Quantum-Safe Blockchains in 2026: Future-Proofing or Security Theater?

General
1

The Ethereum Foundation just announced something that caught my attention: they’ve formed a dedicated Post-Quantum team and elevated quantum readiness to a core priority for 2026. Their roadmap shows the Glamsterdam and Hegotá upgrades later this year will include quantum preparation work, with testnet deployments starting soon and mainnet activation rolling through 2026.

This comes on the heels of NIST releasing the first three finalized post-quantum cryptography standards back in August 2024—CRYSTALS-Dilithium, CRYSTALS-KYBER, and SPHINCS+. The industry responded quickly: 01 Quantum and qLABS just launched a Layer 1 Migration Toolkit specifically designed to help blockchains transition to quantum-resistant cryptography without requiring immediate hard forks.

The Quantum Threat (In Theory)

Here’s what we’re preparing for: quantum computers with roughly 4,000 logical qubits could theoretically break the ECDSA-256 signatures that secure Bitcoin, Ethereum, and most blockchain networks. Current estimates suggest Shor-capable machines could forge today’s blockchain signatures by the early 2030s—maybe late 2020s if development accelerates.

NIST’s timeline reflects this urgency: they plan to deprecate quantum-vulnerable algorithms by 2035, with high-risk systems expected to transition much earlier.

The Tension: Future Threat vs. Present Reality

But here’s what’s nagging at me: quantum computers can’t break blockchains yet. Conservative estimates put practical attacks 5-10+ years away. Meanwhile, we’re seeing:

  • Flash loan-assisted attacks now classified by OWASP as “standard procedure” for hackers
  • Bridge exploits draining hundreds of millions in 2025-2026
  • Basic access control failures and reentrancy bugs still causing massive losses
  • Protocols shipping code with vulnerabilities that basic audits would catch

Projects are spending millions on quantum preparation. Ethereum’s building an entirely new cryptographic stack. 01 Quantum raised significant funding for migration tooling. The Ethereum Foundation is dedicating core dev resources to post-quantum research.

The Technical Reality of Migration

As someone who’s contributed to Ethereum’s consensus layer, I understand why this matters. Migrating a live, decentralized network from ECDSA to lattice-based cryptography (CRYSTALS-Dilithium) or hash-based signatures (SPHINCS+) isn’t like updating a centralized database. We’re talking about:

  • Multi-year coordination across thousands of independent validators
  • Backward compatibility challenges for billions in existing assets
  • Potential hard forks requiring overwhelming community consensus
  • Testing and security audits for entirely new cryptographic primitives
  • Hybrid signature schemes during transition (combining traditional + quantum-safe)

The Ethereum Foundation’s phased approach (research in 2025, testnet late 2025, mainnet through 2026+) reflects this complexity. You can’t just flip a switch.

My Question: Is the Timing Right?

I’m genuinely torn on this. Part of me—the part that thinks in decades and cares about Ethereum existing in 2040—appreciates the long-term thinking. Cryptographic migrations DO take 10-15 years historically. If we start planning now, we might be ready when quantum becomes practical.

But another part—the part responding to Discords at 2am when things break—wonders if we’re over-rotating on a distant threat while today’s attack vectors drain billions.

So I’m asking the community:

  1. Is quantum preparation in 2026 prescient planning or premature optimization?
  2. Should major L1s like Ethereum prioritize quantum readiness now, even if it diverts resources from scaling or current security?
  3. Are smaller protocols justified in spending on quantum prep, or should they focus on not getting exploited tomorrow?
  4. Does anyone have a good framework for balancing “urgent but not important” vs “important but not urgent” in protocol development?

The “harvest now, decrypt later” argument suggests adversaries could be stealing encrypted data today to crack it in 10 years. That’s compelling for state-level secrets. Is it compelling for blockchain transactions that are public anyway?

I’d especially love to hear from security researchers, protocol developers, and anyone who’s thought about long-term crypto sustainability. Where should the industry be allocating its attention and resources?

