How Real is the Quantum Threat?

Alex Thorn

Head of Firmwide Research

Galaxy

Alex is Managing Director and Head of Firmwide Research at Galaxy, the leading digital assets and data center development firm. At Galaxy, Alex leads a team that produces institutional grade research on bitcoin, crypto, and artificial intelligence. Prior to joining Galaxy, Alex co-managed Avon Ventures, the crypto VC firm affiliated with Fidelity Investments. Before that, Alex was Director of Blockchain Research at Fidelity Center for Applied Technology.

Brandon Black

Brandon Black

Principal

Rearden Code

Long time self custody engineer, focused on making bitcoin better money for everyone.

James O'Beirne

Former Core dev: assumeutxo, OP_VAULT, CTV

Hunter Beast

Senior Protocol Engineer

Anduro

Hunter Beast

Senior Protocol Engineer

Anduro

Author of BIP 360, a proposal to make Bitcoin more quantum-resistant, Senior Protocol Engineer for the Anduro sidechain platform incubated by MARA. CTO for BitVault, a time-delay multisig wallet designed to help resist physical attacks.

Alex Pruden

Alex Pruden

Co-Founder & CEO

Project Eleven

Alex Pruden is the Co-Founder & CEO of Project Eleven, an applied lab of builders and technologists at the intersection of quantum computing and cryptography to harden digital assets and build the financial rails in the post-quantum era.

Alex is a former U.S. Army Green Beret who transitioned from military service to a career in blockchain and cryptocurrency after witnessing the profound challenges in conflict zones like Iraq, Afghanistan, and Syria. After earning an MBA from Stanford, he began his decade-long career in the industry at GGV Capital, Coinbase, and Andreessen Horowitz before joining Aleo as the first employee and scaling the organization as CEO to pioneer the first permissionless, privacy-preserving smart contract blockchain powered by zero-knowledge proofs.

Session
Overview

////////////////////

This panel examined whether quantum computing poses a credible threat to Bitcoin’s cryptography, focusing on the risk that a cryptographically relevant quantum computer running Shor’s algorithm could derive private keys from exposed public keys. The discussion highlighted sharp disagreement over timelines and evidence, with some panelists arguing the threat remains speculative and others warning that even a low-probability existential risk deserves preparation.

The conversation covered proposed mitigations including BIP 360, post-quantum cryptography research, the limits of current signature schemes, and the trade-offs involved in dedicating scarce Bitcoin engineering resources to quantum readiness. Speakers also discussed how fear around quantum computing could create openings for weak products, trust-based wallet schemes, or competing blockchain narratives.

A major point of debate was what to do about exposed or dormant coins, including early P2PK outputs associated with Satoshi-era Bitcoin. Panelists broadly cautioned against protocol changes that would freeze, seize, or burn coins, emphasizing Bitcoin’s property rights guarantees while recognizing that the community remains divided on how to handle potentially vulnerable dormant coins in a post-quantum scenario.

Transcript

All right, Vegas, thanks for the third of you that stayed for this panel. I'm Alex Thorn from Galaxy. I've got Brandon Black, James O'Beirne, Hunter Beast, and Alex Pruden. This is the talk of the town. Like Greg said, this is a big topic. A lot of people are asking a lot of things about it. I hear about it from our institutional counterparties: what's the deal with quantum?

We're going to get into the urgency. We're going to talk about possible solutions and mitigations, and then we're going to talk about what to do with coins and exposed addresses, such as Satoshi's coins. Before we do that, I'm going to start with Alex Pruden from Project Eleven. You have raised a lot of the discussion about this in public. Can you give the audience a quick overview of what the potential problem is, and what quantum might do to Bitcoin if it becomes real?

Yeah, thanks. First of all, I don't want to take credit for raising this as a discussion topic. Hunter has done a lot of work over the last year, as well as Pierre-Luc and a lot of other folks in the community.

Quantum computers are a type of computer based on the principles of quantum mechanics that can perform some problems more efficiently than a classical computer could. One of those problems is something called the elliptic curve discrete logarithm problem, which is the basis for the public key cryptography that we use in Bitcoin.

Very quickly, what does that mean? As the name implies, in a public key cryptosystem, the public key is meant to be public, and you should not be able to recover the private key from just knowing the public key. The private key is used to sign messages. A quantum computer running Shor's algorithm enables you to do just that.

