Quantum computing is often talked about in crypto as a distant risk, something for the industry to worry about “someday.” But for Christopher Smith, CEO of Quantus, that mindset is already da
Quantum computing is often talked about in crypto as a distant risk, something for the industry to worry about “someday.” But for Christopher Smith, CEO of Quantus, that mindset is already dangerously out of date. He believes the biggest mistake the crypto world makes is treating quantum threats as a narrow wallet-security problem, when in reality the stakes go much further than stolen keys.
In this interview, Smith breaks down why he thinks the real danger is systemic, touching everything from Bitcoin’s long-term exposure to stablecoins, bridges, privacy tools, and even investor confidence. He also explains why blockchain may be far harder to upgrade for the quantum era than traditional finance or centralized web systems. His message is blunt: the industry is not just facing a technical problem, but a coordination problem, and time may be running out faster than most people think.
This is really a situation where you have to run faster than the bear, not just your friends. Even if you can make your wallet quantum-secure, that doesn’t make the price quantum-secure. If you don’t re-use Bitcoin addresses, you are reasonably quantum-secure, but if the Chinese government gets Satoshi’s coins, the market will puke its lungs out.
The starting gun was really Google’s Willow chip at the end of 2024. Before that, it was quite reasonable to think that quantum computing might literally be impossible because of some yet-undiscovered principle. Willow proved that quantum error correction is possible.
After that, quantum computing went from “maybe possible if we get a miracle” to “definitely possible with enough engineering resources”.
Then this year, there were two major reports, one from Google and one from Oratomic, that dramatically shrank the resource estimates for cracking Bitcoin keys by orders of magnitude. The Google paper was software improvements, and the Oratomic paper was hardware, so the problem is being tackled from both sides.
People trying to forecast this stuff need to understand that technological development is inherently non-linear and stochastic. If you wait until someone can crack a 128-bit key, it’s probably too late to migrate millions of addresses.
I think it’s great that institutions are talking about this now. My only complaint is that they assert that the risk is years away, which they can’t really know. In particular, the relevance of quantum computing to cybersecurity and, therefore, national security means that the public is likely not going to be fully informed about the state of the art. For all we know, the US Gov already has one, and they are warning everyone to upgrade because they think China will get one soon.
Signal Messenger, iMessage, and CloudFlare are all already post-quantum. Their users didn’t have to do anything for that to happen because these are more or less centralized systems. The same thing generally applies to banking systems. They have lots of legacy layers, which presents its own difficulties, but fundamentally, there is a CEO who can say “we’re doing this” and then the engineers build it, then flip a switch and all their customers upgrade in a day. Users don’t manage their own keys.
In blockchains, it’s different. “Not your keys, not your coins”. So now, even if the developers manage to decide and update the cryptography, users have to take an action that they may not understand. They may not even be able to do it if the keys are lost or the user is dead.
So the technical piece is not really the bottleneck for blockchains. It’s the social layer of coordination and migration.
Well, when Google announced their quantum chip “Willow,” the crypto market overreacted as it always does, but it correctly identified that Bitcoin is vulnerable, but some chains like QRL are not. You can see this because QRL’s price spiked that day while Bitcoin’s dipped.
Some investors like Charles Edwards have argued that the recent underperformance of Bitcoin is in part due to institutions and whales pricing in the quantum threat.
So the thing to watch for is this: when new reports about quantum progress come out, which coins go up and which coins go down?
There’s an old saying in computer science, “premature optimization is the root of all evil”. Engineers sometimes get stuck in small details and miss the bigger picture. There is no greater failure mode for a blockchain than the digital signatures being insecure. You might as well just go back to using a bank or passing around gold coins or something.
So security is the most important thing. Performance is secondary. “Correct, fast, beautiful. In that order”. And blockchains will take a performance hit when they go post-quantum, if they do so in a naive way. That’s why we introduced the term “QTPS” as in “Quantum Transactions Per Second”. People naturally rank blockchains based on their maximum TPS, but Solana did a post-quantum pilot, and their TPS dropped by 90%, so the performance hit is real. On the other hand, a higher QTPS doesn’t matter if you don’t have any users.