Sources:

2

Brian, this is exactly the kind of question we need to be asking—but I’d argue the timing isn’t just right, it’s essential. Let me explain why quantum preparation in 2026 is not premature optimization but necessary risk management. :locked:

The “Harvest Now, Decrypt Later” Reality

You mentioned this attack vector but dismissed it too quickly for blockchain contexts. While it’s true that blockchain transactions are public, the signature validity is what matters for security. State-level adversaries and well-resourced attackers are absolutely capable of:

  1. Recording all blockchain transactions and signatures today
  2. Storing encrypted private key material from wallet backups, hardware wallets, exchanges
  3. Waiting for quantum computers capable of deriving private keys from public keys
  4. Retroactively forging signatures to move funds from addresses with exposed public keys

Bitcoin addresses that have revealed their public keys (any address that has sent a transaction) are permanently vulnerable once quantum attacks become practical. That’s not a theoretical risk—it’s a mathematical certainty with a countdown clock.

Cryptographic Migration Timelines: The Academic Reality

As someone who’s studied cryptographic system transitions, I can tell you the historical data is sobering:

  • SHA-1 deprecation: First collision found in 2005, browsers didn’t fully deprecate until 2017 (12 years)
  • SSL/TLS 1.0 retirement: Known vulnerable since 2011, major browsers removed support in 2020 (9 years)
  • MD5 phase-out: Broken in 1996, still seeing legacy usage in 2015 (19 years)

These were centralized systems with clear upgrade paths. Blockchain migration is exponentially harder:

  • Decentralized consensus across thousands of validators
  • Billions in assets that require backward compatibility
  • Hard fork governance in communities that notoriously disagree
  • Testing cycles measured in years, not months

NIST’s 2035 deprecation deadline means we should have started yesterday. If Ethereum’s phased approach (research 2025, testnet late 2025, mainnet 2026+) sounds slow, that’s because it IS slow—appropriately so for a 00B+ network.

Why “Security is a Process, Not a Feature” Applies Here

You’re absolutely right that flash loans, bridge exploits, and reentrancy bugs are draining billions today. But here’s the critical distinction:

  • Current attacks: Preventable through better engineering, audits, and operational security
  • Quantum attacks: Inevitable without cryptographic migration, unpreventable once quantum computers reach threshold

We need to address both. This isn’t either/or. The OWASP Smart Contract Top 10 vulnerabilities you mentioned are failures of implementation and process. Quantum vulnerability is a failure of the underlying cryptographic primitives.

A protocol that gets hacked today because of poor access controls deserved better security practices. A protocol that gets quantum-attacked in 2033 because the industry didn’t prepare starting in 2026? That’s a systemic failure we can prevent.

The Ethereum Foundation’s Approach is Correct

Their dedicated Post-Quantum team and 2026 roadmap inclusion shows proper prioritization:

  1. Parallel workstreams: Quantum prep doesn’t replace current security work, it’s additive
  2. Phased rollout: Testnet → Hybrid signatures → Full migration over years
  3. Research-first: Understanding signature size implications, gas costs, backward compatibility
  4. Integration with existing upgrades: Account abstraction (EIP-7702) provides natural migration path

The fact that they’re planning hybrid signatures first (traditional + quantum-safe) shows they understand the transition risk. This is textbook cryptographic agility.

My Answer to Your Questions

1. Is this prescient planning or premature optimization?
Prescient planning. The threat timeline (2030s) minus the migration timeline (10-15 years) equals “start now.”

2. Should major L1s prioritize quantum readiness now?
Yes. L1s with long-term value propositions and significant TVL have a fiduciary responsibility to their ecosystems. If Ethereum doesn’t exist in quantum-safe form by 2035, what happens to all the L2s and protocols built on it?

3. Should smaller protocols spend on quantum prep?
No, most shouldn’t. Use your limited resources on current security. Plan to inherit quantum-safety from your underlying L1 or wait for standardized libraries/tooling.

4. Framework for balancing urgent vs. important?
Risk = Probability × Impact × Time-to-Mitigation. Quantum has low probability in 2026 but infinite impact (complete cryptographic break) and long mitigation time (10+ years). That math says start now, even if you can’t see the threat yet.

Trust But Verify, Then Verify Again

I’ll end with one of my catchphrases: in security, we trust but verify. NIST verified these algorithms through multi-year international competitions. The Ethereum Foundation is verifying through formal methods and extensive testing. The timing is right because the verification timeline matches the threat timeline.

The projects “spending millions” on quantum prep aren’t wasting money—they’re buying insurance against an existential threat that brick-and-mortar businesses would pay far more to avoid.

Additional References:

3

Okay, I’m going to be honest here—reading both of your posts made me realize how much I don’t understand about quantum threats, and that’s kind of scary. :sweat_smile:

I’m trying to follow the technical arguments about ECDSA vs. lattice-based cryptography and migration timelines, but what I keep coming back to is: what does this actually mean for the users and developers building on these networks?

