Artificial Intelligence might be the biggest threat the crypto sector still hasn’t learned to face head-on.
While much of the industry is still debating the risks of quantum computing, a different and far more urgent concern has started gaining traction in technical discussions: what if AI could break the very systems created to protect us from quantum computers?
That’s exactly what Anatoly Yakovenko, co-founder of Solana, recently put on the table. In a direct and no-nonsense post on X, he pointed out that post-quantum cryptography — the technology that’s supposed to be our safeguard for the future — may carry vulnerabilities we don’t even fully understand yet. And we’re not just talking theory here.
The warning touches on very practical points, from the way these systems are implemented in the real world to the hidden risks that Ethereum L2s face by continuing to rely on traditional algorithms like ECDSA. The question left hanging is simple but carries serious weight: if even the most advanced security schemes aren’t completely safe, what is the crypto market doing to prepare?
Let’s break down what’s at stake. 🔐
What Is Post-Quantum Cryptography and Why It Matters
Before diving into the problem, it’s worth understanding what’s being threatened. Post-quantum cryptography (PQC) is a set of algorithms specifically designed to withstand attacks from quantum computers, which have the potential to break the security systems we use today in a matter of minutes. NIST, the U.S. National Institute of Standards and Technology, has been working on standardizing these algorithms for years, and some have already been formally approved as the new pillars of global digital security. The idea is straightforward: before quantum computers become powerful enough to attack networks, we migrate to something they can’t crack.
The problem is that this transition is anything but simple in practice. Implementing new cryptographic algorithms in complex systems like blockchains — especially in secondary layers like Ethereum L2s — involves a massive number of technical decisions, and each one can introduce a new vulnerability. It’s no exaggeration to say that how an algorithm is implemented matters just as much as the algorithm itself. Poorly written code, a flawed library, an incorrectly configured parameter — all of it can open gaps that no mathematician predicted in theory.
Receive the best innovation content in your email.
All the news, tips, trends, and resources you're looking for, delivered to your inbox.
By subscribing to the newsletter, you agree to receive communications from Método Viral. We are committed to always protecting and respecting your privacy.
This is precisely where Artificial Intelligence enters the picture as an unexpected risk vector. Advanced AI models are extremely good at finding patterns in complex data, identifying anomalies, and exploiting unexpected behaviors in computational systems. If a post-quantum algorithm has any weakness in its implementation, no matter how small, a sufficiently powerful AI could find it long before any human auditor. And that’s exactly what Yakovenko flagged as the real point of concern.
Yakovenko’s Warning and the Hidden Risks Nobody Is Seeing
When the co-founder of Solana raises a technical flag, the community pays attention — and for good reason. Yakovenko’s post on X wasn’t some baseless alarmist take. It touched on something security researchers had already been discussing in more closed circles: the possibility that Artificial Intelligence models could identify and exploit vulnerabilities in post-quantum cryptography implementations before those flaws are patched.
According to the Solana co-founder, the biggest risk facing post-quantum cryptography today is precisely the possibility that AI could break the signature schemes underpinning these systems. Yakovenko went further, emphasizing that the crypto industry still doesn’t have a clear understanding of the potential weaknesses involved — both in the complex mathematics behind the algorithms and in how they’re put into practice day to day.
The hidden risks here have multiple layers. First, there’s the risk of incorrect implementation of the new post-quantum algorithms, which are mathematically more complex than traditional systems and require far more care during development. Second, there’s the risk that AI could be used maliciously to analyze the open-source code of these implementations and find gaps in an automated, scalable way — something that would be impossible for a human team to do at the same speed. Third, and perhaps most concerning, there’s the risk that even algorithms considered secure today may contain undiscovered mathematical vulnerabilities that an AI, with processing and analytical capabilities far beyond human reach, could eventually identify.
Yakovenko’s Practical Suggestions
Yakovenko didn’t just point out the problem. He also suggested practical measures to mitigate these risks. One of them is adding extra layers of protection, such as support for 2/3 multi-signature wallets, where at least two out of three keys must sign a transaction for it to be valid. This adds a security redundancy that significantly complicates any attack attempt, even if one of the cryptographic schemes is compromised.
Another relevant suggestion was integrating native protection through Program Derived Addresses (PDAs) at the transaction processing level. This approach would allow the network’s own infrastructure to provide an additional barrier against exploits, without relying solely on the strength of a single cryptographic algorithm. It’s the kind of layered thinking that makes all the difference when dealing with threats that aren’t yet fully understood.
The core message is clear: even next-generation cryptographic solutions aren’t foolproof. The industry needs to prepare for unexpected risks, especially as Artificial Intelligence continues evolving at a staggering pace.
Ethereum L2s in the Crosshairs: ECDSA Dependence and the Harvest Attack
Beyond the AI and post-quantum cryptography warning, Yakovenko also delivered a direct and pretty pointed critique of Ethereum’s Layer 2 networks. In a separate post dated May 2, he stated that Ethereum L2s are not secure against quantum threats.
