Vitalik Buterin Sounds the Alarm: Quantum Threat Could Hit Ethereum Before 2028

At the Devconnect conference in Buenos Aires, Ethereum’s co-founder issued an unprecedented warning: the elliptic curves securing Bitcoin and Ethereum “are going to die“. With a 20% probability that quantum computers could break current cryptography before 2030, the crypto industry has less than four years to migrate to quantum-resistant systems.

20% Probability Before 2030: Vitalik’s Numbers

In late 2025, Vitalik Buterin did something unusual for a risk usually discussed in science fiction terms: he put numbers on it. Citing forecasts from the Metaculus platform, he estimated there is about a 20% chance that quantum computers capable of breaking current cryptography could arrive before 2030. The median forecast sits closer to 2040.

A few months later at Devconnect in Buenos Aires, Buterin hardened his tone: ‘Elliptic curves are going to die,’ he declared, citing research suggesting that quantum attacks on 256-bit elliptic curves could become feasible before the 2028 US presidential election.

These statements are not meant to create panic, but to mobilize action. As Buterin summarized: “Quantum computers will not break cryptocurrency today. But the industry must begin adopting post-quantum cryptography well before quantum attacks become practical.“

Why ECDSA Is Vulnerable to Quantum Computing

Ethereum’s security (like Bitcoin’s) relies on the ECDSA (Elliptic Curve Digital Signature Algorithm) using the secp256k1 curve. The principle is simple: your private key is a large random number, your public key is a point on the curve derived from that private key, and your address is a hash of that public key.

On classical hardware, going from private key to public key is easy, but the reverse is considered computationally infeasible. This asymmetry is what makes a 256-bit key effectively impossible to guess.

Quantum computing threatens this asymmetry. Shor’s algorithm, proposed in 1994, demonstrates that a sufficiently powerful quantum computer could solve the discrete logarithm equation (and related factorization equations) in polynomial time – which would compromise RSA, Diffie-Hellman, and ECDSA schemes.

Buterin highlights a crucial subtlety: if you have never spent from an address, only the hash of your public key is visible onchain (which remains quantum-resistant). But once you send a transaction, your public key is revealed – giving a future quantum attacker the raw material needed to recover your private key.

Google Willow: An Acceleration Signal

Buterin’s warnings come amid accelerating technological progress. In December 2024, Google unveiled Willow, its 105 superconducting qubit quantum processor. The chip completed a computation in under five minutes that would take today’s supercomputers approximately 10 septillion (10²⁵) years.

More significantly: Willow demonstrated “below threshold” quantum error correction, where increasing the number of qubits reduces the error rate instead of increasing it. This is a major breakthrough sought for nearly 30 years.

However, Hartmut Neven, director of Google Quantum AI, clarified that “the Willow chip is not capable of breaking modern cryptography.” He estimates that breaking RSA would require millions of physical qubits and remains at least 10 years away.

Academic analyses converge: breaking 256-bit elliptic curve cryptography within an hour would require tens to hundreds of millions of physical qubits – far beyond current capabilities. But IBM and Google roadmaps target fault-tolerant quantum computers by 2029-2030.

Ethereum’s Quantum Emergency Plan

Well before these public statements, Buterin had published a 2024 post on Ethereum Research titled “How to hard-fork to save most users’ funds in a quantum emergency.” This plan describes what Ethereum could do if a quantum breakthrough caught the ecosystem off guard:

• Detect the attack and rollback: Ethereum would revert the chain to the last block before large-scale quantum theft became visible.
• Disable legacy EOA transactions: Traditional externally owned accounts (EOAs) using ECDSA would be frozen, cutting off further theft through exposed public keys.
• Migrate to smart contract wallets: A new transaction type would let users prove (via a STARK zero-knowledge proof) that they control the original seed, then migrate to a quantum-resistant smart contract wallet.