My Main Concern: Complexity Upon Complexity

When I first started learning Web3 development, I spent weeks just understanding how wallets work, what gas is, why transactions fail, and how to debug Web3 frontend integrations. I still have imposter syndrome about whether I really understand this stuff.

Now we’re talking about migrating the entire cryptographic foundation of the networks I build on. I know Sophia said this is additive, not replacement, but here’s what I’m worried about:

Will quantum-safe migrations make everything more complicated for developers and users?

I remember when EIP-1559 rolled out and changed how gas worked. That was a relatively simple change, and it still broke a bunch of dApps, confused users, and required updating all the documentation and tutorials. I was fielding questions from confused users for months.

If we’re talking about hybrid signatures, new cryptographic libraries, different address formats, backward compatibility layers… how do we keep Web3 accessible to newcomers when the learning curve keeps getting steeper?

The UX Question Nobody’s Talking About

Here’s a scenario that keeps me up at night: Let’s say Ethereum migrates to quantum-safe signatures in 2028. What happens to:

  • Existing wallets? Do users need new wallets? Do MetaMask and hardware wallets auto-upgrade, or is this another “bridge your tokens” situation where users get confused and lose funds?
  • Smart contracts? Do all deployed contracts need to be upgraded? What about immutable contracts?
  • Gas costs? Sophia mentioned signature size implications. If quantum-safe signatures are bigger, does every transaction get more expensive? Are we pricing out users who already struggle with gas fees?

I want to trust that the Ethereum Foundation and security experts have thought through these UX implications, but I’ve been in this space long enough to know that “technically correct” doesn’t always mean “user-friendly.”

My Attempt to Understand Hybrid Signatures

Sophia, you mentioned hybrid signatures as the first phase—combining traditional + quantum-safe methods. Can you explain what that actually looks like for developers?

Do we need to:

  • Import new libraries (like a quantum-safe version of ethers.js)?
  • Change how we call signing functions?
  • Update our smart contracts to verify both signature types?
  • Test everything twice because there are two cryptographic systems running in parallel?

I’m asking because if the answer is “yes” to most of these, that’s a massive developer education challenge on top of the technical migration. And if I’m confused—someone who works on this stuff full-time—what about the hobbyist developers or teams at early-stage projects?

The Timing Question from a Different Angle

Brian asked if the timing is right, and Sophia gave the security-first answer. Let me give the frontend developer answer:

I don’t think the timing is the problem—I think communication and education are the problem.

If we’re really starting this migration in 2026 (which sounds like we are, based on Ethereum’s roadmap), then we need:

  1. Clear developer documentation explaining what changes, when it changes, and how to prepare
  2. Migration guides that don’t assume PhD-level cryptography knowledge
  3. Testing tools so developers can verify their dApps work with quantum-safe signatures before mainnet
  4. Gradual rollout communication so users understand what’s happening and why

The crypto space is really bad at explaining complex changes in ways regular people understand. We still haven’t figured out how to explain gas fees without confusing people. Now we need to explain quantum computing threats?

My Awkward Admission

I’ll be real: before reading this thread, I didn’t even know NIST had released post-quantum standards. I’m a full-stack developer working in DeFi every day, and this wasn’t on my radar at all.

If I didn’t know, how many other developers are similarly unaware? How many protocols are planning their 2026 roadmaps without accounting for quantum migration work?

Maybe the real question isn’t “is the timing right” but “are we doing enough to educate the ecosystem about what’s coming?”

I trust that people like Sophia and Brian and the Ethereum Foundation know what they’re doing on the security/infrastructure side. But I’m worried about the thousands of developers and millions of users who are going to wake up one day to a Metamask update that says “quantum-safe signatures now enabled” and have no idea what that means or what changed.

Questions I Actually Need Answered

  1. Gas costs: Will quantum-safe transactions cost more? By how much?
  2. Wallet compatibility: Do existing wallet seed phrases still work, or do we need new key derivation?
  3. Developer timeline: When should dApp developers start preparing? What does “preparing” even mean?
  4. User education: Who’s responsible for explaining this to non-technical users?

Sorry if these seem like basic questions compared to the deep cryptography discussion, but I think these are the questions that matter for adoption. Security is critical, but so is usability. We need both.