What is the impact on Bitcoin? It enables me to go the wrong way down the one-way road. If I have a public key in my possession, I can recover the corresponding private key and then sign a message to appear to be the one that owns the private key. Practically, it breaks the concept of ownership that public key cryptography in Bitcoin is meant to ensure.

That's a good overview. Brandon, do you want to offer any differences in the way you would characterize it?

I think that's the right answer. Yes, it breaks the cryptography. It can reverse the elliptic curve discrete log. The only thing I would add is that this is if we can build a quantum computer that can run the algorithm, which has not yet been demonstrated.

How close are we, in your mind, to building one?

I think, based on the evidence, not very close at all, if it is even possible, given things like we do not really know how long we can entangle qubits. We have not passed qubits through circuits of depth anything resembling what would actually execute Shor's algorithm. Every demonstration cited as evidence toward cryptographically relevant quantum computers is either sleight of hand or an outright hoax, as in the case of what we saw from Alex's organization recently, where a precomputing step is done by a classical computer, then encoded into the quantum circuit and used as fodder to say, well, we are making such great progress and we have cracked 16-bit. In actuality, doing something like that in the classical context is fairly trivial. Dressing it up with quantum window dressing is a meaningless gesture.

James, I appreciate you giving me the opportunity to talk about Project Eleven's quantum-powered random number generator, but in all seriousness, I appreciate the opportunity to address that. I think there is consensus at this point that the prize you are referring to is not evidence of progress toward a cryptographically relevant quantum computer.

A skeptic like you cites the absence of this progress as a reason to not believe this is possible. But if you look at the literature, specifically Google's paper that came out in the last couple of months or Atom Computing's paper, these are leading academics in the field of quantum physics who have been working on error correction. The reason why the prize contestant is not able to do anything interesting is because they do not have error-corrected quantum computers.

I do not think it is right to say there has been no progress on quantum computing. There has actually been demonstrated error correction, including Google's 2024 paper below threshold. The question is, if it is not the Q-Day prize, then what is the right benchmark that would convince a skeptic like you? The reason I think this is important is because we do not want to throw away cryptography that is securing trillions of dollars and has for years. At the same time, there is a risk that a cryptographically relevant quantum computer can be built, and I think that risk is potentially existential to Bitcoin.

If you are quantum experts, why did you market that demo as a break of ECDSA on the basis of a quantum computer? Shouldn't you know enough to know that it was not actually anything of the sort?

I want to make this panel about quantum, so I want to let the moderator, Alex, drive it. We can debate whether or not we have the authority to talk about it, but I want to make sure the value for this audience is to learn about this topic.

Maybe to get back on topic, can you tell the audience how many qubits and how many gates are necessary to run Shor's algorithm?

It depends on the specific paper and resource estimate you are looking at. If you take the Google paper, I believe they cite 70 million Toffoli gates. We are cited in that paper; our work is in there. There is a space-time trade-off, and it depends on how you plan to build this quantum computer.

This is something for the audience to keep in mind: there are multiple tech trees to building these systems. You have superconducting computers, which is what IBM and Google basically give you an interface to use. But the next generation of computers that have the potential to be very efficient cryptographically, or have the potential to break the cryptography underlying Bitcoin, use different approaches. I do not think it is right to say that just because one approach fails, all the others will too.

Let's give Hunter a chance to get in here. Hunter, also one of the authors of BIP 360, what is your perspective on this part of the conversation?

I think we need to do our best to seek truth here and be intellectually honest. The intellectually honest answer is that there is no hard evidence that would definitively disprove or prove the threat yet. In this time of uncertainty, we need to fall back on first principles, and we need to do the work to build the tools. We need to convince people with proof and evidence that the threat could maybe be imminent.

Also, I am not sure if that is the right question to be asking. One of the most depressing things I think about is whether we are going to be coming back here year after year, having done nothing to address the concern, and just keep bickering about this and doing nothing productive. In a way, that is its own grift. If quantum computers really are impossible, we could come back here in five years or ten years and build a whole career just bickering over this.

I would like to put the FUD to rest and do the work. It is an engineering problem. Present evidence and strategies, and give people the opportunity to change their minds based on new input. I do not think people in the Bitcoin community are particularly unreasonable or intransigent, as people like to think. I think we have gotten this far based on evidence and reason, not ideology and coercion.

