Formation

Shoutout to @ARKInvest for using the Project Eleven Bitcoin Risq List data to calculate quantum vulnerable bitcoin! The Bitcoin Risq List is proving to be THE definitive resource used by the industry. projecteleven.com/bitcoin-risq-l…

Fun panel last night with @StefanoGogioso @DeryaKarl @yoitsyoung on all things quantum and post-quantum cryptography. tl;dr - post-quantum encrypt everything!

at this very moment in a bomb shelter, my 97 year old grandma is giving a biblical lecture at her old folks home in Israel impressive, beautiful, scary, all at the same time

If you’re young, hungry and want to find if your idea could be your life’s mission, no better people to try and figure it out with. @sollygarber and @lmushin are incredible partners.

I’ve been fortunate to meet and jam with some of the operators and founders Leeor and Sully have put together - and it’s been incredible watching them in action helping people explore the idea maze

Highly recommend this series for anyone looking for top tier guidance on being a future founder! Leeor and Solly are some of the best VCs out there to work with and learn from.

I’ve seen a lot of startup advice orbit the company-building part. Much less gets built for the moment right before that, when someone smart, restless, and a little obsessed is trying to figure out what’s actually worth dedicating years of their life to. That’s why we’re finally opening up Forum. A highly selective 6-session program for exceptional talent to pressure-test ideas with real rigor. If that sounds like you, apply. If it sounds like someone you know, send them this.

Most startup programs are built for companies. Today, we’re publicly launching Forum built for the people who are about to start them. Forum is a highly selective, 6-session series for exceptional future founders who are still pre-company, but not far from starting one. The best founder talent may not need an accelerator, but they do need the right environment to pressure-test ideas, sharpen conviction, and figure out what is actually worth building. We know this because we have seen the results Forum has delivered for talent - from first-time founders to billion-dollar-exited ones. For years, Forum has run quietly in the background, first during my time @ Floodgate and now at Formation. Since starting our firm 18 months ago, Solly and I have had the privilege of working with 50+ extraordinary people. Many have gone on to raise millions from the best firms in the world. Forum is free. Each cohort is capped at 6 people. That constraint is a feature, not a bug. It creates a level of candor, rigor, and peer quality that is very hard to find elsewhere. We believe Forum is the highest-leverage two months of an aspiring founder’s professional career. Your idea may get stronger. It may get killed. Both are wins. If you are unusually high-agency and circling your life’s work, apply in the link in the comments. If you know someone who is in this state of mind, send them our way.

Dr. Chris Frueh is a clinical psychologist and former VA researcher who spent years studying the long-term effects of sustained operational stress. After working directly with hundreds of SOF operators, he identified a pattern ⬇️

