Solana Co-Founder Urges 2-of-3 Multisig Over AI-PQC Risk
Anatoly Yakovenko warned May 2 that AI could break post-quantum signatures and urged wallets to use 2-of-3 multisig combining different algorithms, supported by Solana Program Derived Addresses.
On May 2, Solana co-founder Anatoly Yakovenko warned that artificial intelligence could break post-quantum cryptographic signature schemes and urged wallet developers to adopt two-of-three multisig setups that combine different signature algorithms. He proposed native support through Solana’s Program Derived Addresses to allow wallets to mix signature types at the protocol level.
Yakovenko wrote that the industry does not yet fully understand mathematical or implementation weaknesses in post-quantum cryptography and that AI tools might find attacks faster than researchers expect. He added, “I think the biggest risk is that PQC signature schemes will get broken by AI; we don’t know all the implementation footguns even, let alone the math footguns.”
He recommended wallets require signatures from two of three independent schemes to reduce single-point failure risk. Two-of-three multisig means any two signatures from three distinct algorithms are needed, leaving funds protected if one algorithm is later found vulnerable.
Michael Egorov, founder of Curve Finance, questioned whether formal verification could close the gap. Yakovenko replied that verification helps only when developers know exactly what to verify and reiterated his preference for multiple schemes, writing, “If we know exactly what to verify. I’d still like 2/3 different signature schemes.”
The comments arrived as developers and researchers discuss quantum and AI risks to blockchain cryptography. Alex Thorn, head of firmwide research at Galaxy Digital, wrote that conversations in Las Vegas this week show a growing agreement on how to handle long-held Bitcoin addresses attributed to Satoshi Nakamoto.
Thorn noted Satoshi’s estimated 1.1 million BTC sits across about 22,000 pay-to-public-key addresses, roughly 50 BTC each, and that a long-range attack would need to break each address individually. He added custodial services and exchanges can move funds to post-quantum-ready addresses ahead of any Q-day and that markets have previously absorbed more than one million BTC of selling pressure.
Developers across multiple blockchains continue to debate whether wallet-level redundancy, protocol changes or migrations offer the most immediate protection. Implementation details, limits of formal verification and migration plans remain under discussion.