Yeah, there are three relationships there. The post-quantum signatures and keys take up a lot more space, as we mentioned earlier, but privacy techniques also use cryptography, and that cryptography can be either pre-quantum or post-quantum. The post-quantum privacy techniques also tend to have much larger proofs.
And privacy inherently affects scaling. Encrypting anything makes it hard to index, which leads to scaling challenges like wallets having to download every transaction and try to decrypt them to see which ones are relevant. So these things are in a natural tension with each other, but good engineering is all about tradeoffs. You can do anything, but it will always cost you something.
I think the knowledge is fairly well circulated at this point that zk is not automatically post-quantum, but one thing I think people often miss is the particular failure mode, which is different from standard digital signatures. A quantum attacker in a pre-quantum zk system can make fake proofs that look real. The attacker can’t pull back real proofs and see the hidden inputs.
So, for example, this is why people say Zcash is somewhat quantum secure. The quantum attacker can’t get your private keys from your shielded transactions, but he could make a fake transaction, which would mint unlimited coins.
For a decade, the mantra has been “Bitcoin can’t scale,” and it is partially true. There are real scaling challenges in blockchains, and integrating post-quantum cryptography in a naive way will only make that worse. Bitcoin is already the slowest chain with about 7 TPS, and its QTPS is going to be well below 1 if they don’t raise the blocksize.
But we don’t have to do it in a naive way. We have modern techniques that didn’t exist when Bitcoin was invented. Zero-knowledge cryptography doesn’t just offer privacy; it also compresses computation, which helps with scaling. But it’s quite opinionated as a technology, and it’s notoriously difficult to bolt on as an afterthought. It really needs to be introduced at the beginning to make it work properly.
If I put on my black hat and imagine the worst-case scenario for crypto, it would probably be the following. Suppose North Korea somehow gets its hands on a quantum computer that can crack keys. Now they probably want to make money, but maybe even more than that, they might want to diminish the power of the United States and the dollar, which now has global distribution without banks via stablecoins. So if NK wanted to make sure nobody ever trusted stablecoins again, they might crack the admin key on say USDC. Once they did this, they could, in one transaction, change the keys so no one else has them, freeze all the biggest accounts, mint a quadrillion coins, buy up any major coin available on DEXs, then exit stage left.Now, the really interesting thing here is that stablecoins are different from other tokens. For stablecoins, the blockchain is not the final say on ownership. Circle could call up all the exchanges, issue a new contract, and restore everyone to pre-hack balances. The rest of the ecosystem would be wrecked, though. There is no practical way to roll back ETH or WBTC balances. DeFi would be rekt, and it might take a decade for it to come back.
So that’s just one scenario. It’s not the only one. Another is that quantum might introduce a crisis for Bitcoin that invites various actors to seize control of it. I could imagine BlackRock attempting a hostile takeover by making a post-quantum sanction-friendly fork of Bitcoin and then only honoring that fork in their ETF (they reserve the right to choose the fork in their risk disclosures). So the cryptography matters, and this is a high-stakes game, so expect shenanigans.
In my opinion, the industry has lost its way with gambling. Between leverage and memecoins, the last few years in blockchain have largely been about zero-sum games between insiders and outsiders.
And everyone looks to Bitcoin, which is the slowest. Bitcoin has a strong immune system that resists change, which is great when you’re already perfect, but cryptography has always been an arms race, so “ossifying” around elliptic curves was never going to work, quantum or not.
The worst-case scenario is that a large portion of the capital in crypto simply leaves and doesn’t come back. The total market cap of the space may drop into the hundreds or even tens of billions, and DeFi sort of dies.
Of course, I don’t want that to happen. I’ve spent my whole career in blockchain. That’s why we built Quantus. It’s like Noah’s Ark for the Quantum Flood.
Christopher Smith’s message is that quantum risk in crypto is not a far-off technical theory, but a real structural threat that the industry is still underestimating. In his view, the danger goes beyond exposed private keys and could reshape everything from Bitcoin’s market value to stablecoins, privacy tools, and cross-chain infrastructure. The bigger problem, he argues, is that crypto cannot be fixed with a simple software patch. It will require a major coordinated migration before the quantum era turns from speculation into a market-moving crisis.