Respectfully Saylor is wrong here on quantum. Specifically, he is wrong on four claims (I'm only focusing on the technical ones). Let me walk through each one. Claim 1: The consensus of the cyber security community is that quantum is not a threat for the next 10 years and thus no immediate action is needed. There is no such consensus. The opposite is true: every major national security and standards body in the world is actively mandating post-quantum migration right now, because the migrations themselves take a decade or more. NSA CNSA 2.0 requires all new National Security Systems to be quantum-safe before 2035 with most of that work being done in the next 5. NIST published finalized PQC standards (ML-KEM, ML-DSA, SLH-DSA) in August 2024 and released IR 8547 setting a target to deprecate all quantum-vulnerable public-key algorithms after 2030 and disallow completely by 2035. The UK NCSC set migration milestones for 2028, 2031, and 2035. These are not responses to a distant hypothetical. These are programs with compliance deadlines because the organizations that set them have concluded that starting now is barely early enough. Historically, it has taken a long time from the moment that a new algorithm is standardized until it is fully integrated into information systems. Past cryptographic migrations confirm this. The SHA-1 deprecation took about 7 years. The AES migration took around 5 years. The TLS 1.3 rollout took 3-5 years despite offering clear performance benefits. NIST has already concluded that PQC migration is fundamentally more complex than any of these precedents. The timeline argument ignores harvest-now-decrypt-later entirely. Adversaries are collecting encrypted data today for future decryption. The U.S. Federal Reserve published an analysis of this in September 2025, using Bitcoin as a case study. The threat is already active. Claim 2: When quantum hits, everything upgrades; banks, the internet, defense, Bitcoin. The internet is already upgrading. 52% of human web traffic on Cloudflare used post-quantum key exchange by December 2025, nearly doubling from 29% at the start of the year. Chrome ships ML-KEM for TLS. Apple enabled PQ TLS in iOS 26. OpenSSH has defaulted to post-quantum key agreement since version 9.0. Signal has post-quantum encryption. AWS and Google Cloud support PQC in their KMS products. Apple added ML-DSA and ML-KEM to CryptoKit as production APIs. Banks and payment networks are centralized. Visa pushes a firmware update or SWIFT changes a protocol spec. TLS upgrades are invisible to end users (if you use Chrome you use a TLS version that supports post-quantum and you didn't even know). These systems can and will migrate without their customers doing anything. Bitcoin cannot do this. Bitcoin requires a fork with global decentralized consensus. A PQC signature migration is categorically harder than previous forks: ML-DSA-44 signatures are 2,420 bytes versus 64 bytes for Schnorr, a 38x increase that breaks Bitcoin's existing SegWit weight economics, Script stack limits (520-byte maximum), and transaction propagation assumptions. A single ML-DSA-44 signature plus public key is several times larger than an entire typical single-input P2WPKH spend today. BIP-360 and QBIP exist as (great) proposals. Sadly, neither has an activation timeline. Enterprise PQC migration is much easier. These are organizations with executive authority to mandate changes, dedicated security teams, and established procurement processes. Bitcoin has none of these. Blockchain governance is structurally slower than centralized governance. The "everything upgrades together" framing also ignores the permanently exposed key problem. When banks upgrade TLS, old sessions don't matter, they were ephemeral. When Bitcoin upgrades, the ~6.9 million BTC with already-exposed public keys on the immutable ledger are still sitting there. You cannot un-publish a public key from a blockchain. Those coins need to be actively moved by their owners to new quantum-safe addresses. Approximately 1.72 million BTC in P2PK addresses, including Satoshi's estimated 1.1 million BTC, are likely permanently exposed because the private keys are lost. There is no banking equivalent to this. Banks do not maintain a public, permanent, immutable record of every customer's authentication key going back 17 years. Claim 3: Digital assets have the most advanced cryptographic security; more than banking, credit cards, stocks, etc This conflates trustlessness with cryptographic strength. They are not the same property. Bitcoin uses ECDSA over secp256k1. Your bank's TLS connection uses ECDHE over P-256 or X25519. These are the same class of cryptographic primitive, elliptic curve schemes whose security rests on the hardness of the discrete logarithm problem. Shors algorithm breaks both identically. Neither is "more advanced" than the other. What differs is what we call the defense-in-depth architecture around that primitive. A credit card tap-to-pay transaction involves: TLS with ephemeral key exchange, an EMV chip with hardware-bound keys in a certified secure element, tokenization so the merchant never sees the real card number, session-based key rotation, fraud detection, transaction reversal capability, and regulatory insurance. A Bitcoin transaction involves: one ECDSA signature. That is the entire authorization layer. No fraud department, no chargeback, no identity verification layer that can distinguish a legitimate owner from a quantum attacker holding the same derived private key. Once a forged signature is accepted by consensus, the transfer is irreversible. The systems Saylor describes as less secure are, in fact, already deploying post-quantum protections that Bitcoin has not yet started. They can do this because they are centralized. Bitcoin's decentralization, its core value proposition, is precisely what makes its quantum migration harder, slower, and later than every system he compared it to. Claim 4: The crypto community will be the first to spot the threat and move. This assumes a CRQC will be publicly announced. Nation-state adversaries have zero incentive to disclose a quantum capability. The entire intelligence value of a CRQC is that no one knows you have it. You harvest quietly, you decrypt quietly, you exploit quietly. What would "spotting it" look like on Bitcoin? A quantum attacker does not exploit a bug, bypass a firewall, or compromise a server. They produce valid signatures indistinguishable from the legitimate owner's, because mathematically, they hold the same key. If an attacker begins draining P2PK addresses, each theft is a correctly signed transaction. There is no intrusion detection system for the Bitcoin blockchain. Transactions are valid or they aren't. By the time someone notices a pattern across thousands of UTXOs, the damage is done and irreversible. And the empirical record directly contradicts the "first to move" claim. The current state of readiness: one BIP with no activation timeline, an ongoing debate about whether to freeze Satoshi's coins, and a quantum-vulnerable exposure surface that is only going up. The exposure is increasing, not decreasing, because address reuse continues to add more and more BTC to the vulnerable set. Meanwhile, the rest of the internet has already deployed PQC to billions of users without anyone noticing. Where things actually stand We maintain the Bitcoin Risq List, an open-source, continuously updated tracker of quantum-vulnerable Bitcoin at the address level. As of block height 936,882 (February 2026): approximately 6.9 million BTC across 13.9 million addresses have exposed public keys. Solana is 100% quantum-vulnerable as their address structure exposes the full public key. Deloitte's analysis found 65% of Ethereum is in quantum-vulnerable accounts. The internet started its post-quantum transition in 2022. National security systems have a 2027 compliance mandate. NIST targets deprecating and disallowing all quantum-vulnerable public-key algorithms well before 2035. The blockchain industry, which directly protects bearer value with the exact cryptographic primitives that a quantum computer breaks, has a BIP and a debate. The question is not whether quantum is a threat to digital assets. It is whether the industry will begin its migration before the window closes. The gap between the internet's pace of PQC adoption and the blockchain industry's pace is not a gap in awareness. It is a gap in urgency and importantly, the gap is not closed by asserting that the threat doesn't exist.

