Ethereum's Strawmap: Vitalik's Plan to Quantum-Proof Your Wallet by 2029

Can a Quantum Computer Steal My ETH?

Not today — and probably not for several years. But the threat window is narrowing faster than the industry expected, which is exactly why Ethereum's developers are moving now rather than later.

On March 30, 2026, Google Quantum AI (working with researchers from UC Berkeley, Stanford, and the Ethereum Foundation) published a paper with an uncomfortable finding: breaking the elliptic-curve cryptography that secures Ethereum wallets might require fewer than 1,200 logical qubits — roughly 20 times fewer than earlier academic estimates. They also flagged more than five potential attack paths and estimated over $100 billion in Ethereum assets could be at risk.

That number sounds alarming. Here's the honest context: today's best quantum machines have far fewer stable, error-corrected qubits than 1,200. But "far fewer" no longer means "effectively impossible" — it means engineers have a window, and they now know roughly how wide it is.

Why Ethereum Is More Exposed Than Bitcoin

If you've read our explainer on quantum computing and Bitcoin, you know that Bitcoin holders who never spend from an address keep their public key hidden behind a cryptographic hash. That provides a layer of natural protection.

Ethereum doesn't work the same way. Ethereum uses an account model — think of it like a bank account number that stays the same across transactions — rather than Bitcoin's system of using fresh addresses. Every time you send ETH or interact with a smart contract, your public key is permanently written to the blockchain. That permanent record is exactly what Shor's algorithm — the quantum technique at the core of the threat — would exploit.

The exposure is already significant. Google's researchers estimate the top 1,000 Ethereum wallets and at least 70 major smart contracts are currently vulnerable in this sense. If you've ever sent a transaction from your ETH address, your public key is on-chain. That's the attack surface.

The Strawmap: Seven Forks, Four Years

On February 26, 2026, Vitalik Buterin published what he called the Strawmap — a name that blends "strawman" and "roadmap," deliberately signaling the document is open to revision. The plan schedules seven hard forks between roughly 2026 and 2029, targeting full quantum resistance across wallets, validators, and smart contracts.

The first two forks are already confirmed: Glamsterdam (H1 2026, which primarily targets gas fees and throughput) and Hegotá (H2 2026). Hegotá is where the quantum work begins in earnest — it's expected to include EIP-8141, a proposal enabling native account abstraction.

Think of EIP-8141 like an apartment building allowing each tenant to install their own quantum-proof deadbolt on their own schedule, rather than forcing the landlord to re-key every unit simultaneously. Each wallet owner can opt into a quantum-resistant signature scheme independently, making the migration gradual and voluntary rather than a single disruptive cutover. The full Strawmap introduces six new quantum-resistant signature schemes and 13 new EVM precompiles to support the transition. NIST, the U.S. standards body, plans to deprecate the current signature standard (ECDSA) by 2030 and fully disallow it by 2035 — giving Ethereum's 2029 target meaningful alignment with the broader industry deadline.

The Real Costs of Going Quantum-Safe

Here's the tradeoff the roadmap doesn't obscure: quantum resistance is not free. Replacing today's ZK-SNARK proofs with quantum-resistant STARK proofs costs approximately 10 million gas, versus 300,000–500,000 gas today — a 20 to 30 times increase in computational overhead. That affects DeFi transaction fees, Layer 2 economics, and staking rewards during the transition window.

The Ethereum community is aware of this tension. The Strawmap's phased approach exists partly to give researchers time to optimize quantum-resistant schemes and reduce that cost before forcing a hard cutover. Anyone who tells you quantum-proofing Ethereum comes without tradeoffs is oversimplifying.

The Migration Window: Reading the Runway

Here's where things get concrete. IBM's current roadmap targets roughly 200 logical qubits by 2029 on its "Starling" fault-tolerant system. An ECDSA attack on Ethereum needs 1,200. That gap — 200 versus 1,200 — is Ethereum's migration runway. Engineers know roughly how wide it is, which is precisely why the Strawmap targets 2029 completion.

There's also a subtler risk worth naming: "harvest now, decrypt later." Sophisticated adversaries could be recording Ethereum transaction data right now and storing it for decryption once quantum hardware matures. The migration must complete before Q-Day — not after. This is why urgency is real even while no quantum computer poses an immediate threat. Ethereum's dedicated tracking resource at pq.ethereum.org follows migration progress and EIP status in real time.

What Can You Do Right Now?

First, check whether your primary ETH address has ever sent a transaction. If it has, your public key is permanently on-chain — that's the technically exposed state. It's not an emergency today, but it means future upgrade steps will matter to you. EIP-8141's voluntary opt-in, expected with the Hegotá fork in H2 2026, will be the path toward a quantum-safe wallet when it arrives.

Second, think about where your private keys actually live. Hot wallets connected to the internet carry a broader attack surface — from phishing and malware today, and from quantum threats eventually. While the protocol-level migration plays out over 2026–2029, keeping significant holdings in cold storage reduces your exposure to both present and future threats. A hardware wallet like Ledger keeps your private keys offline and air-gapped, limiting the attack surface regardless of which threat materializes first.

The bridge is being rebuilt — and unlike some crypto timelines, this one has a concrete engineering schedule behind it.