Total Value at Risk
Loading...
all indexed entities
Highest Risk Score
systemic exposure
Live Prices
Loading...
CoinGecko API
Entities Indexed
420
+ AI-scored on demand
Quantum Threat Intelligence

How exposed is your
stack to quantum?

Real-time market data. AI-generated risk narratives. Multi-chain wallet scanning. Search any entity or paste your wallet address.

Quantum Countdown · Estimated Q-Day Arrival
Time until RSA-2048 is broken
689
Days
:
14
Hours
:
07
Mins
:
22
Secs
Most Exposed Entities
Highest quantum risk scores — ranked live
Stay ahead of Q-Day
Get quantum threat alerts
Score updates, breakthrough research, and Q-Day milestones — direct to your inbox. No spam, ever.
Independent research · No financial affiliation with any ranked entity · Scores are model projections, not financial advice
Quantum Intel
Latest from the quantum threat landscape
Browse by Category
Loading categories…
LowModerateHighCriticalSystemic
Estimated Value at Risk
Risk factor breakdown
Migration Path
AI Threat Analysis
Claude · Generated
 Generating quantum threat analysis
DISCLAIMER Scores and values are modeled estimates, not financial or security advice. Live data from CoinGecko. AI narratives generated by Claude (Anthropic). Quantum timelines are speculative.
On-Chain Quantum Risk

Scan any wallet. Any chain.

Paste a wallet address, select chains, and get your real quantum exposure calculated from live on-chain data.

Etherscan API Key
Etherscan API Key Required: Etherscan now requires a free API key for all requests (V2 API). Get yours free in 2 minutes:

1. Go to etherscan.io → Sign up (free) → My Account → API Keys → Add
2. Paste your key below and click Save — it stores in your browser permanently
Select chains to scan
Try:
Vitalik.eth
ETH Whale
Solana wallet
Bitcoin address
Quantum Exposure Report
Scanned by
Total Estimated Value at Quantum Risk
Exposure by chain
On-chain data from public block explorers. Token prices from CoinGecko. Quantum risk scores are model projections not financial advice.
Side-by-Side Analysis

Compare Quantum Exposure

Search any two entities to generate their report cards side-by-side.
Search to generate
report card
VS
Search to generate
report card
Shareable Report Cards

Generate & Share

Select entity
Share to X
Your report card is ready
QEI Report Card
Card image copied to clipboard
2
Click below → X opens with your text pre-filled
3
Paste the image into your tweet & post
After X opens — paste your card with Cmd+V / Ctrl+V
Primary Sources & Intelligence

Research Hub

Curated primary sources, sector briefings, and a technical glossary — everything needed to understand and cite the quantum threat.