This plan remains a last-resort recovery tool. Buterin’s argument is that the necessary infrastructure – account abstraction, robust ZK systems, standardized post-quantum signature schemes – can and should be built now.

Post-Quantum Cryptography: Existing Solutions

The good news: solutions already exist. In 2024, NIST (National Institute of Standards and Technology) finalized its first three post-quantum cryptography (PQC) standards: ML-KEM for key encapsulation, ML-DSA and SLH-DSA for signatures.

These algorithms, based on lattice networks or hash functions, are designed to resist Shor’s algorithm attacks. A 2024 NIST/White House report estimates $7.1 billion to migrate US federal systems to PQC between 2025 and 2035.

On the blockchain side, several projects are working on this transition. Naoris Protocol is developing a decentralized cybersecurity infrastructure natively integrating post-quantum algorithms compliant with NIST standards. In September 2025, the protocol was cited in a submission to the US SEC as a reference model for quantum-resistant blockchain infrastructure.

Naoris’s approach relies on a mechanism called dPoSec (Decentralized Proof of Security): every device in the network becomes a validator node that verifies in real-time the security state of other devices. Combined with post-quantum cryptography, this decentralized mesh eliminates single points of failure in traditional architectures.

What Needs to Change in Ethereum

Several threads are already converging on the protocol and wallet side. Account abstraction (ERC-4337) allows migrating users from EOAs to upgradeable smart contract wallets, making it easier to swap signature schemes without emergency hard forks. Some projects already demonstrate Lamport or XMSS-style quantum-resistant wallets on Ethereum.

But elliptic curves aren’t just used for user keys. BLS signatures, KZG commitments, and some rollup proving systems also rely on discrete log hardness. A serious quantum-resilience roadmap needs alternatives for all these building blocks.

According to data published by Naoris Protocol, its testnet launched in January 2025 processed over 100 million post-quantum secure transactions and mitigated over 600 million threats in real-time. The mainnet is scheduled for Q1 2026, offering a ‘Sub-Zero Layer’ infrastructure capable of operating beneath existing blockchains.

Dissenting Voices: Back and Szabo Urge Caution

Not all experts share Buterin’s urgency. Adam Back, Blockstream CEO and Bitcoin pioneer, argues the quantum threat is ‘decades away’ and recommends “steady research rather than rushed or disruptive protocol changes.” His concern: panic-driven upgrades could introduce bugs more dangerous than the quantum threat itself.

Nick Szabo, cryptographer and smart contract pioneer, views quantum risk as “eventually inevitable” but places greater emphasis on current legal, social, and governance threats. He uses the metaphor of a “fly trapped in amber“: the more blocks that accumulate around a transaction, the harder it becomes to dislodge – even with powerful adversaries.

These positions are not incompatible with Buterin’s: they reflect different time horizons. The emerging consensus seems to be that migration should begin now, even if the attack isn’t imminent – precisely because transitioning a decentralized network takes years.

What Crypto Holders Need to Remember

For traders, the message is clear: continue normal operations while staying informed about protocol upgrades. For long-term holders, the priority is ensuring that chosen platforms and protocols are actively preparing for a post-quantum future.

A few best practices to reduce exposure: prefer wallets and custody setups that can upgrade their cryptography without forcing a move to new addresses, avoid address reuse (fewer public keys exposed onchain), and track Ethereum’s post-quantum signature choices to migrate once robust tooling becomes available.

The 20% probability by 2030 also means there’s an 80% chance that quantum computers won’t threaten crypto within that timeframe. But in a $3 trillion market, even a 20% risk of catastrophic security failure demands serious attention.

As Buterin summarizes: quantum risk should be treated the way engineers think about earthquakes or floods. It’s unlikely to destroy your house this year, but likely enough over a long horizon that it makes sense to design the foundations with that in mind.

La Rédaction C.

The Cointribune editorial team unites its voices to address topics related to cryptocurrencies, investment, the metaverse, and NFTs, while striving to answer your questions as best as possible.