We can, and I know we will, and maybe we will do it for the next five Bitcoin conferences, debate the urgency of the problem. But if we grant that it could be possible, let's say even a 1% chance, I want to talk a little bit about work being done as mitigations or solutions, work that could be done, and the difficulty of enacting something on the Bitcoin protocol. Hunter, BIP 360 is one of the more reviewed and more advanced BIPs proposed as a mitigating solution. Would you give a high-level overview of the proposal?

Yes. BIP 360, not to be confused with BIP 361, is a very different BIP. BIP 360 exists essentially as an opt-in new output type in Bitcoin. An output type is kind of similar to an address for the plebs. This allows us to have a first step for wallet optionality on how you wish to spend your coins.

You might commit to a path that lets you spend them with elliptic curve cryptography as it currently exists. It will also allow you to maybe spend with post-quantum cryptography at some future date, and commit to a script path in your wallet before that is even active on mainnet. We might even combine that with elliptic curve cryptography so there is no reduction in security assumptions from what we currently understand is safe.

We need to be very rigorous and conservative in solving this problem. I think we should, at a bare minimum, activate BIP 54, the great consensus cleanup. That is very uncontroversial. We need to do that. It protects us against a number of other threats. We also need to activate BIP 360. Maybe not any other post-quantum BIP, but BIP 360 and BIP 54 are both very solid, uncontroversial, conservative approaches to solving this problem.

Another thing we have been working on for BIP 360, to hopefully bridge the gap and divide among Bitcoiners around a lot of the things we are talking about, is making BIP 360 compatible with another proposal. That takes a lot of engineering effort, but we have been doing it. I know there are some Bitcoin skeptics out there. These people have enough shared common values with us. We should focus on the fact that Bitcoin is a direct challenge to nation-state monetary sovereignty, and we need to remember our mission to separate money from state.

I was just going to say, I think it is hard to separate the urgency of the problem from the potential solution. There are a lot of aspects here at risk. BIP 360, among other things, helps mitigate a potential risk of public key reuse or exposure. But there is obviously a world in which if a quantum computer is coming sooner, then there needs to be more aggressive action to mitigate it. This brings it back to: what is the right benchmark? How do we know?

Today, Scott Aaronson, a noted quantum researcher on the Coinbase advisory panel, published a blog post and said, this is your warning: a quantum computer may arrive by the time this decade is out. He said it as definitively as he could because he does not want to be blamed for not doing enough.

To your framing, Alex, if there is even a 1% chance, we should proactively move forward and address this problem from top to bottom, so that the quantum topic is not viewed as FUD. I do not think it is right to frame it as FUD. I think this is about mitigating one of the most existential risks to Bitcoin.

The shortcoming to that framing is that there are many risks to Bitcoin, and there is a finite amount of engineering effort that we have to distribute over those risks.

What is a more existential risk than this?

Scaling. Scaling is existential. If we cannot scale, centralization will make Bitcoin completely fail. Also, the parameters around supply distribution. If you scare institutional investors and whip everybody into a frenzy because they are reminded that they do not actually understand the cryptographic bedrock, and they are in doubt and delaying their adoption of Bitcoin, then by the time the security spend on Bitcoin has been reduced by twice and then again eight years from now, we may be in a very uncomfortable position in terms of net security spend on mining.

There is no way that anything I could say could threaten the cryptographic bedrock of Bitcoin. That is the point of it being a bedrock. But a quantum computer might threaten that.

We need to talk really seriously about what the threat from a quantum computer is. The reality is that most people's UTXOs are safe forever because a quantum computer, even if it is invented, is going to be expensive for a long time. If it costs $50,000 to break a public key into a private key, every UTXO worth less than $50,000 is safe forever. We cannot panic about this. The fact that it can break a public key does not mean every public key can get broken.

It really depends. It depends what the evidence shows. It depends which kind of quantum computer we have out there. If it is a neutral atom computer, it will never give us a fast attack. It will never break a key faster than a week or so on a neutral atom system, but what about superconducting? We really have to look at the evidence of what is happening on real quantum computers. Of course, as James said, the evidence today is that no real quantum computer has ever run Shor's algorithm. It does not make sense to take any action beyond BIP 360, which is good for other reasons, on-chain today.

The question is how do you know we will get that evidence? Craig Gidney, a noted Google cryptanalyst, was nice enough to take time out of his Saturday to flame me this weekend. I asked him this question. I said, if this is not it, then what is the benchmark? He said he did not have a good answer. There is not a good benchmark. The Google paper itself says that when we get to the point where we can factor a 32-bit number, it is over.