Primary Source Library
Government
NSA — CNSA 2.0 Algorithm Requirements
Mandates all National Security Systems migrate to NIST PQC algorithms by 2030. The strongest institutional signal of quantum urgency from a US government agency.
NSA · 2022View source ↗
Government
CISA / NSA / NIST — Quantum-Readiness Advisory
Joint directive for critical infrastructure operators to begin PQC migration planning immediately. Covers inventory, prioritization, and hybrid deployment strategy.
CISA · 2022View source ↗
Government
NIST PQC Standards — FIPS 203, 204, 205
Finalized post-quantum standards: ML-KEM (key encapsulation), ML-DSA (signatures), SLH-DSA (stateless hash-based signatures). The basis for all quantum-safe classifications in QEI.
NIST · 2024View source ↗
Government
NIST IR 8547 — Deprecation of Classical Algorithms
Official NIST timeline for deprecating RSA, ECDSA, and Diffie-Hellman. Sets 2030 as the target for discontinuing use in new systems and 2035 for full retirement.
NIST · 2024View source ↗
Government
BIS Papers No. 158 — Quantum-Readiness for the Financial System
Bank for International Settlements phased migration roadmap for global financial infrastructure: 2025–26 awareness, 2026–28 planning, late 2020s full migration. Addresses harvest-now-decrypt-later at the systemic level.
BIS · July 2025View source ↗
Government
ETSI TS 104 015 — Quantum-Safe Hybrid Key Exchanges
ETSI TC CYBER ratification of KEMAC and the Covercrypt scheme for hybrid classical+PQC key exchange. The primary European standards body endorsement of hybrid migration strategy.
ETSI · March 2025View source ↗
Government
Federal Reserve — "Harvest Now, Decrypt Later"
Federal Reserve FEDS paper confirming adversaries are already collecting encrypted financial data for future quantum decryption. The threat is active today, not only at Q-Day.
Federal Reserve · 2025View source ↗
Industry
Google Quantum AI — Securing Elliptic Curve Cryptocurrencies
Breaks 256-bit ECDLP with fewer than 1,200 logical qubits in approximately 9 minutes (model-derived). Quantifies ~41% on-spend attack success against Bitcoin. Identifies P2TR (Taproot) as a quantum security regression and KZG as a permanent on-setup attack vector. Co-authored with UC Berkeley, Ethereum Foundation, and Stanford.
Google Quantum AI · March 2026View source ↗
Industry
Coinbase Quantum Advisory Council Report
Estimates approximately 6.9M BTC in exposed addresses (model-derived). PQC signatures may expand Bitcoin block sizes by approximately 38× (model-derived estimate). Co-authored by Dan Boneh (Stanford) and Justin Drake (Ethereum Foundation).
Coinbase · April 2026View source ↗
Industry
Algorand — Quantum-Resistant Transactions with Falcon Signatures
Official technical brief on Algorand's live Falcon PQC signature deployment via AVM Logic Signatures. Sub-200-microsecond on-chain verification confirmed on mainnet. First major L1 with deployed quantum-resistant transactions (2025).
Algorand Foundation · 2025View source ↗
Industry
Solana Foundation — Quantum Readiness
Both validator clients (Anza, Firedancer) have converged on Falcon as the preferred PQC scheme. Blueshift Winternitz Vault operational for 2+ years, cited by Google Quantum AI. Three-stage migration roadmap with active GitHub PRs.
Solana Foundation · 2026View source ↗
Industry
Chainlink Labs — Quantum-Safe Cryptography Strategy
Chainlink's crypto-agility framework for oracle networks covering NIST FIPS 203/204/205 adoption and hybrid PQC partnerships for decentralized infrastructure security.
Chainlink Labs · 2024–2025View source ↗
Industry
Google Willow — 105-Qubit Quantum Chip
Completed a computation in 5 minutes that would take classical supercomputers 10²⁵ years. Strongest evidence that quantum hardware timelines are compressing faster than consensus projections.
Google · December 2024View source ↗
Industry
Microsoft Majorana 1 — Topological Qubit Processor
World's first topological qubit processor, engineered to scale to 1 million qubits on a single chip. Signals a distinct and potentially faster path to fault-tolerant quantum computing than superconducting approaches.
Microsoft · February 2025View source ↗
Industry
IBM Quantum Roadmap — Starling & Blue Jay
200 logical qubits targeted by 2029 (Starling); 2,000 logical qubits by 2033 (Blue Jay). Anchors the QEI Doom Clock Q-Day projection range used across all entity assessments.
IBM · OngoingView source ↗
Protocol
BIP-360 — Pay-to-Merkle-Root (P2MR)
Community-drafted Bitcoin Improvement Proposal introducing a new quantum-resistant output type (P2MR) that removes the quantum-vulnerable keypath spend present in Taproot (P2TR) addresses. Proposal stage — not yet adopted.
Bitcoin community · 2024–2025View source ↗
Protocol
Ethereum Research — Post-Quantum Transactions via Account Abstraction
Technical analysis of integrating Falcon PQC signatures into Ethereum via ERC-4337 Account Abstraction without protocol-level changes. Covers signature size trade-offs and gas cost implications.
Ethereum Research · 2025View source ↗
Protocol
Polkadot / Web3 Foundation — PQC Roadmap for Polkadot and JAM
Detailed developer roadmap for replacing Polkadot's validator and account signature schemes with Dilithium and Falcon respectively. Staged deployment targeting Kusama testnet first, then Polkadot mainnet.
Web3 Foundation · 2024–2025View source ↗
Protocol
Vitalik Buterin — Ethereum Quantum Roadmap
Outlines EIP-8141 and the Hegotia fork as Ethereum's path to native quantum-resistant signatures. Full deployment remains multi-year with unresolved governance and transaction-size trade-offs.
Ethereum Foundation · February 2026View source ↗
Foundational
Shor's Algorithm (1994)
Solves the discrete logarithm and integer factorization problems in polynomial time on a fault-tolerant quantum computer. Breaks ECDSA, RSA, and Ed25519 completely. The primary threat underlying all QEI scores.
Peter Shor · 1994View source ↗
Foundational
Grover's Algorithm (1996)
Provides quadratic speedup on unstructured search, halving the effective security of hash functions and symmetric ciphers. AES-256 and SHA-256 remain viable with appropriate key lengths. Mitigated by doubling key sizes.
Lov Grover · 1996View source ↗
Sector Briefings
Blockchain & Cryptocurrency Systemic

