Topic hub

Quantum-Safe Wallets

The practical hub for cryptocurrency holders: how quantum computers threaten current wallet signature schemes, which chains have shipped post-quantum signatures, and what wallet hygiene actually helps today.

The threat model

The concern is not that Bitcoin or Ethereum breaks tomorrow. It is that a sufficiently large fault-tolerant quantum computer running Shor's algorithm would recover an elliptic-curve private key from its public key. Any wallet that has ever spent has published its public key on-chain, so its private key becomes recoverable the moment such a machine exists.

No such machine exists today and public estimates place the earliest plausible date years to decades away. The realistic risks between now and then are (a) long-life holdings on reused addresses, and (b) protocol governance moving slower than the underlying hardware.

Bitcoin

Bitcoin uses ECDSA (secp256k1), plus Schnorr for Taproot. Both are Shor-breakable. Not all Bitcoin exposure is equal:

  • Never-spent P2PKH or P2WPKH addresses expose only the hash of the public key on-chain, which sits behind an additional layer of preimage resistance.
  • Any address that has ever spent, or any Taproot output (which publishes the key directly), exposes the public key.
  • Bitcoin has active BIP proposals to add post-quantum signatures. Nothing has activated yet.

Ethereum

Ethereum externally-owned accounts sign with ECDSA (secp256k1). Once an account has sent a transaction, its public key is derivable from the signature. Account abstraction opens a plausible path to migrate individual accounts to post-quantum signatures without a hard fork, but that migration has not shipped at protocol scale.

Post-quantum chains

A small number of production chains use post-quantum signatures today — most based on XMSS or SLH-DSA variants — and a larger number publish roadmaps. Independent scoring lives on Quantum Rankings, and the scoring rubric on methodology.

Wallet hygiene today

  • Prefer fresh, never-spent addresses for cold storage.
  • Sweep unused UTXOs into new addresses periodically.
  • Keep firmware current on hardware wallets — this is where post-quantum support will land first.
  • Avoid keeping large sums on address types that have already published their public key.
  • Watch the research notes for BIP/EIP activations that change these tradeoffs.

Use our tools

Run a specific address through the Wallet Scanner to see its rules-based exposure score. Compare chains on Quantum Rankings. Read the scoring rubric on methodology before drawing conclusions.

Frequently asked questions

Is my Bitcoin wallet quantum-safe?

Not today. Bitcoin's signature scheme is ECDSA (and Schnorr for Taproot), both of which are vulnerable to Shor's algorithm on a sufficiently large quantum computer. Address types that have never revealed a public key on-chain (never-spent P2PKH or P2WPKH) enjoy an extra layer of hashing that raises the difficulty, but any address that has spent has revealed its public key. Our /wallet-scanner explains the exposure of a specific address.

What makes a wallet 'quantum-safe'?

A wallet is quantum-safe when the signature scheme securing its funds is post-quantum — for example a NIST-standardised scheme such as ML-DSA or SLH-DSA, or a hash-based scheme like XMSS or LMS. Very few production cryptocurrencies use post-quantum signatures today; the /quantum-crypto-rankings page tracks who does.

Should I move my crypto to a quantum-safe chain?

That is a personal decision that depends on how much you hold, how long you plan to hold it, and how much slippage you would accept from a chain switch. This site does not give investment advice. What we do publish is the scoring rubric on /methodology and the per-project scores on /quantum-crypto-rankings so you can decide with open evidence.

What can I do today?

Rotate addresses so that public keys are not lingering on-chain longer than they need to; keep meaningful amounts on hardware wallets with active firmware support; watch upstream chains (Bitcoin, Ethereum) for post-quantum upgrade proposals; and use /wallet-scanner to sanity-check exposure before big transactions.