He hacked voting machines for the government. Now he’s trying to fix crypto’s trust problem.
Michal “Mehow” Pospieszalski spent two decades watching security get bolted on after the damage was done. AmericanFortress is his attempt to stop that pattern.
You're reading Entrepreneur United Kingdom, an international franchise of Entrepreneur Media.
Some people see the break coming before anyone wants to hear it. Michal “Mehow” Pospieszalski has built a career on it.
In the mid-2000s, he was one of a handful of white-hat hackers hired by the U.S. government to audit electronic voting machines. He found the vulnerabilities. Wrote them up. Filed the reports. Then watched the reports get blacklined, and the machines get deployed anyway, with the fixes still pending. “After crypto introduced online money, all the work that wasn’t done in the software industry as a whole became glaringly apparent,” he says.
The same pattern kept surfacing across other software industries for years. “All the problems I found with voting machines in 2005 were glaringly apparent in the 2020 controversy,” Pospieszalski said. And he would know, having worked as a forensic analyst for the plaintiffs in the 2021 Antrim County “vote flipping” case, where he saw it firsthand.
That has followed him across three decades of work: through government network contracts along the DC Beltway, through 70-plus certification exams he passed in his twenties, through 13 patents filed at AmericanFortress, the company he founded to solve a problem that’s quietly draining $1.2 billion a year from American crypto users.
The problem is the wallet address. Specifically, the fact that you send money in crypto the same way you’d have sent email in 1993, by copying a 42-character string and hoping you got every character right. One wrong letter and the money is gone. No reversal, no recourse, no one to call. Phishing attacks prey on exactly this: install malware that replaces the correct address with the hacker right before someone hits send, and the funds go somewhere else entirely.
Pospieszalski’s answer is called Send-to-Name. Instead of “0x4a3B…c91F,” you send to a username. AmericanFortress generates a one-time stealth address for each transaction – unique to that sender-receiver pair, never reused, never visible on chain. The recipient gets the funds. Nobody else gets the address. The phishing attack has no surface to grab hold of, because addresses are now an implementation detail of an easy-to-use feature, not the feature itself.
The long way to a simple idea
Pospieszalski grew up in Poland, came to the United States, and put himself through the University of Virginia on a combination of hustle and an unusually broad curiosity. His degree is in Echols Interdisciplinary Studies, a program UVA reserves for students who can’t be confined to a single department. His transcript reflects that: acting, computer science, and nursing. He picked up a pilot’s license somewhere along the way. He’s also a certified EMT. The point isn’t the credentials; it’s the pattern. He learns things until he understands how they break.
That instinct landed him in cybersecurity almost by accident. In the early 2000s, security consultants were rare, and demand was suddenly everywhere. Pospieszalski got contracts with government agencies and defense-adjacent firms, auditing systems that couldn’t afford to fail – voting infrastructure, intelligence gathering tools, gaming devices. He was consistently the first person to tell clients things they didn’t want to hear.
“I saw the same thing every time,” he says. “The system works fine until it doesn’t. Then everyone acts surprised.”
By 2020, he’d shifted his attention to crypto. The security problems there were different in form but identical in structure: the industry had built an enormously complex financial system and then made users responsible for its most fragile piece. Every day, people lost money not because the blockchain was hacked but because a human copied an address wrong, or clicked a link they shouldn’t have, or trusted a wallet interface that had been quietly replaced by a fake one.
He co-founded AmericanFortress that year, building foundational infrastructure for secure crypto transactions: chain-agnostic, compliance-ready, designed for both retail users and institutions. The Send-to-Name concept was born there. AmericanFortress took that idea and built a full consumer-facing product on top of it: a wallet where you send to a name, your balance stays private through zero-knowledge proofs, and every transaction is KYC/AML compliant without requiring you to expose your identity on a public ledger.
Why now
The timing isn’t accidental. Two things happened simultaneously, making the problem harder to ignore.
First, AI agents started moving money. As autonomous systems begin executing on-chain transactions without human oversight, the wallet addresses problem compounds. A phished human can stop, call their bank, tell someone. A phished AI agent cannot. It just keeps executing. The attack surface grew, and nobody had built infrastructure to handle it.
Second, quantum computing stopped being theoretical. In April 2026, Grayscale Research argued that the harder challenge for quantum-proofing Bitcoin isn’t engineering; it’s governance, specifically what to do with millions of legacy wallets whose public keys are already exposed onchain. Pospieszalski had been thinking about this since before it was a mainstream concern. In May 2026, AmericanFortress raised an $8 million seed round co-led by SAVA Digital Asset Fund, Moon Pursuit Capital, and 0G Labs, and filed a patent for quantum-resistant transaction signing – a retrofit designed to work with existing blockchains without requiring a hard fork.
The Satoshi wallets came up. Roughly 1.1 million BTC, belonging to Bitcoin’s anonymous creator and untouched for over a decade, could theoretically be drained by a quantum computer running Shor’s algorithm once such hardware becomes available. AmericanFortress’s proposed soft-fork mechanism would defensively freeze those wallets – and millions of other pre-BIP32 addresses – until the community decides what to do with them. “Our protocol can automatically freeze and protect these funds,” Pospieszalski told one publication. “Even Satoshi’s wallets can be secured with a small BIP update.”
Whether that happens is a question of Bitcoin governance, not a technical one. But the fact that he’s already building for it tells you something about how far ahead he tends to think.
The thing he keeps coming back to
Ask Mehow Pospieszalski about the problem he’s solving, and he gets specific fast. He doesn’t want to talk about “the future of digital trust” in the abstract. He wants to talk about what happens when you send $50,000 to an address you’ve checked three times, and it still ends up in the wrong wallet because someone replaced a character at the last second while it sat in your clipboard.
“Security isn’t just encryption,” he says. “It’s a system designed so people don’t have to choose convenience over control.”
That framing comes directly from his government work, from watching agencies deploy systems that were technically secure but operationally unusable, so users routed around them. The secure path was always the inconvenient one. People took the convenient path. Breaches followed.
His bet with AmericanFortress is that those two things don’t have to be in conflict. Send to a name. Get quantum-proof protection under the hood. Satisfy KYC without exposing your wallet to every counterparty you’ve ever transacted with. The user does less. The security does more.
Backed by Moon Pursuit, SAVA Fund, and 0G Labs, committed to being the first chain to deploy quantum-proof signing in production, AmericanFortress is no longer just a whitepaper. The wallet is in beta. The SDK is out. The $AF token generation event is targeting early Q3 2026.
He’s been right about security problems before anyone wanted to hear it. The question now is whether the market catches up fast enough to matter.
Some people see the break coming before anyone wants to hear it. Michal “Mehow” Pospieszalski has built a career on it.
In the mid-2000s, he was one of a handful of white-hat hackers hired by the U.S. government to audit electronic voting machines. He found the vulnerabilities. Wrote them up. Filed the reports. Then watched the reports get blacklined, and the machines get deployed anyway, with the fixes still pending. “After crypto introduced online money, all the work that wasn’t done in the software industry as a whole became glaringly apparent,” he says.
The same pattern kept surfacing across other software industries for years. “All the problems I found with voting machines in 2005 were glaringly apparent in the 2020 controversy,” Pospieszalski said. And he would know, having worked as a forensic analyst for the plaintiffs in the 2021 Antrim County “vote flipping” case, where he saw it firsthand.