This is the risk here. These post-quantum cryptographic migrations have to be handled with care. They should not be rushed. That is exactly why I think, even if there is a 1% chance, we need to be conservative and act in the best interest of Bitcoin, which I think is proactively addressing this threat.

I think it is also important to point out that if we do not come up with a good, evidence-based, comprehensive solution that essentially puts the FUD to rest, that opens the door for fraudsters and grifters to capitalize on that fear and sell solutions based on trust-me-bro cryptography.

We just saw a wallet here at this conference called Castle with IQ, and their whole thing is: we have a black box that generates a really great secret key for you, trust me, use our private key that we will give you in your wallet. There is no secure way in my mind that you can do that without it essentially being custodial in a different form. As the fear and temperature around this argument continue to build, that leaves the door open for fraudsters and grifters to sell us broken solutions and capitalize on that.

I would add that it is also alternate cryptocurrencies. They may have much more centralized development ecosystems, foundations, or for-profit companies supporting them, and they are likely to roll out their own solutions. I think Solana just announced their quantum roadmap. Ethereum has been talking about it. In the halls of the investment world, that might benefit them at the expense of Bitcoin if there is not something coherent.

Ironically, the Ethereum plan is so complex that I wonder if it might take them as long as it did to implement the merge to proof of stake. It took them seven years from the announcement of Casper to the merge. I am thinking they are going to overshoot this. I am not confident they are going to nail it in time.

In Bitcoin, our cryptographic situation is orders of magnitude simpler. The governance I am not as worried about. I think people will change their minds if they are presented with good reasons to take action.

One thing we should all be honest about is that there are tons of new cryptographic primitives being developed regularly for Bitcoin that are post-quantum. I like to talk about it as post-secp256k1. That is the current cryptography we use for Bitcoin. Even if a quantum computer never happens, which I think it never will, that cryptography will break someday. Of course the Bitcoin community is actively, day in and day out, researching new cryptosystems. We will activate new cryptography for Bitcoin when it is suitable. As of right now, there is not a suitable alternative to secp256k1. But when there is, we will activate it. It does not matter whether it is for quantum or just because we should have a backup system. While we are talking about quantum here, Bitcoin is always researching and moving forward and will be ready for these things.

You are saying there could even be risk that the current cryptography becomes vulnerable for a classical reason. It is battle-tested now, but in that case there will be more others. If we think about post-quantum cryptography specifically, one of the big issues is that the current schemes have very large signatures. I have seen them come down already, but they are still quite large. Bitcoin block space is scarce.

Would the panel agree that if people are working on better post-quantum cryptography, whether or not we actually add it to Bitcoin yet, but it is sitting in the repo, reviewed, and has eyes on it, that is beneficial to have? It is not rolling our own crypto. It has been around. Would that solve some of the fears? Then we hit the threshold.

I think what you said is absolutely reasonable. We do not want to throw the time-tested algorithm that we have in the bin for nothing. We do not want to grab something off the shelf, stick it in Bitcoin, and then it breaks classically. That would be the stupidest thing to do.

There are a lot of different post-quantum schemes out there. Some are well-studied, or based on well-studied assumptions. Some are not. Some are performant, some are not. Bitcoin should look at all of these, and that is exactly what is happening. One of the things I have been amazed by in the last year is that there have been a ton of researchers on the open source stage presenting their work, and that is amazing. People should continue to do that.

There are inevitably going to be trade-offs. But as Brandon pointed out, Bitcoin can never rely on the security of one cryptosystem forever. Even if you do not believe a quantum computer is going to happen, which I do think it might, and I think it will happen, and I think that is the consensus of physicists out there, at the end of the day, you need to be ready to be agile in the face of future threats.

There are a few caveats. It is obviously good if we come up with new cryptosystems that have different assumptions and are predicated on things like SHA-256. But there are caveats. One is, what is that coming at the expense of? What could we have been working on that we were not working on? Two, the really important thing to do in this situation is challenge the premise of the argument.

I think cryptographically relevant quantum computers are science fiction at this point, and that needs to be underwritten rigorously. If we spend a bunch of time and devote really smart people to coming up with new hash-based schemes, we are underwriting the concern and messaging to the world that this is something we are worried about. In reality, I think there are much bigger fish to fry, and quantum is fan fiction.

