come to the past to protect the future?
It's kind of like that.
Because your keys are being harvested right now.
Like your transactions, your...
That's encrypted right now with normal encryption.
It's being harvested.
It's called Harvest Now Decrypt Later.
It's a big thing that's very popular with most countries that have some cyber commands.
And what they do is they keep these data on storage.
And as soon as they have the capability to decrypt it, they will.
Right.
So the only way for you to protect your future data that's under these keys in
the future is to be post-quantum now.
future data that's under these keys in the future is to be post quantum now. So you can see the connection there with a batch force negative would have something
to say about that.
Yeah.
I refer to Skynet every time I start thinking about AI and quantum, so it's the perfect
analogy.
Yeah, I agree.
Well, David, this is really enlightening. Thank you. It's the perfect analogy. Yeah, I agree.
Well, David, this is really enlightening.
Thank you, I really appreciate your time
and looking forward to seeing everything that you built.
Yeah, and looking forward as well
to continue to integrate with the Web3 community.
And any questions that you guys have about NARS protocol
and just come into our socials, we have the Ortoa website,
we have a huge knowledge base.
Come and read our white papers, peer-reviewed papers.
Geek out with us, that's what we like.
And again, Scott, really, really appreciate that.
I appreciate my having the opportunity
to geek out with you for 30 minutes, thank you.
Excellent.
My job is to geek out with smart people,
so that's, I'm used to this.
Lucky man.
Thanks so much, man. I appreciate it.
Yes. All the best. Bye.