I don't think he is saying that. As I said in my other comment here I think he is just drawing a potential parallel to other historic work that was done in a private(secret) domain. The larger point is we simply don't know so it's best to act in a way that even if it hasn't been done already it certainly seems like it will be broken. Hence the move to Post-Quantum Cryptography is probably a good idea!
Aaronson says:
> This is the clearest warning that I can offer in public right now about the urgency of migrating to post-quantum cryptosystems...
That has a clear implication that he knows something that he doesn't want to say publically
Very much so. But the specificity and severity of what he knows is not clear just from this. Not necessarily to the point of "bright flashing warning lights" as the top-level comment put it. Anyway, I certainly am glad that people are (as far as I can tell?) more or less on top of the post-quantum transition.
a crypto system is expected to resist for 30 years.
it doesnt need to be imminent for people to start moving now to post-quantum.
if he thinks we are 10 years away from QC, we need to start moving now