The vast majority of public blockchains use ECDSA or Ed25519 for transaction signing — both broken by Shor's algorithm. Every address that has ever sent a transaction has its public key permanently on-chain and available for a future quantum attack.

  • Bitcoin: ~41% on-spend attack success modeled at 9-min attack speed (Google Quantum AI, 2026)
  • Taproot (P2TR) addresses expose public keys at receipt — not only on spend
  • Ethereum's KZG trusted setup is vulnerable to a single one-time on-setup attack
  • Algorand has live Falcon PQC on mainnet (2025); Solana has active migration roadmap
  • Bitcoin BIP-360 proposes quantum-resistant P2MR addresses — proposal stage only
🏦 Banking & Finance Critical

Financial infrastructure depends on RSA and ECDSA for TLS, payment signing, and inter-bank messaging. The Federal Reserve has confirmed adversaries are already harvesting encrypted financial data today for future decryption.

  • BIS (July 2025) issued a global PQC migration roadmap for financial systems
  • NSA CNSA 2.0 mandates migration for all national security systems by 2030
  • SWIFT, ACH, and RTGS infrastructure relies on RSA-2048 and ECDSA
  • Custodial crypto holdings add blockchain-layer ECDSA exposure on top of TLS risk
  • ETSI TS 104 015 (March 2025) provides the hybrid migration standard for European finance
🏛 Government & Defense High

Nation-state adversaries are the most likely actors with access to early quantum computing capability. Government and defense agencies face both the highest threat and the longest migration timelines due to classification, procurement, and legacy hardware constraints.

  • NSA CNSA 2.0: all classified systems must migrate to ML-KEM and ML-DSA by 2030
  • Harvest-now-decrypt-later attacks on diplomatic communications are active
  • Legacy HSMs and smart cards may not support PQC without hardware replacement
  • CISA joint advisory identifies critical infrastructure as priority migration target
🔗 DeFi & Smart Contracts Systemic

DeFi protocols inherit Ethereum's ECDSA exposure but add unique on-setup attack vectors through cryptographic commitments used in zero-knowledge proofs and trusted setups.

  • KZG trusted setups (used in Ethereum's data availability sampling) are vulnerable to a single quantum computation that creates a permanent, reusable classical backdoor
  • Tornado Cash and similar mixing protocols face identical on-setup vulnerability
  • TVL in DeFi protocols represents concentrated, addressable quantum risk
  • Oracle networks (Chainlink) expose ECDSA node keys — compromise affects all dependent protocols
  • Account Abstraction (ERC-4337) provides a migration path for PQC signatures without protocol forks
📡 Telecom & Enterprise Moderate

TLS/SSL certificates, VPN tunnels, and enterprise PKI infrastructure rely entirely on ECDSA and RSA. Telecom providers managing long-lived network infrastructure face the additional risk that encrypted traffic captured today remains at risk indefinitely.

  • TLS 1.3 uses ECDHE for key exchange — quantum-vulnerable to Shor's
  • Certificate authorities issuing RSA-2048 certs are creating long-lived quantum exposure
  • ETSI TS 104 015 provides the migration standard for hybrid TLS
  • 5G core infrastructure uses elliptic curve cryptography throughout the authentication chain
  • Enterprise migration is more tractable than blockchain — centralized upgrade authority exists
🏥 Healthcare & Critical Infrastructure High

Healthcare systems store highly sensitive long-lived data — medical records encrypted today will remain decryptable for decades. Combined with aging device infrastructure and slow regulatory approval cycles, healthcare faces some of the longest effective migration windows.