No one on this panel is a quantum physicist. Not me, not you, not any of us. But there are many prominent quantum physicists, including Scott Aaronson, who would argue strongly against your claim that it is science fiction.

There have been prominent scientists who were wrong before.

Sure, but that does not mean this is apples to apples. You can look at the testable predictions of quantum computing and error correction, which people predicted and theorized and then ultimately experimentally demonstrated as progress. I do not think it is right to say that pseudoscientific claims are equivalent to actual demonstration in the lab.

One thing I want to make clear is that I do not think we should trust the experts in this regard, either for or against. I do not think academia is particularly well suited for answering questions on the frontier of what we know and do not know. Unfortunately, for better or worse, since 1973, Nature has mandated peer review. Although peer review is nice, it creates a perverse incentive to be deliberately conservative in what can be proven.

For some kind of break on this level, we really cannot know if the capability could exist today and we are just not being told. The two biggest players in quantum computers are the NSA and the PLA. These are nation-state-level actors. We need to take nation-state-level threats seriously.

That said, am I saying we should be irresponsible and not be rigorous? Of course not. But we need to question every assumption, including the assumption that we even need a quantum computer to enact an attack on this level. There are possibly ways where we do not necessarily need unbounded precision if we can come up with an approximate solution for keys of sufficient length.

This has been very exciting. We do not have too much more time, but I want to get into one of the big questions people ask about. Alex, you referenced the bare public key coins. Project Eleven has a good website on this, the risk list, which shows basically all the exposed public keys that have been exposed in a variety of ways, whether they are public outputs or there was a double spend somewhere in history, so you can see the public key.

The question is whether your public key is sitting there visible to be run through such an attack by a cryptographically relevant quantum computer running Shor's algorithm. The two categories are coins in P2PK addresses, which is a deprecated address format that Satoshi and most early miners and bitcoiners used, and then any other key that has been previously used, so address reuse. An exchange deposit address that they do not cycle every time, or if you posted your address on your wedding website and said, in lieu of flowers and gifts, please send Bitcoin, which I did in 2016. It was not that effective.

That is about seven million or eight million coins currently, right?

Yeah, about 35%. I think it is 6.9 million.

So 35% of the total supply is exposed. But the vast majority of those are reused coins, potentially with people who are here now who could upgrade.

I really like the Bitcoin risk list work. But I also want to make sure people are aware of Wicked Smart Bitcoin's work on quantifying that problem as well. He pointed out recently that seven million sounds like a big number, but it is actually a lot lower in practice because the vast majority of those coins have been moved within the last year. The real number at risk of dormant coins or lost coins, including Satoshi's, would be more like 2.66 million.

Let's focus on those coins. I am going to cut right to the chase. People ask what to do with Satoshi's coins. Bitcoiners could do nothing. Or, on the far end of the spectrum, you could hard fork and seize them or burn them. There are some ideas in the middle. What would you do, Brandon?

I would just leave the coins alone. If a quantum computer can start stealing people's coins and we have not migrated, it is Bitcoin's ownership. Bitcoin is a protocol, and the protocol depends on signatures. Whoever can produce a valid signature can spend the coins. It would be controversial to the point of fracturing the Bitcoin community and creating lots of drama if we said we are going to break that premise, that whoever produces the signature can move the coins.

That is predicated on us getting BIP 360 and some additional cryptographic assumption in before a quantum computer really starts attacking, which I think is very likely because the timeline for quantum futures is very long.

So you are saying a little bit of mitigation work, and then do not violate the property rights, and let the chips fall where they may. What about you, James?

I will keep it simple and short. If you undermine the property rights guarantees of Bitcoin, we are cooked. It was pointless. Leave them alone.

We have to be really careful here because, as you both correctly pointed out, something as drastic as BIP 361 would be a very egregious violation of the private property promise. That is also understood to be the social contract of Bitcoin: we do not necessarily support or promote activation of protocol changes that unilaterally prevent people from spending their coins.

That said, it is also important to understand these different positions and perspectives and make sure we are doing things based on the right principles. Obviously burning those coins permanently just because we want number to go up is a bad idea all around. I will also point out that every author of BIP 361 does not support their own BIP, which was an informational BIP.

The idea was to ban spending to the P2PK addresses after a period of time, then ban them spending after a period of time, effectively freezing them.

On the other side, the liquidation argument, we have to be careful about why we want to support liquidation. If we want liquidation for number to go down so we can buy people's stolen property at a discount, that is also probably not a good reason.

