I don't agree with this.
256-bit ECDSA is 128 bit strong in the unlike scenario of anybody searching collisions between two hazard keys (birthday paradox).
But more realistic scenario is looking for collisions with specific keys hoarding large amounts of BTCs. In this case 256-bit strength remains.
ECDSA is not a hash function. At attacker with the pubic key isn't confined to use the dumbest possible brute-force attack.
Pollard's lambda algorithm takes sqrt() operations so roughly 2^128 security.