We’re not building for life behind a desk. That’s why our team joined @HawthornePD yesterday for ride-alongs. There’s no substitute for seeing the job up close. Thank you to the department for welcoming us.

Make it 2 fullstack engineers to come work on hard problems that affect the way food gets to your favorite restaurants.

Matt Levine’s “everything is securities fraud” walked So “everything is gambling” could run

Follow multi-stage funds for what is happening Follow pre-seed funds for what will happen Our piece from ~2 years ago agrees 😉

Re: the quantum threat to Bitcoin & blockchains, there are two broad takes: (1) Quantum won't be relevant for a long time, therefore there is no need for urgency. (2) Quantum is already relevant, and we need to act with urgency. FWIW the actual quantum physicists and security experts are increasingly in world (2). People that believe we're in world (1) are either armed with bad facts, bad assumptions, or just don’t want to think critically about the impact. 🧵

Venture capitalists showing up to invest in OpenClaw

Kudos to my partner @lmushin and his co-founders @projecteleven , who are quickly assembling the most badass team to define post-quantum security.

Project Eleven Raises $20M to Prepare Digital Asset Infrastructure for the Quantum Era Project Eleven, the leader in post-quantum security and migration for digital assets, today announced a $20 million Series A funding round led by Castle Island Ventures with participation from Coinbase Ventures, Fin Capital, Variant, Quantonation, Nebular, Formation, Lattice Fund, Satstreet Ventures, Nascent Ventures, and Balaji Srinivasan. The round comes as post-quantum cryptography becomes a planning priority for government and industry. Advances in quantum computing could eventually weaken elliptic curve cryptography (ECC), the public-key standard used by networks such as Bitcoin, prompting a staged transition across an ecosystem that secures more than $4 trillion in digital assets. Project Eleven is building the tools to make complex, multi-year migrations practical for networks and institutions, including readiness assessments, migration test environments, and deployment sequencing. “As quantum capabilities advance, the stakes couldn’t be higher. We can’t afford to ignore this existential risk posed to the digital asset ecosystem,” said Alex Pruden, CEO and Co-Founder of Project Eleven. “Trillions in value depend on these cryptographic assumptions. Networks like Bitcoin take years to upgrade because they’re governed cautiously by design. We’re focused on making the transition practical now, so the industry can migrate deliberately instead of improvising under pressure.” “Useful quantum computing is the biggest and most complex threat public blockchains have ever faced,” said Nic Carter, General Partner at Castle Island Ventures. “Project Eleven is building the practical bridge from research to real-world deployment.” Project Eleven is collaborating with the Solana Foundation and other leading protocols and Layer 1 ecosystems on post-quantum readiness planning and technical work. The company raised a $6 million seed round in June 2025 led by Variant and Quantonation, with participation from Castle Island Ventures, Nebular, and Formation. Project Eleven plans to unveil its next major product release in early 2026, adding capabilities for institutions, protocols, and end users looking to future-proof long-lived cryptographic systems. 🤝 @CastleIslandVC @nic_carter @cbventures @Fin_Capital_VC @variantfund @Quantonation @Nebularvc @formation_vc @lattice_fund @Satstreet @nascent @balajis 🤝 @apruden08 @conordeegan @graememoore @Dr_DAO_ @nuggimane 🤝