The context matters: the comment came in response to a development update highlighting Solana’s progress in integrating Falcon-512, a quantum-resistant signature scheme designed to withstand attacks from future quantum computers. Solana clients like Anza and Firedancer are actively working to bring these protections into real-world use, signaling that the network is making concrete moves in this direction.
The contrast with Ethereum L2s is significant. These networks still rely heavily on ECDSA (Elliptic Curve Digital Signature Algorithm), particularly the secp256k1 curve — a digital signature algorithm that was developed long before any discussion about quantum or AI threats. While ECDSA is considered secure against attacks available today, developments in quantum computing could render it vulnerable in a not-so-distant future.
The Danger of Harvest Now, Decrypt Later
One of the most alarming points Yakovenko raised is the concept of harvest now, decrypt later. The logic is frighteningly simple: when transactions are published on the network, the associated public keys become exposed. Malicious actors can collect this information today, store it, and simply wait until quantum computing technology is mature enough to break the cryptography.
Algorithms like Shor’s algorithm can be used in this decryption process, making it possible to access information that was considered secure at the time it was published. This means data and transactions recorded now on Ethereum L2s could become vulnerable in the future, even if no attack is executed immediately. It’s a silent risk that grows every day the migration to post-quantum schemes doesn’t happen.
Migrating to post-quantum algorithms on these networks isn’t a simple library swap — it’s a deep architectural change that affects smart contracts, wallets, validators, and the entire security infrastructure supporting billions of dollars in digital assets. Doing this in a rush, without rigorous audits and a well-structured transition plan, could create exactly the kind of gap a malicious AI system would be waiting to exploit.
What the Crypto Market Needs to Do Now
The good news is that the conversation has already started. The fact that figures like Yakovenko are bringing this topic into the public space is a sign of industry maturity — one that’s beginning to look beyond immediate threats and think about medium- and long-term scenarios. But acknowledging the problem is only the first step. The crypto market needs coordinated action among developers, security researchers, and the protocols themselves to create a transition path that is secure, auditable, and resistant to both quantum computing and Artificial Intelligence-based attacks.
One of the most important fronts is investing in security audits specialized in post-quantum cryptography. It’s not enough to hire a traditional audit firm to review a post-quantum implementation — you need specialists who deeply understand the mathematical characteristics of these algorithms and know how to identify the types of errors that arise specifically in this context. That expertise is still scarce in the market, and demand will grow significantly over the coming years as more networks begin their transition. Protocols that get ahead on this preparation will have a real competitive advantage — not just in security, but in user trust and institutional credibility.
Another critical point is transparency. Ethereum L2s and other protocols that are considering or already implementing post-quantum schemes need to be open about their technical choices, about the risks they’ve identified, and about contingency plans in case a vulnerability is discovered. The crypto community is extremely technical and engaged, and that human capital can be one of the greatest assets in the early identification of hidden risks. Hiding implementation details out of fear of exposure might seem like a conservative strategy, but in practice it only delays the discovery of problems that, sooner or later, will surface.
Solana Leading the Post-Quantum Race
It’s worth noting that Solana appears to be positioning itself as one of the most proactive networks in this race for post-quantum security. The integration of Falcon-512, with active work from clients like Anza and Firedancer, shows that the network isn’t just discussing the problem in theory but is genuinely investing development resources to implement concrete solutions. This puts Solana in an interesting position within the competitive landscape of high-performance blockchains, especially compared to ecosystems that haven’t yet presented clear transition plans.
Falcon-512 is part of the lattice-based cryptography family, which is considered one of the most promising approaches to post-quantum cryptography. Unlike ECDSA, which relies on the difficulty of solving the discrete logarithm problem on elliptic curves, lattice-based algorithms rest on mathematical problems that have so far proven resistant to both classical and quantum computers. Even so, as Yakovenko rightly pointed out, no scheme is free from surprises — especially when Artificial Intelligence can dramatically accelerate the discovery of flaws.
The intersection of Artificial Intelligence and post-quantum cryptography represents one of the most complex and least explored territories in modern digital security — and the crypto market sits right at the center of that equation.
What Yakovenko’s warning makes clear is that post-quantum security isn’t a fixed destination — it’s an ongoing process of evaluation, adaptation, and response. The algorithms NIST has standardized are a solid starting point, but the history of cryptography shows that no system is invulnerable forever. As Artificial Intelligence becomes more powerful and accessible, the window of time between discovering a vulnerability and exploiting it keeps shrinking. Preparing for that isn’t paranoia — it’s smart planning.
The hidden risks in post-quantum cryptography are real, and ignoring them because the problem seems too distant or abstract is exactly the kind of mistake that can prove costly down the road. The crypto sector has a unique opportunity right now to lead this discussion and build the security standards the digital world will need in the decades ahead. 🔒
