Two years ago, post-quantum cryptography was a future-tense problem. On May 24, 2026, security researchers told CoinDesk that AI has quietly compressed the timeline. The panda watches. Crypto, an industry built on cryptography, has spent five years acting like Q-Day was someone else's problem. That posture is getting harder to defend.
What did the security experts actually say?
The argument is narrow and specific. Alex Pruden, CEO of Project Eleven, told CoinDesk: "Between quantum and AI, we're going to go into a world where security, you simply cannot count on the way you've always done things." Illia Polosukhin, co-founder of NEAR Protocol and a former Google researcher who co-authored the original Transformer paper, was blunter: "AI is becoming more and more of an accelerator. It might be that the next generation quantum computer will be built with AI."
The second quote is the one that should worry crypto. Polosukhin is not a quantum maximalist. He is an AI researcher saying out loud that AI-assisted hardware design is shortening the gap between today's lab-stage qubit chips and cryptographically relevant ones.
Why AI changes the quantum threat calculus
For a decade, the standard timeline for Q-Day, the moment a quantum computer breaks elliptic-curve cryptography, sat between 2030 and 2040. Google's security team now wants the entire web migrated to post-quantum schemes by 2029. That is not a wide buffer.
Three things change when AI sits in the loop. Chip design cycles compress because AI can suggest qubit layouts and error-correction codes humans would take years to model. Error correction itself, the hardest part of scaling quantum machines, benefits from AI pattern matching across noisy outputs. And, more quietly, "harvest now, decrypt later" attacks accelerate: a state actor that hoards encrypted blockchain traffic today can wait for the machine that decrypts it tomorrow. Polosukhin again: "If I know quantum computers are coming in a couple of years, I will start trying to capture all possible data."
The numbers say yes. The panda raises an eyebrow.
The $2 billion Commerce bet, and what it really buys
On May 21, the US Department of Commerce announced $2.013 billion in CHIPS Act incentives across nine quantum firms. IBM took $1 billion, GlobalFoundries $375 million, and six others (Atom Computing, D-Wave, Infleqtion, PsiQuantum, Quantinuum, Rigetti) $100 million each. NIST disclosed it would also take a non-controlling minority equity stake in each company.
That is not a small program. According to Decrypt's reporting, Citi analysts framed it as risk-positive for Bitcoin specifically, given the network's slow governance compared to Ethereum. Roughly 6.7 to 7 million BTC, close to a third of supply, sits in addresses with publicly exposed keys (mostly legacy P2PK and reused-address wallets). The total crypto market cap stood at $2.66 trillion on May 25, with Bitcoin holding $1.55 trillion of that on its own. The exposed-key share is a non-trivial slice of global value sitting in a queue.
Commerce Secretary Howard Lutnick framed the program as jobs and competitiveness. The crypto industry is not in the press release. The crypto industry is in the implications.
Which chains are actually preparing for post-quantum?
This is the part most coverage skips. According to CoinDesk's May 24 report, the chains actively researching or shipping post-quantum migration include Ethereum, Zcash, Solana, Ripple, and NEAR. NEAR has gone furthest: its account model already supports key rotation without asset migration, which means a user can swap their underlying cryptography without bridging or losing history.
Bitcoin is conspicuously absent. The reasons are structural, not negligent. Any Bitcoin post-quantum migration requires either a soft fork that introduces new address types (and convinces a critical mass of holders to move funds, including ones who have been silent since 2010), or a hard fork (politically impossible). Ethereum has a clearer path via EOAs to smart-account migration, especially after Pectra's account-abstraction primitives. Solana, with faster validator governance, is exploring lattice-based signature schemes. Post-quantum primitives are slow and large, which is why nobody has shipped one in production yet, but the research timeline is no longer comfortable.
The honest summary: chains that can iterate fast are preparing. Chains that cannot, are not. That tells you something about the decentralisation tradeoff that is uncomfortable to say out loud.
What to watch next: the quiet migration race
Three signals worth tracking over the next twelve months. First, NIST's PQC standard library (Kyber, Dilithium, Falcon, SPHINCS+) finalising into production-ready code most wallets and chains can ship. Second, any major L1 publishing a credible migration plan with a date attached, not just a research blog. Third, custody firms (Coinbase Custody, Anchorage, Fireblocks) quietly adding post-quantum signing options, because institutional clients will demand them well before retail notices.
For BNB Chain and BSC builders, the question is more pedestrian. PancakeSwap, Venus, and the rest of the BSC stack inherit Ethereum's elliptic-curve assumptions. A coordinated cross-chain migration is years away. In the meantime, the gaming and memecoin layer, where smaller projects can rebuild contract logic without legacy-key drag, has more flexibility than the L1s. The wider crypto-AI stack, from on-chain agents to autonomous wallets, will eventually need its own answer (we covered the agent payment rails earlier this week, and where AI agent tokens still make sense on Friday; see the broader AI agents cluster for context).
The panda's verdict: not a crisis, not a hoax. A deadline. Spoiler: most of crypto will hit it late, as usual.