That is an interesting framing of the do-nothing argument. Alex, what is your answer?

My answer is that I do not have a strong opinion. I think there are good arguments for and against. If anything, I would advocate not focusing on this issue in particular as much as focusing on a solution for the contingency that a post-quantum period exists, and taking care of the folks who are still using Bitcoin and thinking about Bitcoin into the future.

I will point out two things. One is that there are quantum computing companies out there that are absolutely looking at Satoshi's coins as part of their go-to-market. I saw Greg Maxwell posted this on Reddit, saying he was aware of quantum computing companies specifically raising money for the purpose of attacking Satoshi's coins. That is true.

The other fact is that this is the question the community is really split on. The last survey I remember was last summer. Presidio did a post-quantum Bitcoin thing, and they surveyed everyone there. It was a 50/50 split: freeze or do not freeze. This is going to be a hard issue. But I do not think we should focus on it. I think we should focus on doing what we can to secure the Bitcoin network for everyone alive today.

We have 15 seconds left. I am going to ask the question in the title of the panel: how real is the quantum threat, Brandon?

Not at all.

James?

Bitcoin may be the most geopolitically potent technology that any of us will be privy to in a long time. In terms of potential, we have to be cognizant that there will be attacks. When the government shows up and tells me they are here to help and they are retiring my scheme, I am a bit wary. Quantum is not a threat. Do the research.

Hunter?

I do not think we should focus too much on whether the threat is real or not. I think we should refuse to answer the question. We need to do the work to build the solutions to make sure that, based on evidence and truth, we decide whether we should make changes to mitigate the FUD.

Alex?

I do not want to roll the dice and bet my Bitcoin and my family's Bitcoin on the chance that those guys are wrong. We can do something.

Thank you everyone: Alex Pruden, Hunter Beast, James O'Beirne, and Brandon Black. I'm Alex Thorn. Thank you.

Similar
Sessions

////////////////////

10:00 am

Mon

Monday, April 27

10:00 am

10:30 am

(30 mins)

Lessons in Security From Those in The Know

Genesis Stage

Justine Bone

Crypto CISO, Principal Software Engineer

Executive Director

Crypto ISAC

Justine Bone

Executive Director

Crypto ISAC

Justine Bone is Executive Director of Crypto ISAC, where she leads collective defense and intelligence collaboration across the global crypto ecosystem. She brings a career spanning Bloomberg, Dow Jones, and multiple security startups, along with board service across the cybersecurity sector. Her background includes enterprise security, offensive security research, and executive leadership at the intersection of cybersecurity, resilience, and risk management.

Garret Kelly

Robinhood

Garret Kelly

Crypto CISO, Principal Software Engineer

Robinhood

Garret began his time at Robinhood on the custody team, later moving to provide technical leadership for the security organization as a whole. In his current role he serves as CISO for Robinhood's crypto business. He loves HSMs and multi-party computation. His favorite number is secp256k1's base point.

Erik Kellogg

CISO

BinanceUS

Erik Kellogg

CISO

BinanceUS

Erik Kellogg is Chief Information Security Officer at Binance.US, where he leads cybersecurity, cyber risk, and security compliance for a U.S.-regulated digital asset platform securing billions in customer assets. A veteran security executive with more than 25 years of experience, Erik has built and matured cybersecurity programs across fintech, blockchain, and global enterprise environments.

Previously, he served as a principal leader within Palo Alto Networks’ Unit 42, advising organizations on cyber risk, resilience, and incident response. Erik brings deep expertise in digital asset security, threat detection and response, and operating security at scale in high-risk, adversarial environments.

Alex Pruden

Alex Pruden

Co-Founder & CEO

Project Eleven

Lessons in Security From Those in The Know

Monday, April 27

10:00 am

Learn as experts share practical lessons learned from working on the front lines of Bitcoin security. The conversation explores common vulnerabilities, evolving threat models, and the strategies used to safeguard systems and funds.