  • Medical records have value far beyond a typical 7–10 year encryption horizon
  • Implanted medical devices (pacemakers, insulin pumps) use RSA/ECDSA and cannot be field-updated
  • HIPAA and FDA device regulations create significant migration barriers
  • Harvest-now attacks on patient data are plausible given long data utility windows
  • NIST IR 8547 deprecation timeline (2030/2035) maps poorly to healthcare procurement cycles
Technical Glossary
Q-Day
The projected moment when a cryptographically relevant quantum computer (CRQC) becomes capable of breaking today's public-key encryption in practical timeframes. Most credible estimates range from 2028 to 2035. Data encrypted today is at risk retroactively once Q-Day arrives.
CRQC
Cryptographically Relevant Quantum Computer. A quantum computer with sufficient qubit count and error-correction capability to run Shor's algorithm against real-world key sizes (e.g., 256-bit ECDSA) in practical time. Distinct from today's NISQ-era devices which lack the error correction needed.
Shor's Algorithm
A quantum algorithm (1994) that solves the discrete logarithm and integer factorization problems in polynomial time. This breaks ECDSA, RSA, and Ed25519 completely — the primary signing schemes used across blockchain and internet infrastructure. It does not apply to symmetric cryptography or hash functions.
Grover's Algorithm
A quantum algorithm (1996) that provides a quadratic speedup on unstructured search problems. It effectively halves the security of hash functions and symmetric ciphers — making AES-128 equivalent to ~64-bit security. Mitigated by doubling key lengths (e.g., AES-256 remains secure). Does not break public-key cryptography.
ECDSA
Elliptic Curve Digital Signature Algorithm. The dominant signing scheme used by Bitcoin, Ethereum, and most public blockchains. Security depends on the hardness of the elliptic curve discrete logarithm problem — which Shor's algorithm solves efficiently on a CRQC. Considered quantum-vulnerable.
Ed25519
An elliptic curve signature scheme based on Curve25519. Used by Solana, Cardano, Algorand, and others. More efficient than ECDSA but similarly vulnerable to Shor's algorithm — the underlying discrete logarithm problem is equally broken by a CRQC.
PQC / Post-Quantum Cryptography
Cryptographic algorithms designed to be secure against both classical and quantum computers. NIST finalized the first PQC standards in 2024: ML-KEM (key encapsulation), ML-DSA (signatures), and SLH-DSA (hash-based signatures). These are based on mathematical problems — lattices, hash functions — that quantum computers do not efficiently solve.
ML-KEM / ML-DSA / SLH-DSA
The three NIST-finalized post-quantum standards (FIPS 203/204/205, 2024). ML-KEM (CRYSTALS-Kyber) is for key encapsulation. ML-DSA (CRYSTALS-Dilithium) is for digital signatures. SLH-DSA (SPHINCS+) is a stateless hash-based signature scheme. These replace RSA and ECDSA in quantum-safe systems.
Falcon
A lattice-based digital signature scheme in the NIST PQC family, based on NTRU lattices. Produces smaller signatures than ML-DSA, making it attractive for bandwidth-constrained environments like blockchains. Used by Algorand (live, 2025) and targeted by Solana and Polkadot in their migration roadmaps.
Harvest Now, Decrypt Later (HNDL)
An attack strategy where adversaries collect encrypted data today and store it until a CRQC is available to decrypt it. Confirmed by the Federal Reserve (2025) as an active threat. Makes the quantum migration urgent now — not only at Q-Day. Long-lived sensitive data (medical records, classified communications, financial transactions) is most at risk.
On-Spend Attack
A quantum attack targeting transactions in transit — the public key is briefly visible in the mempool before confirmation. Google Quantum AI (2026) modeled ~41% success against Bitcoin at 9-minute attack speed. Requires a fast-clock CRQC. The attack window equals the block time of the target chain.
At-Rest Attack
A quantum attack targeting addresses whose public keys are already permanently on-chain — P2PK outputs, Taproot (P2TR) addresses, reused addresses, and dormant wallets. The attacker has unlimited time. Requires any CRQC including slow-clock varieties. Affects approximately 6.9M BTC by some estimates (Coinbase, model-derived).
On-Setup Attack
A one-time quantum computation against a cryptographic trusted setup (e.g., KZG commitments used in Ethereum's data availability sampling). A single CRQC run creates a permanent reusable classical backdoor — no further quantum access is needed. Ethereum's KZG and Tornado Cash are identified as vulnerable by Google Quantum AI (2026).
KZG Trusted Setup
A cryptographic ceremony used to generate public parameters for polynomial commitment schemes, including Ethereum's EIP-4844 (proto-danksharding) data availability sampling. Security depends on the discrete logarithm problem — quantum-vulnerable. A CRQC could compromise the setup once and create a permanent backdoor for all future proofs.
Quantum-Native
An entity built from genesis using post-quantum cryptographic schemes — no migration required. Examples include QRL (XMSS) and Diamante (Falcon). Distinct from entities that have migrated or are migrating: quantum-native entities never had classical key exposure. QEI scores quantum-native entities in the 0–10 band.
XMSS
eXtended Merkle Signature Scheme. A hash-based, stateful post-quantum signature scheme standardized by NIST (SP 800-208) and IETF (RFC 8391). Used by QRL as its primary signing scheme. Secure against quantum computers but stateful — signers must track which keys have been used to prevent reuse.
Crypto-Agility
The design principle of building systems that can swap cryptographic algorithms without requiring a full protocol redesign or hard fork. Ethereum's Account Abstraction (ERC-4337) is cited as a crypto-agile path to PQC signatures. Systems without crypto-agility face higher migration complexity scores in QEI.
Hybrid PQC
A migration approach that combines a classical algorithm (ECDSA, RSA) with a post-quantum algorithm simultaneously, so that security holds as long as either algorithm remains unbroken. Recommended by NIST, ETSI, and NSA as the transitional standard. Entities using hybrid PQC score in the 40–60 vulnerability range in QEI.
All sources are primary or authoritative. Secondary reporting is labelled. AI-generated content is not used as a source in this library. Last reviewed April 2026.
Quantum Intelligence

