Key Takeaways
In late August 2025, Vitalik Buterin did something unusual for a crypto founder: he put a number on a fear that usually lives in vague terms.
In public comments that were widely picked up by crypto and tech outlets, he said there is “about a 20% chance” that quantum computers capable of breaking today’s cryptography could arrive before 2030, citing forecasts from the prediction platform Metaculus. According to those same forecasts, the median expectation for such “Q-day” capabilities is around 2040.
In other words:
That is the line Vitalik drew in the sand. He wasn’t claiming quantum computers exist today in any practical, crypto-breaking sense. He wasn’t predicting doom as a certainty. Instead, he was saying:
“The quantum threat is no longer just distant science fiction. It is a quantifiable near-term risk, and that’s enough reason to start preparing now.”
A few months later, at Devconnect in Buenos Aires in November 2025, he returned to the theme. In a talk that was mostly about Ethereum “ossifying” its base layer, he closed with a warning: future quantum computers could break elliptic-curve cryptography, and he urged the community to move Ethereum onto quantum-resistant foundations within a few years, even framing the risk in terms of the 2028 U.S. election as a visible milestone on the horizon.

So the 20% by 2030 number comes from his August 2025 public comments referencing Metaculus, and the “we need to move within four years” urgency shows up again at Devconnect Buenos Aires.
Bitcoin and Ethereum rely on elliptic-curve cryptography, specifically ECDSA over the secp256k1 curve, to secure private keys and validate transactions. Today, this system is essentially unbreakable using classical computers.
Quantum computers, however, introduce a different paradigm. A sufficiently advanced machine running Shor’s algorithm could calculate private keys from public keys, breaking the fundamental assumption that only the private-key holder can authorize transactions.
The consequences of such a breakthrough would be severe:
There are important nuances, though:
Vitalik Buterin’s comments on quantum computing weren’t meant to spark panic, they were meant to create clarity. His message centered on a few critical points that highlight why the industry must treat quantum readiness as a strategic priority, not a distant theoretical exercise.
Buterin made it clear that no current quantum computer can break Bitcoin, Ethereum, or any major cryptographic system today. The hardware is still far too limited, noisy, and small-scale to threaten real-world cryptography.
His central claim is that there’s a non-negligible probability, roughly one in five, that quantum-capable machines arrive before 2030, far earlier than most industry participants assume.
He also admitted that unlike traditional software, which can be upgraded quickly and quietly, blockchains require global consensus, careful migration, and long testing cycles. Because of this slow upgrade process, Buterin argues the industry must begin adopting post-quantum cryptography (PQC) well before quantum attacks become practical.
This is why Ethereum’s long-term roadmap, particularly the phase dubbed “The Splurge”, includes building an ecosystem that can operate securely in a post-quantum world.
Nick Szabo’s position is often mischaracterized as “the opposite” of Vitalik’s, but that’s not quite right. Szabo does not dismiss quantum risk. Instead, he frames the issue within a much longer time horizon and places greater emphasis on non-quantum threats facing Bitcoin today.
In conversations about long-term cryptographic risk, often brought up in the context of Satoshi’s early coins, Szabo has acknowledged that eventually, whether through quantum computing or other breakthroughs, someone may be able to break the encryption protecting those early outputs. This is effectively an admission that modern cryptography is not eternal.
What he does not do is assign a specific probability or timeline. Unlike Vitalik, who explicitly mentions “20% by 2030,” Szabo treats quantum as an inevitable endgame rather than a near-term crisis.
Szabo is famous for his analogy describing a Bitcoin transaction as a fly trapped in amber, the more blocks that accumulate around it, the harder it becomes to dislodge. Applied to quantum concerns, this metaphor highlights his view that Bitcoin’s security strengthens over time, and that deeply buried history is extraordinarily difficult to unwind even in the presence of powerful adversaries.
More recently, Szabo has spent far more time emphasizing legal, social, and governance threats:

For Szabo, quantum is a real but distant threat, whereas law and governance are the risks already shaping crypto today.
Adam Back, CEO of Blockstream and one of the original cypherpunks, offers the clearest counterbalance to Vitalik’s urgency. His stance is straightforward:

Back emphasizes the enormous gap between today’s quantum machines and the theoretical “cryptographically relevant” quantum computer that would be needed to break ECDSA or SHA-256. The machines currently built are noisy, low-qubit prototypes, while a real threat would require thousands to millions of error-corrected qubits.
From his perspective, this gap represents decades of breathing room.
Back frequently points out that standardized post-quantum signature schemes already exist. If and when the threat becomes more concrete, Bitcoin can adopt these through soft forks or, if necessary, a hard fork.
In his framing, Bitcoin is not painted into a corner. It can evolve safely, deliberately, and without panic.
Back does acknowledge one specific vulnerability: early Bitcoin outputs, especially those linked to Satoshi, have exposed public keys and would be prime targets in a future quantum era. But he frames this as a practical operational issue that will be addressed when the time is right, not a current existential threat.
| Viewpoints on quantum threat | Core view | Timing outlook | Main concern | Recommended approach |
| Vitalik Buterin: The Tail-Risk Planner | Quantum threat is real enough to plan for now | 20% chance by 2030; median around 2040 | Early-arrival quantum shock breaking ECDSA | Begin integrating post-quantum cryptography into Ethereum’s roadmap today |
| Nick Szabo: The Long-View Realist | Cryptography will eventually be broken | Eventual, long-term inevitability | Legal, governance, and institutional attack surfaces | Harden systemic resilience; treat quantum as a future certainty, not an immediate crisis |
| Adam Back: The Runway Optimist | Quantum threat is real but distant | 20–40+ years away; current forecasts overstated | Overreaction causing unnecessary or risky protocol changes | Steady research; adopt PQC when the threat is clearer, not prematurely |
Today? No.
There is no evidence that any existing quantum computer can break ECDSA or compromise Bitcoin or Ethereum’s core security.
Long-term? Yes, if they fail to evolve.
All three thinkers ultimately agree on foundational points:
Where they differ is when the industry should act:
The balanced take is:
Bitcoin and Ethereum are not doomed, but their longevity depends on planning for a world where quantum computing is real.
Vitalik’s 20% estimate is not a prophecy, it is a call to avoid complacency. If these networks are meant to endure for generations, they must be engineered for the technological landscape of the future, not just the present.
No. Today’s quantum computers are far too small and unstable to break ECDSA, the core cryptography behind Bitcoin and Ethereum. The threat is long-term, not present-day. Vitalik argues that upgrading a global blockchain takes years, not months. Because migration to post-quantum cryptography is complex and high-stakes, he believes preparation must begin before quantum computers become capable. Szabo doesn’t dismiss quantum; he simply believes legal, governance, and institutional threats are more urgent. In his view, governments and centralized chokepoints are already shaping crypto’s security landscape – long before quantum becomes practical. Yes. Both chains can adopt post-quantum signature schemes through upgrades. Ethereum’s roadmap already includes this direction, while Bitcoin can implement PQC via soft forks or hard forks when the threat becomes clearer.