Vitalik Buterin Warns Ethereum’s Cryptography Could Face Quantum Threats Sooner Than Expected

Ethereum co-founder Vitalik Buterin is sounding the alarm on quantum computing, and this time, he’s attaching real probabilities to what has long been treated as a distant, almost sci-fi threat. His message: the crypto world may have far less time than assumed to prepare.

A Non-Zero Chance of a 2020s Quantum Breakthrough

Pointing to forecasting platform Metaculus, Buterin noted that there is roughly a 20% probability that quantum computers capable of breaking today’s cryptography could emerge before 2030. The median estimate sits closer to 2040, but the tail risk, he argued, is large enough that Ethereum should start preparing now.

Speaking at Devconnect in Buenos Aires, he went even further warning that elliptic curve cryptography, the foundation of Ethereum and Bitcoin security, could be at risk before the 2028 U.S. election. His comments mark one of the clearest, most urgent public warnings he has made on the subject.

Why Quantum Computing Threatens Ethereum’s Security Model

Ethereum’s security relies heavily on elliptic curve cryptography, specifically ECDSA over the secp256k1 curve. Under classical computing, reversing a public key back into a private key is computationally impossible with current technology.

Quantum computing changes the equation. In fact, if a cryptographically relevant quantum computer (CRQC) becomes viable, Shor’s algorithm could solve the elliptic curve discrete logarithm problem efficiently, rendering today’s signatures insecure.

A critical nuance for Ethereum users:

• Unused addresses are relatively safe because only the hashed version of a public key is visible.
• Once you send a transaction, the public key becomes exposed, giving any future quantum attacker the information needed to derive the private key and empty the wallet.

That vulnerability applies to most externally owned accounts (EOAs), as well as many DAO treasuries and long-standing smart contract wallets.

Buterin’s “Quantum Emergency” Plan

Years before issuing public warnings, Buterin laid out a contingency proposal describing how Ethereum could react if a quantum breakthrough happened suddenly.

His emergency roadmap includes:

1. Rolling back the chain
Ethereum could revert to the last block before quantum-enabled theft became visible.

2. Freezing legacy EOAs
Accounts that rely on ECDSA signatures would be temporarily disabled from sending funds.

3. Migrating users to quantum-safe smart contract wallets
Users would submit zero-knowledge proofs showing they control a vulnerable key, allowing the network to automatically transfer their funds to a quantum-resistant contract wallet.

4. Batching STARK proofs
Large batches of proofs would keep gas costs manageable during a mass migration.

Though extreme, the plan is intended as a last-resort mechanism — not the preferred path.

Experts Remain Divided on Timelines

Quantum hardware specialists and cryptographers generally agree that no existing quantum computer can break modern cryptography today, according to Cointelegraph.

State-of-the-art systems, such as Google’s “Willow” chip or IBM’s planned fault-tolerance roadmap, remain far from the scale needed to attack real-world elliptic curve signatures. Academic estimates suggest millions, in some models hundreds of millions, of physical qubits would be required.

Still, the uncertainty is significant enough that governments have begun preparing. The U.S. National Institute of Standards and Technology (NIST) finalized its first post-quantum cryptography standards in 2024, and federal agencies are expected to transition in the next decade.

This backdrop reinforces Buterin’s argument: even if a break doesn’t arrive soon, the migration requires years of engineering, meaning the work must start early.

What Ethereum Must Change to Stay Safe

To prepare for accelerated quantum progress, several upgrades are already on Ethereum’s development horizon:

• Account abstraction and smart contract wallets (e.g., ERC-4337) to allow seamless signature upgrades.
• Adoption of NIST-approved post-quantum signature schemes, such as ML-DSA and hash-based alternatives.
• Overhauls to other cryptographic components, including BLS signatures, KZG commitments, and rollup proving systems, all of which rely on discrete log assumptions.
• A more flexible, “crypto-agile” protocol that can switch signature systems without requiring disruptive hard forks.

What Users Can Do Today

While quantum-grade attacks remain hypothetical, Buterin and other researchers recommend a few practical steps:

• Use wallets that support upgrades or contract abstraction.
• Limit address reuse; fewer exposed public keys mean fewer future risks.
• Track Ethereum’s eventual transition to quantum-safe signatures and prepare to migrate when tools are ready.

A Future Threat Worth Planning For

Buterin’s warnings do not imply that a quantum computer capable of cracking Ethereum is imminent. Instead, he argues that the long lead time needed to redesign global cryptographic infrastructure makes early preparation essential.

In his framing, quantum risk is like infrastructure planning for natural disasters, unlikely to strike tomorrow, but too consequential to ignore.