Latest News

Live feed
Aggregated from Quantum Computing Report · The Quantum Insider · CoinDesk
Fetching latest quantum intel…
Transparency & Methodology

How QEI Scores Are Calculated

Every score and risk value on this site comes from a transparent, open model. Below is exactly how — including where we use real data, where we estimate, and where AI is involved.

Scoring Model
Market / Cap Weight×25%
User Exposure×20%
Crypto Vulnerability×30%
Migration Difficulty×15%
Time to Migrate×10%
= Risk Score (0–100) · Computed in-browser · No server call for indexed entities
FactorWeightWhat it measures
Market / Cap Weight25%Systemic impact of capital at risk relative to market cap or total assets.
User Exposure20%Users and institutions directly affected. Custodial services score higher than self-custody protocols.
Crypto Vulnerability30%Exposure to Shor's algorithm (breaks ECDSA/RSA/Ed25519) and Grover's algorithm (weakens hash functions). NIST PQC-native schemes score near zero.
Migration Difficulty15%Coordination complexity to reach full PQC. Decentralised protocols with no upgrade authority score highest.
Time to Migrate10%Estimated years to complete migration on current trajectory.
Risk Bands
Quantum-Native0–10Built on NIST PQC from genesis. Zero migration burden.
Low< 30Limited exposure or migration already well underway.
Moderate30–49Real exposure but manageable with sufficient lead time.
High50–64Significant exposure with complex migration requirements.
Critical65–79Severe exposure. Major coordinated effort required before Q-Day.
Systemic80–100Existential exposure. A breach causes cascading failures across dependent systems.
Quantum Threat Vectors
Primary Threat
Shor's Algorithm 1994

Breaks asymmetric / public-key cryptography — ECDSA, RSA, Ed25519 — in polynomial time. Any address with a visible transaction history has its public key exposed and is vulnerable to private key derivation. Breaks schemes completely.

