The Industry Everyone Lectures About Security Is Years Ahead of You
Crypto committed over $20 million to quantum defense in January 2026. Built working testnets. Assembled world-class advisory boards. Many Fortune 1000 companies have not begun structured programs.
January 2026 may be the most consequential month for quantum security in crypto history. Not because of a breakthrough in quantum computing. Because the industry decided to stop waiting. In a single month, major networks committed capital, formed governance bodies, and deployed functional post-quantum testnets. By any reasonable measure of coordinated action, this represents an inflection point.
Coinbase formed an Independent Advisory Board on Quantum Computing and Blockchain, bringing together leading researchers from UT Austin, Stanford, the Ethereum Foundation, and UCSB. Their mandate: publish position papers, issue guidance, and provide independent analysis when quantum breakthroughs occur.
The Ethereum Foundation elevated post-quantum security to a top strategic priority, forming a dedicated team, committing $2 million in research prizes, and launching biweekly developer calls with multi-client test networks already live.
Project Eleven closed a $20 million Series A led by Castle Island Ventures, with participation from Coinbase Ventures. Nic Carter, founding partner at Castle Island, called quantum “the biggest and most complex threat public blockchains have ever faced.”
Solana partnered with Project Eleven to deploy working post-quantum signatures on a testnet, demonstrating end-to-end quantum-resistant transactions using current technology.
BTQ Technologies launched Bitcoin Quantum, a post-quantum testnet using NIST-standardized ML-DSA signatures, which Delphi Digital characterized as a “quantum canary” network for the ecosystem.
Five major initiatives. Tens of millions in committed capital. Working code. All in January.
Now compare that to enterprise readiness.
Defining Quantum Readiness
For this analysis, quantum readiness means five components: cryptographic inventory, dependency mapping, migration plan with timelines, pilot deployment of post-quantum algorithms, and board-level governance.
By that standard, most Fortune 1000 organizations have completed zero or one.
The Numbers That Should Concern Every Board
Third-party research tells a consistent story.
The IBM Quantum Readiness Index, based on surveys of 750 organizations across 28 countries, puts the average enterprise score at 28 out of 100. A Bain survey found 73% of IT security professionals expect harvest-now-decrypt-later to be a material risk within five years, yet most have not started migration planning.
Qryptonic’s own research, based on interviews with 147 Fortune 1000 CISOs in May 2025, found that only 1% have established funded, board-mandated quantum cybersecurity programs. In our 2025 assessments, we consistently found critical cryptographic vulnerabilities across every engagement, with an average of 47 findings at CVSS 7.0 or higher per environment.
The pattern is clear. Awareness is high. Action is not.
What Coinbase Actually Did
Coinbase didn’t issue a press release about “exploring quantum.” They assembled a board with authority and expertise.
The members include Scott Aaronson, who directs UT Austin’s Quantum Information Center, and Dan Boneh, whose cryptographic work underpins much of internet security. The board’s mandate is specific: publish position papers evaluating quantum risk, issue practical recommendations, and provide independent analysis when major breakthroughs occur. Their first comprehensive report is due in 2027.
“Quantum computing is advancing, and while we don’t believe it poses an imminent threat to crypto today, the reality is that upgrading global networks and security standards takes years,” Coinbase stated. “We’re formalizing this Advisory Council now so the ecosystem can plan early, evaluate the evidence responsibly, and coordinate on pragmatic steps.”
This is what institutional preparation looks like.
What Ethereum Actually Did
The Ethereum Foundation went further. They didn’t just study the problem. They started building the solution.
Justin Drake announced the formation of a dedicated Post-Quantum team. “After years of quiet R&D, EF management has officially declared PQ security a top strategic priority,” he wrote. “It’s now 2026, timelines are accelerating. Time to go full PQ.”
The initiative includes biweekly All Core Developers calls focused on post-quantum transactions. Multi-client post-quantum consensus test networks are already live. The Foundation announced two $1 million prizes: the Poseidon Prize to harden the Poseidon hash function, and the Proximity Prize to advance hash-based cryptography research.
This is not a roadmap. This is execution.
What Project Eleven Just Raised $20 Million to Build
Project Eleven closed its Series A two weeks ago. The thesis: blockchains need tools to migrate away from cryptography that quantum computers will eventually break.
In its first 15 months, Project Eleven deployed “yellowpages,” a production registry that allows Bitcoin holders to generate post-quantum keys and link them to existing addresses. They built and open-sourced the first post-quantum testnet for Solana, replacing standard EdDSA signatures with NIST-standardized ML-DSA.
“We can’t afford to ignore this existential risk posed to the digital asset ecosystem,” said Alex Pruden, CEO and co-founder. “Networks like Bitcoin take years to upgrade because they’re governed cautiously by design. We’re focused on making the transition practical now, so the industry can migrate deliberately instead of improvising under pressure.”
