10 December 2025
Vitalik Buterin, co-founder of Ethereum, recently noted that there's a significant chance—around 20%—that quantum computers could break current cryptographic security before 2030. This prospect has enormous implications for Ethereum's security and calls for proactive measures. But it's not just a theoretical exercise; in practice, it could have far-reaching consequences for investors and developers within the ecosystem.
The risks are particularly associated with the elliptic curve digital signature algorithms (ECDSA) that Ethereum and Bitcoin use. Once a public key is exposed on the blockchain, a powerful quantum computer can theoretically use this key to determine the corresponding private key. This means that if a public key is ever exposed, the security of that key is compromised. wallet at risk in a future quantum attack.
Ethereum's security relies on the elliptic curve discrete logarithm (ECDLP) equation. Ethereum uses the secp256k1 elliptic curve for digital signatures. The process is relatively simple: your private key is a large random number, your public key is a point on the elliptic curve derived from this private key, and your address is a hash of that public key.
On classical hardware, it's easy to go from a private key to a public key, but going back is considered nearly impossible. This asymmetry makes a 256-bit key practically impenetrable. Quantum computers, however, threaten this asymmetry. Shor's algorithm demonstrates that a powerful quantum computer can solve the discrete logarithm equation, which undermines the foundations of numerous cryptographic systems, including the ECDSA.
The Internet Engineering Task Force and the National Institute of Standards and Technology (NIST) now recognize that classical elliptic curve systems are vulnerable to cryptographically relevant quantum computers. This means that while the public key appears secure for now, the risks increase once a transaction is sent and the public key becomes visible on the blockchain. For many users and smart contracts, this means their wallets are compromised once it is exposed.
Buterin's recent statements are twofold. First, he points to projections from Metaculus, which estimate the probability that quantum computers will be able to break current public cryptography before 2030 at around 20%—with the median prediction around 2040. This suggests that even in the long run, the risk is too significant to ignore.
He also suggested on Devconnect that there's a chance ECDSA will become unsafe before the 2028 US presidential election. Comparisons to safety engineering are appropriate here; while the risk of a major earthquake isn't enough to evacuate an entire city, it does justify strengthening the infrastructure.
Even before these recent warnings, Buterin outlined a "hard fork" plan in a 2024 post, which would allow Ethereum to respond to a potential quantum crisis. In the event of a quantum computing breakthrough that leaves users facing the loss of their ECDSA-secured wallets, Ethereum could consider rolling back the blockchain to the last uncompromised block, disrupting traditional externally custodial accounts (EOAs) to prevent further theft, and introducing newer transaction types.
Such an approach would facilitate the migration to quantum-resistant smart contracts. Crucially, these plans are a last resort, but the necessary infrastructure and mechanisms must be established now as a design requirement for Ethereum's future viability.
While Buterin is basing his work on public projections, what do hardware and cryptography experts have to say? The arrival of Google's Willow chip in 2024 has set the bar for advanced quantum processors, but experts like Google's quantum AI director have made it clear that current quantum technologies are incapable of breaking modern cryptography. The estimate that thousands of physical qubits are required to compromise RSA puts us at least a decade into the future, while there seems to be a consensus in academia that a global transition to post-quantum cryptography is necessary.
Nevertheless, by encouraging federal systems to move towards post-quantum solutions, NIST can underscore the urgency. This makes Buterin's estimate of a 20% by 2030 vulnerable to a complex playing field in which uncertainty and migration time are crucial factors.
The evolutionary step toward account abstraction and smart contract wallets offers the opportunity to be better prepared for quantum threats. By moving users to upgradeable wallets, Ethereum can ease the transition to new signature methods without major hard forks. At the same time, Ethereum will have to carefully select and test post-quantum signature families, which may entail significant trade-offs.
The common challenge is that the implications of quantum security extend beyond user accounts; other architectural elements, such as BLS signatures and rollup systems, also require revision. The social and governance aspects should not be underestimated; coordinating such changes can be challenging both politically and operationally.
What are the main risks of quantum computers for Ethereum?
Quantum computers can break cryptographic safeguards such as ECDSA, especially for wallets whose public keys have previously been exposed on the blockchain, putting assets at risk.
How much time do we have before quantum computers become a threat?
Estimates suggest it will take another 10 to 20 years before cryptographically relevant quantum computers are available, but experts and policymakers are taking the risks seriously enough to consider measures.
What measures can Ethereum take to prepare for the quantum threat?
Ethereum can proactively transition to quantum-resistant signatures, implement account abstraction, and prepare infrastructure that can quickly switch to new cryptographic standards.
Bitcoin (BTC)
Ethereum (ETH)
XRP (XRP)