Secondary Threat
Grover's Algorithm 1996

Provides quadratic speedup on brute-force searches, halving effective security of hash functions and symmetric ciphers. AES-128 → ~64-bit; SHA-256 → ~128-bit. Affects financial TLS infrastructure. Mitigated by doubling key lengths. Note: Google Quantum AI (2026) concluded that Bitcoin's Proof-of-Work mining appears not vulnerable to Grover's — the error-correction overhead consumes the speedup entirely, and Grover's does not parallelize effectively at scale. Quantum mining was characterized as "remains science fiction" in that paper.

Attack Types

Google Quantum AI (2026) defines three distinct quantum attack modes. The type of attack possible depends on the speed of the quantum hardware and the target's block time.

Attack TypeTargetWindowHardware Required
On-SpendTransactions in transit — public key visible in mempoolSeconds to minutes (Bitcoin avg ~10 min block time → ~41% success at 9-min attack speed)Fast-clock CRQC (superconducting, photonic, silicon)
At-RestLong-exposed public keys — P2PK, P2TR, reused addresses, dormant walletsDays or more — attacker has unlimited timeAny CRQC including slow-clock (ion trap, neutral atom)
On-SetupFixed protocol parameters — KZG trusted setups, Pedersen commitments, BulletProofsOne-time quantum computation creates a permanent reusable classical backdoorSingle one-time CRQC use; subsequent attacks are classical

On-setup attacks are uniquely dangerous: Ethereum's Data Availability Sampling (KZG) and Tornado Cash are both vulnerable to a single quantum computation that permanently compromises the protocol for all future users — no quantum computer needed after the initial break.

Why Quantum-Native Is Different

A score of 4/100 is not a "low risk" entity that migrated well — it is an entity that never had exposure to begin with. The distinction is structural, not a matter of degree.

No migration burden. No legacy keys to rotate, no hard forks to coordinate, no window of vulnerability during transition. Every other entity in this index faces a migration event. Quantum-Native entities do not.
No exposed public keys. NIST PQC lattice-based schemes are not vulnerable to Shor's algorithm. Transaction history does not create an attack surface.
Built to the standard. NIST finalized ML-DSA, ML-KEM, and SLH-DSA in 2024. Quantum-Native entities operate on these standards from genesis — not as a future upgrade target.
Value at Risk Formula
(Market Cap + TVL × 0.5)×(Score ÷ 100)×0.65
= Estimated Value at Risk · Illustrative projection only · Not a financial estimate

The 0.65 factor reflects that not all at-risk capital is extractable in a realistic attack. Market cap: CoinGecko (live, 60s cache). TVL: DeFiLlama (live). Non-crypto entities use estimated figures, labelled on each card.

Data Sources & AI
CoinGeckoLive prices, market caps, 24h changes — 60s cache
DeFiLlamaTVL for DeFi protocols — on page load
Etherscan V2Wallet balances — ETH, Polygon, BNB, Arbitrum, Optimism, Base
HeliusSolana wallet balances and SPL token accounts
BlockstreamBitcoin wallet balances
RoutescanAvalanche wallet balances
Anthropic ClaudeAI threat narratives (Haiku, cached 7 days) · AI entity scoring (Sonnet, on demand)
AI Transparency

All entities — indexed and non-indexed — receive AI-validated structured summaries generated by Claude Haiku. For indexed entities, the summary is generated from the entity's cryptographic data and score; any existing research text is preserved as secondary reference only and is visually demoted with a disclaimer. For non-indexed entities, Claude generates the full assessment from publicly available information. All AI outputs are cached 7 days per device. Early cache invalidation is permitted only when a materially new high-priority source appears (protocol proposals, standards body updates, peer-reviewed papers, official company disclosures, or confirmed security incidents). Unknown entity scoring uses Claude Sonnet and returns structured JSON; these cards show a blue AI banner and are informed estimates, not authoritative assessments.