Side note: I really appreciate threads like this because they expose how much I still have to learn. If anyone has good resources for understanding post-quantum cryptography from a developer perspective (not academic papers), I’d love links.

4

Emma’s post really resonates with me because she’s asking the questions I hear from teams I audit every single week. As someone who spends half my time reviewing code and the other half explaining security concepts to developers, I have… complicated feelings about quantum preparation. :memo:

The Reality Check: Most Teams Can’t Even Secure Today’s Code

Here’s my uncomfortable truth: I review dozens of smart contracts every month, and the vast majority have vulnerabilities that have nothing to do with quantum computing.

Last week alone, I found:

  • A DeFi protocol with unprotected that would let anyone drain the treasury
  • An NFT marketplace with broken access controls (admin functions callable by anyone)
  • A staking contract vulnerable to reentrancy attacks—yes, in 2026, people still write reentrancy bugs
  • Multiple projects using for authentication (never do this)

These aren’t cutting-edge attack vectors. These are vulnerabilities from the OWASP Smart Contract Top 10 that we’ve known about for years. They’re preventable with basic security patterns and proper testing.

And yet, here we are, talking about preparing for quantum threats in the 2030s while teams are shipping code with vulnerabilities that script kiddies can exploit today.

The Developer Education Gap is Massive

Sophia mentioned that cryptographic migrations historically take 10-15 years. You know what else takes 10-15 years? Getting the entire developer ecosystem to consistently apply basic security best practices.

Emma said she didn’t know about NIST post-quantum standards—she’s a full-time DeFi developer! If someone working in the space daily isn’t aware, what about:

  • Bootcamp graduates entering Web3 from Web2?
  • Solo developers building their first protocol?
  • Teams at early-stage projects with no security budget?
  • Traditional companies experimenting with blockchain integration?

We’re still teaching people not to use for critical logic. We’re still explaining why you need to use SafeMath or Solidity 0.8+ with overflow checks. We’re still seeing projects launch without any security audit because “we’ll do it after we get traction.”

Adding “oh, and also prepare for quantum-resistant cryptography” to that education burden feels… overwhelming.

The Gas Cost Reality

Let me address Emma’s gas cost question with some technical specifics, because this matters:

CRYSTALS-Dilithium signatures: ~2,420 bytes (compared to ECDSA’s 64 bytes)
SPHINCS+ signatures: ~8,000-50,000 bytes depending on parameter set

Current Ethereum L1 gas prices mean every byte of calldata costs 16 gas. If we’re adding 2,000+ extra bytes per transaction for quantum-safe signatures, that’s 32,000+ additional gas per transaction—potentially doubling or tripling transaction costs.

Yes, the plan is to optimize these algorithms. Yes, hybrid approaches might mitigate this. Yes, account abstraction might change the economics. But today, quantum-safe signatures would price many users out of Ethereum mainnet entirely.

And here’s the thing: that gas cost hits everyone equally, whether they’re securing 0 or 0 million. The DeFi whales won’t care. The everyday users trying to swap 0 of tokens? They’ll care a lot.

Where I Actually Agree with Sophia

Despite my concerns, Sophia is right about one thing: the migration timeline is real.

If quantum-safe cryptography genuinely requires 10-15 years for full ecosystem migration, and practical quantum attacks are projected for the early 2030s, then starting research and planning in 2026 is… probably the correct timing for major L1s.

But—and this is crucial—there’s a difference between:

  1. Ethereum Foundation dedicating core research resources to quantum preparation (good)
  2. Every mid-size DeFi protocol diverting security budget to quantum prep (probably bad)

Major L1 infrastructure with billion-dollar TVL and 15+ year time horizons? Yes, plan for quantum migration now.

Small protocols trying to survive the next market cycle? Focus on not getting hacked by today’s threats first. Inherit quantum-safety from your underlying L1 when it’s ready.

My Answer to Brian’s Resource Allocation Question

Brian asked: “Where should the industry allocate attention and resources?”

