Project Eleven: 65% of Ethereum, All of Solana Quantum-Vulnerable

Project Eleven’s 2026 report maps quantum risk across major blockchains and concludes roughly 65% of Ethereum and 100% of Solana are vulnerable to future quantum attacks. The firm identified specific cryptographic primitives and design choices that expose each network.

On Ethereum the report flags three vulnerable primitives: the Elliptic Curve Digital Signature Algorithm (ECDSA) used for user accounts, Boneh-Lynn-Shacham (BLS) signatures used in proof-of-stake consensus, and Kate-Zaverucha-Goldberg (KZG) commitments that support blob data introduced by EIP-4844. The report notes validator BLS keys become publicly visible when a validator makes the 32 ETH deposit, creating a continuous exposure for active validators.

Project Eleven said a quantum-capable attacker able to recover validator BLS keys could forge attestations, destabilize consensus and trigger mass slashing. The firm also points out that some Ethereum keys and commitments are exposed on-chain or during validator registration, which could require migration to post-quantum algorithms before a quantum adversary can break current schemes.

On Solana the assessment is structural: the network’s Ed25519 design embeds each wallet’s public key directly into the on-chain address. The report stated, “Solana exposes an X-only public key for addresses, rendering all Solana quantum vulnerable.” By contrast, the report notes Bitcoin’s UTXO model offers a partial buffer because unspent or unrevealed keys remain hidden from the chain.

Developers and foundations for both networks are working on post-quantum plans. The Ethereum Foundation launched a Post-Quantum Ethereum website in March 2026 and estimates Layer 1 protocol upgrades could be completed by 2029, with full execution-layer migration continuing beyond that date. In April, Solana validator client developers Anza and Firedancer selected Falcon, a post-quantum signature scheme approved by the U.S. National Institute of Standards and Technology (NIST).

The Solana Foundation described its migration plan as ready to activate when needed and noted, “Quantum is still years away, and if and when it materializes, the work to migrate Solana is well-researched, understood, and ready to deploy.” Project Eleven mapped three possible dates for a disruptive “Q-Day” when quantum computing could break current public-key cryptography: 2030 in an optimistic scenario, 2033 in a moderate case, and 2042 in a pessimistic case. The firm said its timeline assumes modest year-over-year improvements and does not include a major, sudden breakthrough.

The report outlines operational implications for node operators, wallet providers and end users. Ethereum’s mixed set of vulnerable primitives means future upgrades must address account-level signatures, consensus-layer keys and commitments used by new data structures. Solana’s address design would require a protocol-level change to prevent future key recovery from enabling theft or forgery.

Project Eleven’s mapping provides a timeline and technical focus points for developers and infrastructure providers planning migrations. The report lists specific primitives, exposure points and proposed migration targets to help network participants prioritize work ahead of potential quantum capability improvements.