Key takeaways
Buterin sees a nontrivial 20% chance that quantum computers could break current cryptography before 2030, and he argues that Ethereum should begin preparing for that possibility.
A key risk involves ECDSA. Once a public key is visible onchain, a future quantum computer could, in theory, use it to recover the corresponding private key.
Buterin’s quantum emergency plan involves rolling back blocks, freezing EOAs and moving funds into quantum-resistant smart contract wallets.
Mitigation means smart contract wallets, NIST-approved post-quantum signatures and crypto-agile infrastructure that can swap schemes without chaos.
In late 2025, Ethereum co-founder Vitalik Buterin did something unusual. He put numbers on a risk that is usually discussed in sci-fi terms.
Citing forecasting platform Metaculus, Buterin said there is “about a 20% chance” that quantum computers capable of breaking today’s cryptography could arrive before 2030, with the median forecast closer to 2040.
A few months later at Devconnect in Buenos Aires, he warned that elliptic curve cryptography, the backbone of Ethereum and Bitcoin, “could break before the next US presidential election in 2028.” He also urged Ethereum to move onto quantum-resistant foundations within roughly four years.
According to him, there is a nontrivial chance of a cryptographically relevant quantum computer arriving in the 2020s; if so, then the risk belongs on Ethereum’s research roadmap. It should not be treated as something for a distant future bucket.
Did you know? As of 2025, Etherscan data shows more than 350 million unique Ethereum addresses, highlighting how widely the network has grown even though only a small share of those addresses hold meaningful balances or remain active.
Why quantum computing is a problem for Ethereum’s cryptography
Most of Ethereum’s security rests on the elliptic curve discrete logarithm (ECDLP) equation, which is the basis for the elliptic curve digital signature algorithm (ECDSA). Ethereum uses the secp256k1 elliptic curve for these signatures. Simply:
Your private key is a large random number.
Your public key is a…
..