What Solana and BTQ Demonstrated
While other networks discuss quantum defense, Solana and BTQ tested it.
The Solana Foundation partnered with Project Eleven to assess quantum readiness across the network’s core infrastructure. Then they built something: a working testnet running post-quantum digital signatures end-to-end. The system supports practical, scalable transactions secured by quantum-resistant primitives.
“It is our responsibility to ensure Solana’s security, not just today, but for decades to come,” said Matt Sorg, Solana Foundation’s VP of Technology.
On January 12, 2026, BTQ Technologies launched Bitcoin Quantum, a permissionless testnet that replaces Bitcoin’s quantum-vulnerable ECDSA signatures with ML-DSA. Delphi Digital positioned it as “the ultimate quantum insurance policy that ensures the original promise of sovereign digital money survives the transition.”
The Exposure That’s Already Accumulating
The stakes are not theoretical.
According to research cited by Delphi Digital and Chaincode Labs, researchers estimate between 6.26 and 6.65 million BTC reside in addresses where public keys have been exposed through transaction history or legacy address formats. At current prices, that represents $650 billion to $750 billion in assets that become theoretically vulnerable once quantum computers can execute Shor’s algorithm at scale.
This includes early Pay-to-Public-Key wallets and addresses where public keys have been revealed through transaction history. A Federal Reserve study characterized harvest-now-decrypt-later as an “active threat,” not because quantum computers can break encryption today, but because the data is already being collected. Bitcoin’s immutable public ledger means past transactions remain permanently exposed once quantum capability arrives.
The Q-Day Prize, launched by Project Eleven, offers 1 BTC to the first team that breaks an elliptic curve cryptographic key using Shor’s algorithm on a quantum computer. The deadline is April 5, 2026. No one has claimed it yet. The point isn’t the prize. It’s benchmarking how close we actually are.
What Vitalik Said
Vitalik Buterin has been specific in a way that enterprise executives rarely are.
He cited Metaculus forecasting data showing a 20% probability of cryptographically relevant quantum computers arriving before 2030. At Devconnect in Buenos Aires, he warned that elliptic curve cryptography “could break before the next US presidential election in 2028.”
He called for Ethereum to achieve quantum resistance within four years. In a January 2026 post, he outlined seven technical requirements for long-term security, with quantum resistance as a non-negotiable priority. “We should resist the trap of saying ‘let’s delay quantum-resistance until the last possible moment in the name of eking out more efficiencies for a while,’” he wrote.
This is a founder of a $300 billion network putting specific timelines and technical requirements on the public record.
The Institutional Divergence
Institutions are splitting on this question in real time.
Christopher Wood, Jefferies’ global head of equity strategy, removed a 10% Bitcoin allocation from his model portfolio on January 16, 2026. “There is growing concern in the Bitcoin community that quantum computing could only be a few years away rather than a decade or more,” Wood wrote. He reallocated to 5% physical gold and 5% gold mining stocks. Wood’s newsletter explicitly cited quantum computing as the reason for the reallocation, making this one of the first documented cases of a major institutional strategist adjusting portfolio exposure based on cryptographic threat assessment.
Harvard went the opposite direction. In Q3 2025, Harvard Management Company tripled its Bitcoin ETF holdings to $443 million, making BlackRock’s iShares Bitcoin Trust its largest disclosed position.
The divergence reveals something important: migration capability is now an investable thesis. Jefferies saw quantum risk and exited. Harvard saw the same risk and bet that crypto networks will migrate faster than traditional finance. Both are rational. The difference is in their assessment of coordination capacity.
Which brings us back to the Fortune 1000.
Why Crypto Is Ahead
The crypto industry has structural characteristics that make it suited to address this threat early.
Cryptography is the product. For Ethereum and Bitcoin, encryption isn’t a feature buried in infrastructure. It’s the foundation. If the cryptography fails, everything fails. There’s no secondary business to fall back on.
The community is technical. Crypto developers understand Shor’s algorithm, elliptic curve vulnerabilities, and what post-quantum migration requires. They don’t need consultants to explain the threat first.
Coordination mechanisms exist. Ethereum has core developer calls, EIPs, testnets, and upgrade processes. These networks have practiced coordinating technical changes across decentralized stakeholders for years. Enterprise IT has coordination mechanisms too, but they typically operate on multi-year cycles that quantum timelines may not accommodate.
Timeline pressure is real. Crypto assets are bearer instruments. If quantum computers can derive private keys from public keys, coins move. Immediately. Irreversibly. There’s no insurance claim. No litigation. The money is gone.
The Incentive Structure Difference
The gap isn’t about intelligence or competence. It’s about incentive structures.
In crypto, the people responsible for security have direct exposure to the consequences of failure. Founders hold tokens. Developers hold tokens. Everyone is aligned on cryptographic integrity because everyone loses if it fails.