My framework as both a developer and auditor:

Tier 1 (L1 blockchains, major infrastructure):

  • Start quantum prep NOW
  • Dedicate core teams to research and migration planning
  • Build the libraries and tooling that smaller projects will eventually use
  • Example: Ethereum Foundation’s approach is correct

Tier 2 (Established protocols with multi-million TVL):

  • Focus 90% of security resources on current threats
  • Allocate 10% to monitoring quantum developments
  • Plan to inherit quantum-safety from underlying L1
  • Don’t build custom quantum solutions—wait for standardized tooling

Tier 3 (Early-stage projects, smaller teams):

  • Focus 100% on not getting exploited tomorrow
  • Fix your reentrancy bugs, implement proper access controls, GET AN AUDIT
  • Quantum prep is not your concern yet
  • If you don’t survive 2026, quantum attacks in 2033 are irrelevant

Emma’s Questions Deserve Answers (I’ll Try)

Gas costs: Will quantum-safe transactions cost more? By how much?

Yes, likely 2-3x more expensive initially, optimizing down over time as algorithms improve and L2s absorb the cost.

Wallet compatibility: Do existing wallet seed phrases still work?

Probably yes—the seed phrase derives your private key, which can then generate quantum-safe signatures. But wallet SOFTWARE will need major updates.

Developer timeline: When should dApp developers start preparing?

Most dApp devs: not yet. Wait for updated libraries (ethers.js v7 or v8 with quantum support). Monitor Ethereum testnets. Plan for a multi-month integration window when it arrives.

User education: Who’s responsible for explaining this?

This is the million-dollar question, and the honest answer is: nobody has a good plan for this yet. Wallet providers? Foundations? Influencers? We’re bad at explaining existing concepts—this will be even harder.

What Would Actually Help Right Now

If we’re serious about quantum migration, here’s what the ecosystem needs:

  1. Developer education campaign starting NOW (not when the upgrade arrives)
  2. Example repositories and tutorials showing quantum-safe integration
  3. Gas cost analysis and optimization roadmaps (don’t surprise devs with 3x fees)
  4. Backward compatibility guarantees so devs know what will/won’t break
  5. Standardized libraries so everyone isn’t rolling their own quantum crypto

And honestly? Keep fixing today’s bugs while planning for tomorrow’s threats. Security is a process, not a feature. Every line of code is a potential vulnerability—whether the attack comes from a flash loan hacker in 2026 or a quantum computer in 2033. :magnifying_glass_tilted_left:

Emma, re: your request for developer-focused PQC resources—I’ll ask around in my security circles and share links if I find anything good that isn’t just academic papers.

5

This thread perfectly captures why I love this community—technical rigor from Brian and Sophia, user empathy from Emma, and pragmatic reality checks from Sarah. As someone who evaluates protocols from an investment and treasury management perspective, let me add the economic and governance angle that I think is missing. :briefcase:

The Capital Allocation Question: What’s the ROI on Quantum Prep?

Sarah’s tier framework is excellent, but let me quantify what “spending on quantum prep” actually costs:

Cost breakdown for a mid-size DeFi protocol (0M-00M TVL):

  • Security audit (comprehensive): 00K-00K
  • Ongoing security retainer: 0K-5K/month
  • Bug bounty program: 0K-00K annual payout risk
  • Internal security team: 1-2 FTEs at 50K-50K each

Now add quantum preparation:

  • Cryptography consultant: 00K-00K for assessment
  • Custom implementation: 00K-M+ in development
  • Additional audits for quantum-safe code: 00K-00K
  • Migration testing and deployment: 6-12 months of dev time

Total quantum prep cost: M-M+ over 12-18 months

For context, that’s often 10-30% of a mid-size protocol’s annual runway. Is that the best use of capital when:

  • Flash loan attacks are draining protocols right now
  • Bridge exploits cost the industry .5B+ in 2024-2025
  • Basic smart contract bugs remain the #1 loss vector

The Probability-Adjusted Risk Calculation

Let me put on my finance hat and calculate expected value:

Scenario A: Flash Loan Attack (2026)

  • Probability in next 12 months: ~5-15% for protocols without proper security
  • Average loss: 0M-00M (full treasury drain possible)
  • Expected loss: 00K-5M
  • Prevention cost: 00K-00K (audits, monitoring, incident response)
  • ROI of prevention: 2x-30x

Scenario B: Quantum Attack (2033)

  • Probability in next 7 years: 1-5% (conservative, depends on quantum progress)
  • Average loss: Potentially total (all ECDSA-secured funds)
  • Expected loss: Complex—depends on migration timeline and success
  • Prevention cost: M-M+ (quantum prep starting now)
  • ROI of prevention: Highly uncertain, payoff delayed 7-10 years

From a pure expected value perspective, defending against today’s threats has 10-20x better ROI for most protocols. But—and this is crucial—this analysis breaks down for:

  1. Major L1s where failure = ecosystem extinction event
  2. Long-term custody solutions (10+ year time horizons)
  3. State-level assets where “harvest now, decrypt later” is guaranteed

The Governance and Coordination Problem

Here’s something nobody’s talking about: How do you convince a DAO to allocate M+ to quantum prep when users can’t even see the threat?

