The U.S. Department of Commerce on May 21, 2026, signed letters of intent with nine companies for $2.013 billion in federal incentives under the CHIPS and Science Act — the largest coordinated quantum computing investment in U.S. history, and a direct acceleration of the timeline that researchers call Q-Day: the moment quantum computers break the cryptography protecting Bitcoin, Ethereum, and most of the modern internet.

The announcement. IBM receives the largest single allocation: $1 billion in CHIPS incentives matched by $1 billion from IBM itself — cash, intellectual property, manufacturing assets, and personnel — to build Anderon, a quantum wafer foundry headquartered in Albany, New York. The facility will focus initially on 300-millimeter superconducting quantum wafer manufacturing before expanding to other hardware modalities. GlobalFoundries receives $375 million to establish a domestic foundry spanning superconducting, trapped ion, photonic, topological, and silicon spin architectures. Seven additional companies — Atom Computing, D-Wave, Infleqtion, PsiQuantum, Quantinuum, and Rigetti — each receive $100 million to address specific engineering bottlenecks in their respective quantum modalities. Diraq receives $38 million for silicon spin qubit development. The Department takes a minority, non-controlling equity stake in every recipient as a condition of funding.

"These strategic quantum technology investments will build on our domestic industry, creating thousands of high-paying American jobs while advancing American quantum capabilities," said Secretary of Commerce Howard Lutnick in the announcement. IBM CEO and Chairman Arvind Krishna added: "With the support of the U.S. Department of Commerce, Anderon will be well-positioned to fuel America's fast-growing quantum technology industry."

The crypto-specific threat. Bitcoin and Ethereum rely on elliptic curve cryptography — specifically ECDSA over the secp256k1 curve — to secure wallets. The security model assumes that deriving a private key from an exposed public key is computationally infeasible on classical hardware. A sufficiently powerful fault-tolerant quantum computer running Shor's algorithm invalidates that assumption entirely.

The exposure vector is structural. Every on-chain transaction reveals the sender's public key. Those keys are permanently recorded on an immutable ledger. An attacker with a capable quantum computer could, in principle, work backward from a public key to the corresponding private key and drain any wallet whose key has been exposed — with no fraud recovery mechanism capable of reversing the theft. Dormant wallets and already-spent addresses are permanently at risk once Q-Day arrives, regardless of when they transacted.

The timeline is compressing. In its quantum roadmap published in November, IBM said it aims to deliver a large-scale fault-tolerant quantum computer by 2029. A recent report from quantum security firm Project Eleven warned that a quantum computer capable of breaking Bitcoin and Ethereum's elliptic curve cryptography could arrive as early as 2030. Separately, Google researchers have suggested future quantum systems may require fewer qubits than previously believed to crack modern cryptography — narrowing the margin of safety that the field had assumed.

Citi flags Bitcoin's governance problem. Earlier this week, Citi analysts issued a separate note warning that Bitcoin may face greater long-term quantum exposure than Ethereum, not because the underlying cryptography differs materially, but because Bitcoin's governance structure makes major protocol upgrades slower and more politically contentious. The analysts estimated that roughly 6.7 to 7 million BTC — up to one-third of Bitcoin's circulating supply — already sit in wallets with publicly exposed keys. Those coins include large tranches of early-mined bitcoin, including Satoshi Nakamoto's estimated 1.1 million BTC, which has never moved and whose public keys are on-chain and visible.

Ethereum's more agile upgrade path, by contrast, gives it a cleaner runway to deploy post-quantum cryptography before a capable quantum computer materializes.

The defense side. Privacy-centric blockchain startup AmericanFortress claims a multi-layer quantum defense deployable via soft fork could protect even dormant holdings including Satoshi's coins. The claim has not been independently validated. It represents one firm's proposed approach in a field where no production-grade post-quantum migration has been completed on a major public blockchain. Treat it as a directional signal that the industry is actively developing responses, not as a solved problem.

The structural read. Washington's $2.013 billion quantum investment is not a threat to crypto in isolation — it is a broad national security posture play covering defense, pharma, finance, and communications. But the concentration of capital in foundry infrastructure, specifically IBM's Anderon facility and its superconducting wafer production, is directly relevant to the fault-tolerant qubit counts that researchers peg as necessary for cryptographic breaks. The government's equity stakes align federal incentives with commercial timelines, removing a layer of uncertainty about whether foundry capacity will materialize.

For Bitcoin and Ethereum, the 2029-to-2030 window now has institutional capital behind it. The question for protocol governance is whether post-quantum cryptography standards — NIST finalized its first set in 2024 — can be integrated into both chains before that window closes. On Ethereum, the answer is plausibly yes. On Bitcoin, with its slower and more contentious upgrade path, the Citi analysts' concern is structurally well-grounded.

The on-chain keys exposed today will still be on-chain in 2030. The ledger does not forget.

Primary sources: U.S. Department of Commerce / NIST announcement, May 21, 2026; Decrypt, May 21, 2026; Decrypt / Citi note; Project Eleven report; IBM quantum roadmap.