In enterprises, security is a cost center competing for budget against revenue-generating initiatives. The board hears about quantum risk in the same meeting where they hear about twelve other risk categories. The timeline is abstract. The consequences are diffuse. The incentive to act now is weak.
This isn’t a criticism of enterprise security professionals. It’s an observation about organizational dynamics. When the threat timeline is uncertain and migration is expensive, waiting feels rational. Even when waiting is exactly the wrong response.
Crypto’s incentive structure makes waiting irrational. So crypto isn’t waiting.
What the Government Already Knows
The U.S. government isn’t waiting either.
The Department of Defense issued a November 2025 memorandum requiring all components to migrate to NIST-approved post-quantum algorithms by December 31, 2030. NSA’s CNSA 2.0 mandates ML-DSA for all national security systems, with legacy cryptography disallowed by 2035. The White House estimates $7.1 billion for government-wide PQC migration between 2025 and 2035.
Experts disagree on when fault-tolerant quantum computers will arrive. Estimates range from the late 2020s to the 2040s. Adam Back, Blockstream CEO, has argued the threat is 20 to 40 years away. Vitalik Buterin puts 20% probability on arrival before 2030. The Global Risk Institute’s December 2024 survey of 32 experts found 5-14% probability of cryptographically relevant quantum computers by 2029, rising to 19-34% by 2034.
But migration timelines matter more than threat timelines. If your organization needs five years to migrate and the threat arrives in seven, you’re fine. If your organization needs five years and the threat arrives in four, you’re not. The government is betting on the former. The question is whether enterprises are making the same bet consciously or by default.
The Question for Every Board
Regulators have spent years lecturing crypto about security. Consumer protection. Custody requirements. Operational resilience.
Now Coinbase has assembled an advisory board with world-class cryptographers. The Ethereum Foundation has committed $2 million to post-quantum engineering with dedicated teams and live test networks. Solana has demonstrated working post-quantum signatures. Project Eleven has raised $20 million to build migration infrastructure.
Meanwhile, according to third-party research, Fortune 1000 readiness scores average 28 out of 100. According to Qryptonic’s research, only 1% have funded programs.
The question for every Fortune 1000 board is simple:
Why is an industry that regulators questioned for years further along than you on the most significant long-term security threat?
The answer will matter in procurement conversations. It will matter in insurance renewals. It will matter in M&A diligence. It will matter in shareholder litigation if something goes wrong.
Why This Matters for Your Next Move
Qryptonic has assessed 50+ Fortune 1000 environments for quantum exposure, published the research showing the readiness gap, and built assessment tools specifically designed for the cryptographic discovery problem NIST called “much larger in scale” than any prior migration.
We deliver a Quantum Exposure Date in days: the modeled point at which your encrypted data becomes readable under specific adversary scenarios. That’s the number your board needs. Not a physics lecture. Not a 90-day discovery phase. A defensible answer.
If you want to know where you stand before your competitors do, that conversation starts here.
Q-Scout 26 — Cryptographic discovery and quantum exposure modeling.
Q-Strike 26 — Validate defenses against quantum attack scenarios.
Q-Solve 26 — Migration planning. Controls-mapped. Compliance-ready.
www.qryptonic.com | info@qryptonic.com
© 2026 Qryptonic Research, LLC. All rights reserved.
Sources and Methodology
Third-party research:
IBM Quantum Readiness Index 2025: 750 organizations, 28 countries. Available at ibm.com/thought-leadership.
Bain Post Quantum Cryptography Survey, May 2025: 182-226 IT security professionals.
Delphi Digital, “BTQ Technologies: Securing Crypto’s Future Against the Quantum Threat,” December 2025.
Chaincode Labs (Milton & Shikhelman), Bitcoin public key exposure analysis, May 2025.
Global Risk Institute, Expert Survey on Quantum Threat Timeline, December 2024: 32 experts surveyed.
DoD Memorandum on Post-Quantum Cryptography Migration, November 18, 2025.
NSA CNSA 2.0 Algorithm Guidance, updated 2024.
White House Office of Management and Budget, PQC Migration Cost Estimate, 2024.
Qryptonic proprietary research:
Qryptonic Quantum-Risk Survey, May 2025: 147 Fortune 1000 CISOs surveyed via anonymous questionnaire with follow-up validation. “Funded program” defined as board-approved budget specifically allocated to quantum risk assessment or post-quantum migration.
Qryptonic 2025 Assessment Data: 50+ engagements across financial services, healthcare, energy, and government sectors. Findings counted using CVSS 3.1 scoring; critical threshold set at 7.0+.
News events: All events cited occurred between December 2025 and January 2026 and are sourced from company announcements, SEC filings, and verified news reporting.
This publication is for informational purposes only and does not constitute legal, financial, or technical advice. Consult qualified professionals regarding your specific circumstances.