…Public keys are derived from private keys using ECDSA … using secp256k1.
Not quite. The transformation of private key to public key is not using ECDSA. It's per the parameters of secp256k1, using an operation called point multiplication, and towards making the public/private key pair usable later for ECDSA.
This is a one-way function… until you take into account quantum computing. With quantum computing, you might be able to brute force and figure out private keys from public keys.
Correct. It's easy to go from private key to public key, not the other way around unless we hypothesize Cryptographically Relevant Quantum Computers (don't hold your breath).
Why was ECDSA chosen over hashing algorithms ?
So that we can digitally sign messages with the private key, and verify the message/signature pairs with the public key; so in a way such that the private key is necessary to produce message/signature pairs that pass verification, for different messages. We could not do this if the public key was obtained by hashing the private key¹. In other words: that the function from private key to public key is one-way is not a sufficient condition to make digital signature possible.
¹ There are signature algorithms based on hashing, but the public key is not obtained by one hash of the private key with a standard hash. The public key comprises multiples hashes, making it much larger than the 33 bytes of an ECDSA secp256k1 public key. Also the number of messages that can be safely signed is limited.
