Anatoly Yakovenko dropped two warnings on X this week, back to back. First: AI could crack post-quantum cryptography signature schemes before the industry finishes deploying them. Second: Ethereum Layer 2 networks are not quantum safe. His exact words on L2s were โabandon all hope.โ
Coming from the co-founder of a network that just shipped its own quantum-resistant implementation, the timing is not subtle. But the technical argument underneath the trash talk is real, and it applies to every chain running elliptic curve cryptography. That is all of them.
The risk Yakovenko is actually describing
Post-quantum cryptography is supposed to be the fix. Replace ECDSA and EdDSA with algorithms that quantum computers cannot crack, and blockchain signatures stay secure even after Q-Day. The problem, according to Yakovenko, is that PQC schemes themselves might be breakable. Not by quantum computers. By AI.
He pointed to two categories of vulnerability. The math footguns: unknown weaknesses in the mathematical structures underlying PQC algorithms. And the implementation footguns: bugs and side-channel leaks in how those algorithms are actually coded and deployed. The industry, he said, does not fully understand either one.
His proposed solution is practical. Use two-of-three multisig wallets that combine multiple signature schemes. If one gets broken, the others hold. He tagged Fuse Wallet and suggested Solana could support this natively through Program Derived Addresses in its transaction processor. Curve Finance founder Michael Egorov responded by asking whether formal verification could close the gap. Yakovenko did not say it could.
Solana already picked Falcon-512. Most chains havenโt picked anything.
The Solana Foundation announced on April 27 that its technical teams, Anza and Firedancer, selected the Falcon digital signature scheme for post-quantum security. Initial implementations are on GitHub. The work is moving from research into production hardening.
Compare that to the rest of the field. Ethereumโs quantum readiness roadmap targets 2029, working through upgrades code-named Glamsterdam and Hegota. Algorand has a Falcon migration roadmap in progress. Bitcoin developers are still debating whether to freeze $440 billion in old coins as a quantum precaution, with no formal implementation plan. Cardano is developing peer-reviewed post-quantum protocols but has not shipped anything to mainnet.
Q-Day, the point at which quantum computers can crack current blockchain cryptography, is projected around 2029. That gives the industry roughly three years. Regulatory timelines are already moving: G7 and EU frameworks require quantum security planning by 2026, infrastructure migration by 2030-2032, and full transition by 2035.
โHarvest now, decrypt laterโ is the scenario nobody wants to think about
Yakovenko also flagged a specific attack vector. When a transaction is broadcast, the public keys become visible on the blockchain. An attacker could collect those keys now, store them, and decrypt the corresponding private keys later using Shorโs algorithm on a future quantum computer. This is the โharvest now, decrypt laterโ threat.
Every blockchain using ECDSA or EdDSA is exposed. Bitcoin, Ethereum, Solana before its upgrade, all of them. The recent proposal to clone and resell Satoshiโs Bitcoin stash through an eCash fork touched on the same vulnerability from a different angle: what happens to coins sitting in addresses with exposed public keys?
The underlying architecture of blockchain networks assumes that private keys cannot be derived from public keys. Quantum computing could break that assumption. AI accelerating the timeline to that break is what Yakovenko is warning about.
The L2 comment is competitive, but the math checks out
Yakovenko saying โEthereum L2s are not quantum safe, abandon all hopeโ is obviously provocative. It is also technically correct. Layer 2 networks inherit the cryptographic primitives of their base layer. If Ethereum L1 uses quantum-vulnerable signatures, every rollup built on top of it is equally exposed. Upgrading L1 does not automatically upgrade L2s, which adds another migration layer to an already complex process.
He also took a shot at L2 economics, arguing that too many rollups fragment liquidity and split user communities, weakening network effects. That is a separate debate, but it feeds into his broader point: Ethereumโs scaling strategy adds complexity in a moment when the security stack needs to get simpler and stronger, not more layered.
Solanaโs bet is that doing quantum cryptography on a single execution layer is easier than coordinating it across dozens of L2s. Whether that bet pays off depends on whether Falcon-512 holds up under real-world adversarial conditions. Which brings us back to Yakovenkoโs original point: we do not yet know if it will.