Speakers/Moderators

Justine Bone

Crypto CISO, Principal Software Engineer

Executive Director

Crypto ISAC

Justine Bone

Executive Director

Crypto ISAC

Garret Kelly

Robinhood

Garret Kelly

Crypto CISO, Principal Software Engineer

Robinhood

Erik Kellogg

CISO

BinanceUS

Erik Kellogg

CISO

BinanceUS

Alex Pruden

Alex Pruden

Co-Founder & CEO

Project Eleven

2:00 pm

Tue

Tuesday, April 28

2:00 pm

2:30 pm

(30 mins)

Understanding the Quantum Attack Vectors

Open Source Stage

Isabel Foxen Duke

Host

Bitcoin Rails

Isabel Foxen Duke

Host

Bitcoin Rails

Isabel Foxen Duke is the Host of Bitcoin Rails—a podcast on X covering up-and-coming “Bitcoin Season II” technologies. She formerly managed communications for both the Ordinals and BRC20 core protocols and is a GP in the Bitcoin-native assets fund, Unbroken Chain.

Since the launch of Ordinals, she's advised protocol teams throughout the Bitcoin L2, metaprotocol and ZKP/BitVM spaces with a focus on technical communications and community education. She currently acts as a communications advisor to both Domo (Creator or BRC20) and Robin Linus (creator of BitVM), and is a co-author of BIP 360.

Clara Shikhelman

Head of Research

Chaincode Labs

Clara Shikhelman

Head of Research

Chaincode Labs

Clara Shikhelman is the Head of Research at Chaincode Labs, where she explores the theoretical foundations of Bitcoin from both computer science and economic perspectives. She previously held postdoctoral positions at the Simons Institute at UC Berkeley and at Caltech, and holds a PhD in mathematics from Tel Aviv University.

Pierre-Luc Dallaire-Demers

Founder & CEO

Pauli Group

Pierre-Luc Dallaire-Demers

Founder & CEO

Pauli Group

Quantum physics PhD
I have been involved in quantum computing since 2006 and now I measure the progress of quantum computers at breaking cryptography and design solutions to secure digital assets.

Brandon Black

Brandon Black

Principal

Rearden Code

Long time self custody engineer, focused on making bitcoin better money for everyone.

Understanding the Quantum Attack Vectors

Tuesday, April 28

2:00 pm

A considered technical look at the quantum attack vectors relevant to Bitcoin’s security model reveals the current state of quantum research. Are there realistic timelines for potential risks, and what are strategies being explored to strengthen Bitcoin’s long-term resilience?

Speakers/Moderators

12:30 pm

Wed

Wednesday, April 29

12:30 pm

1:00 pm

(30 mins)

How Real is the Quantum Threat?

Nakamoto Stage

Alex Thorn

Alex Thorn

Head of Firmwide Research

Galaxy

Brandon Black

Brandon Black

Principal

Rearden Code

Long time self custody engineer, focused on making bitcoin better money for everyone.

James O'Beirne

Former Core dev: assumeutxo, OP_VAULT, CTV

Hunter Beast

Senior Protocol Engineer

Anduro

Hunter Beast

Senior Protocol Engineer

Anduro

Alex Pruden

Alex Pruden

Co-Founder & CEO

Project Eleven

How Real is the Quantum Threat?

Wednesday, April 29

12:30 pm

Speakers/Moderators

1:30 pm

Wed

Wednesday, April 29

1:30 pm

2:00 pm

(30 mins)

The Quantum Threat to Bitcoin

HRF Freedom Go Up Stage

Alex Li

Bitcoin Development Lead

Human Rights Foundation

Alex Li

Bitcoin Development Lead

Human Rights Foundation

Tadge Dryja

Researcher

Tadge Dryja

Researcher

Tadge has introduced several important advances to Bitcoin, such as the Lightning Network, DLCs, and Utreexo. Currently working independently to help more people use Bitcoin.

Brandon Black

Brandon Black

Principal

Rearden Code

Long time self custody engineer, focused on making bitcoin better money for everyone.

Casey Rodarmor

Bitcoin Developer

Casey Rodarmor

Bitcoin Developer

The Quantum Threat to Bitcoin

Wednesday, April 29

1:30 pm

Speakers/Moderators

2:50 pm

Wed

Wednesday, April 29

2:50 pm

3:20 pm

(30 mins)

Agentic Investing: Does AI Make Better Bitcoin Investors Than Humans?

Nakamoto Stage

Spencer Nichols

Multimedia Producer & Director

Bitcoin Magazine

Spencer Nichols

Multimedia Producer & Director

Bitcoin Magazine

Spencer Nichols leads Multimedia operations at Bitcoin Magazine, producing video content across the Bitcoin Magazine, Bitcoin for Corporations and the Bitcoin Conference. Serving as livestream Director for the Bitcoin Conference series, his work spans all domains of Bitcoin, telling the story of Bitcoin adoption across monetary, financial, technological and political verticals.