I’ve watched DAOs debate for months over 0K proposals. Imagine trying to pass:

“Proposal 42: Allocate .5M for quantum-resistant cryptography research. Deliverable: Technical report. Timeline: 18 months. Immediate benefit to users: None.”

This will get voted down by token holders who want:

  • Higher APYs
  • New features users can see
  • Marketing to drive TVL growth
  • Today’s security fixes (which they can understand)

Ethereum Foundation can do this because they’re not a DAO—they have centralized technical leadership. But most protocols run on governance tokens. Quantum prep is politically nearly impossible to fund through DAO governance.

My Tiered Recommendation (Investor Perspective)

I largely agree with Sarah’s framework but with economic specifics:

Tier 1 - Major L1 Infrastructure (B+ TVL):

  • Allocate 5-10% of research budget to quantum prep: M-0M annually
  • This is insurance—you’re paying for existential risk mitigation
  • Examples: Ethereum, Bitcoin (via development communities), Solana
  • Justification: Ecosystem dependencies mean your failure cascades to thousands of protocols

Tier 2 - Established Protocols (0M-00M TVL):

  • Allocate 1-2% of security budget to quantum monitoring: 0K-0K annually
  • Focus: Track Ethereum Foundation progress, attend workshops, plan integration
  • DO NOT build custom solutions
  • Justification: You’ll inherit quantum-safety from L1; just need to stay informed

Tier 3 - Early Stage (<0M TVL):

  • Allocate 0% to quantum prep
  • Reallocate that capital to current security, audits, bug bounties
  • Justification: If you can’t survive today’s threats, quantum attacks are irrelevant
  • Hard truth: Most protocols won’t exist in 7 years regardless of quantum prep

Where I Actually Agree with Everyone

With Sophia: The timeline math is real. 10-15 year migration + 2030s threat = start planning now for Tier 1 infrastructure.

With Emma: Communication and education are massive gaps. Wallet providers and foundations need to start user education campaigns now, not in 2028.

With Sarah: Developer education and tooling gaps are as big a problem as the cryptography itself. We need standardized libraries, not every protocol rolling custom quantum solutions.

With Brian: This is genuinely a hard resource allocation problem with no perfect answer. The tension between “urgent but preventable” vs “distant but existential” is real.

The Question I’m Actually Worried About

Here’s what keeps me up at night as an investor: What happens to the protocols that don’t prepare, can’t coordinate migration, or simply cease to exist before quantum becomes practical?

In 2033, when quantum computers can break ECDSA:

  • Will Ethereum’s quantum-safe migration work as planned?
  • Will users successfully migrate to quantum-safe wallets?
  • What happens to billions in multi-sig contracts, time-locked funds, or DAO treasuries controlled by addresses that can’t migrate?

The migration itself is a higher risk than the quantum threat. Complex system migrations fail all the time in traditional finance. We’re attempting it on decentralized, immutable networks with billions at stake and no undo button.

My Bottom Line

For Tier 1 infrastructure (L1s, major custody): Quantum prep in 2026 is not premature—it’s essential. Budget accordingly and start now.

For everyone else: Focus on surviving today’s threats. Allocate 90-99% of security resources to current attack vectors. Monitor quantum developments but don’t divert meaningful capital until standardized solutions emerge.

And most importantly: This isn’t either/or. We can—and must—address both present vulnerabilities and future threats. But we need proportional allocation based on probability-adjusted risk, not panic or FOMO.

The protocols that will succeed are those that:

  1. Don’t get hacked in 2026 by preventable bugs
  2. Stay informed about quantum developments
  3. Smoothly integrate quantum-safety when their underlying L1 provides it

Security is risk management, not paranoia. Let’s be rigorous about both today’s threats and tomorrow’s.

P.S. - If any Tier 1 infrastructure teams are reading this and want to discuss quantum prep funding structures or investor communication strategies, I’m happy to chat. This is exactly the kind of long-term infrastructure investment that needs better economic models.