Andrew McCormick

Head of eToro US

eToro

Andrew McCormick

Head of eToro US

eToro

Andrew McCormick is the Head of eToro US, the trading and investing platform with over 40 million registered users from 75 countries. eToro is a platform built around collaboration and investor education, a community where users can connect with other investors. On eToro, users can view other investors’ portfolios and statistics, and interact with them to exchange ideas, discuss strategies and benefit from shared knowledge. We act as a bridge between the old and new worlds of investing. On our US platform, users can trade equities, cryptoassets and options.

Prior to eToro, Andrew worked at leading investment firms including E*TRADE and Morgan Stanley. With his experience in traditional finance, Andrew brings his passion for promoting the transformative power of capital markets to the disruptive world of fintech. Even while he was in the world of traditional finance, Andrew started doing work in the innovative cryptocurrency space as early as 2017. Before working for those financial firms, Andrew represented companies as a lawyer in high-stakes regulatory and litigation matters while also being a rapper in a law firm and as a spirited side hustle.

Andrew holds a B.A. from University of Virginia, a JD from George Mason University School of Law, Virginia, Washington D.C., and New York Bar licenses, and the Series 7, 24, and 63 securities licenses.

Milton Todd Ault III

CEO

OnlyBulls

Milton Todd Ault III

CEO

OnlyBulls

Milton "Todd" Ault III is the Executive Chairman and visionary leader behind OnlyBulls, the AI-powered investing companion app launched by askROI, a subsidiary of Hyperscale Data Inc. A 35+ year Wall Street veteran, serial entrepreneur, and early Bitcoin adopter since 2011, Ault brings decades of financial expertise and a passion for democratizing access to institutional-grade market intelligence.

Alex Thorn

Alex Thorn

Head of Firmwide Research

Galaxy

Agentic Investing: Does AI Make Better Bitcoin Investors Than Humans?

Wednesday, April 29

2:50 pm

AI is often framed as a leveling force, but markets rarely stay level for long. This session looks at how arbitrage opportunities shift when everyone has access to the same models and tools. In a world where AI can replicate common skills, differentiation becomes less about knowledge and more about: unique inputs, high-quality judgment, and domain expertise.

Speakers/Moderators

Spencer Nichols

Multimedia Producer & Director

Bitcoin Magazine

Spencer Nichols

Multimedia Producer & Director

Bitcoin Magazine

Andrew McCormick

Head of eToro US

eToro

Andrew McCormick

Head of eToro US

eToro

Milton Todd Ault III

CEO

OnlyBulls

Milton Todd Ault III

CEO

OnlyBulls

Alex Thorn

Alex Thorn

Head of Firmwide Research

Galaxy

5:00 pm

Wed

Wednesday, April 29

5:00 pm

5:30 pm

(30 mins)

Covenants are Dead, Quantum is Fake & BIP110 was Vibe-Coded

Open Source Stage

Chris Seedor

CEO & Co-Founder

bitsurance | SEEDOR

Chris Seedor

CEO & Co-Founder

bitsurance | SEEDOR

Chris is a Bitcoin entrepreneur and advisor focused on self-custody, insurance, and inheritance. He is the CEO of Bitsurance, the world's first insurance for Bitcoin held in self-custody, and Seedor, one of Europe's leading Bitcoin backup solutions. Chris works closely with hardware wallet manufacturers, miners, and Bitcoin companies across Europe, and regularly speaks on Bitcoin custody, threat models, and the economic and technical realities of building on Bitcoin.

Stu

Software Engineer

Char

Stu

Software Engineer

Char

Interested in all things bitcoin, finding ways to improve bitcoin privacy and usability

Vortex

Application Developer

Vortex

Application Developer

Vortex

Vortex is an application developer and former host of the bitcoin news show and creator of bitcoindev.org, a website for helping developers begin integrating bitcoin into their own applications.

James O'Beirne

Former Core dev: assumeutxo, OP_VAULT, CTV

Covenants are Dead, Quantum is Fake & BIP110 was Vibe-Coded

Wednesday, April 29

5:00 pm

Panelists dive into some of the most buzz-worthy discussions blowing up your timeline on Bitcoin X (aka "twitter"). Buckle up for shenanigans and super serious bitcoin discourse.

Speakers/Moderators