Research References
Government & Regulatory
NSA — CNSA 2.0 — Mandates all National Security Systems migrate to NIST PQC by 2030. Strongest institutional validation of quantum urgency.
CISA / NSA / NIST — Quantum-Readiness Advisory — Joint directive for critical infrastructure to begin PQC migration immediately.
NIST PQC Standards (2024) — Finalized algorithms: ML-DSA, ML-KEM, SLH-DSA. Basis for all quantum-safe classifications in QEI.
NIST IR 8547 (2024) — Official deprecation timeline for RSA, ECDSA, and DH-based algorithms.
BIS Papers No. 158 — "Quantum-Readiness for the Financial System: A Roadmap" (July 2025) — Bank for International Settlements phased migration framework (2025–26 awareness → 2026–28 planning → late 2020s migration) for global financial infrastructure. Addresses harvest-now-decrypt-later threats at the systemic level.
ETSI — Quantum-Safe Hybrid Key Exchanges Standard (March 2025) — ETSI TC CYBER approved KEMAC (Key Encapsulation Mechanism with Access Control) and the Covercrypt scheme as ETSI TS 104 015. The primary European standards body ratification of hybrid classical+PQC key exchange.
Industry Research
Google Quantum AI — "Securing Elliptic Curve Cryptocurrencies against Quantum Vulnerabilities" (March 2026) — Confirms Shor's algorithm breaks 256-bit ECDLP with <1,200 logical qubits and <500,000 physical qubits (20× reduction from prior estimates) in ~9 minutes. Quantifies ~41% on-spend attack success against Bitcoin. Identifies Taproot (P2TR) as a quantum security regression, KZG on-setup as a permanent Ethereum backdoor risk, and concludes Bitcoin PoW appears not vulnerable to Grover's under current error-correction assumptions. Co-authored by Google Quantum AI, UC Berkeley, Ethereum Foundation (Justin Drake), and Stanford (Dan Boneh).
Coinbase Quantum Advisory Council (April 2026) — ~6.9M BTC in exposed addresses; PQC signatures may expand block sizes 38×. Co-authored by Dan Boneh (Stanford) and Justin Drake (Ethereum Foundation).
Federal Reserve — "Harvest Now, Decrypt Later" (2025) — Adversaries are already collecting encrypted data for future decryption. The threat is active now, not only at Q-Day.
Vitalik Buterin — Ethereum Quantum Roadmap (Feb 2026) — EIP-8141 and the Hegotia fork target native quantum-resistant signatures; full deployment remains multi-year.
Solana Foundation — Quantum Readiness (2026) — Both validator clients (Anza, Firedancer) have independently converged on Falcon as the preferred PQC signature scheme, with active GitHub PRs. Blueshift's Winternitz Vault has been operational for 2+ years and was cited by Google Quantum AI as a leading proactive PQC deployment. Three-stage migration roadmap: Falcon evaluation → new wallet adoption → full migration.
IBM Quantum Roadmap — 200 logical qubits by 2029 (Starling); 2,000 by 2033 (Blue Jay). Anchors the QEI Doom Clock Q-Day projection range.
Google Willow (December 2024) — 105-qubit chip completed a computation in 5 minutes that would take classical supercomputers 10²⁵ years. Strongest evidence that quantum timelines are compressing faster than expected.
Microsoft Majorana 1 (February 2025) — World's first topological qubit processor, designed to scale to 1 million qubits on a single chip. Signals a distinct, potentially faster path to fault-tolerant quantum computing.
Algorand Foundation — Post-Quantum Blockchain Technology (2025) — Official documentation of Falcon signature deployment on Algorand mainnet via the Algorand Virtual Machine; first quantum-resistant transaction on a major L1 in 2025.
Algorand — Technical Brief: Quantum-Resistant Transactions with Falcon Signatures (2025) — Engineering detail on Logic Signature implementation for Falcon-based accounts; sub-200-microsecond on-chain verification confirmed on live mainnet.
Chainlink Labs — "Quantum-Safe Cryptography: The Future of Onchain Security" (2024–2025) — Chainlink's crypto-agility strategy for oracle networks, covering NIST FIPS 203/204/205 adoption and hybrid PQC partnerships for decentralized infrastructure.
Protocol Proposals & Developer Research
BIP-360 — Pay-to-Merkle-Root (P2MR) Bitcoin Quantum-Resistant Address Proposal (2024–2025) — Community-drafted Bitcoin Improvement Proposal introducing a new output type that removes the quantum-vulnerable keypath spend present in Taproot (P2TR) addresses.
Ethereum Research — "Post-Quantum Ethereum Transactions via Account Abstraction" (2025) — Technical analysis of integrating Falcon signatures into Ethereum via ERC-4337 Account Abstraction without protocol-level changes; covers signature size and gas cost trade-offs.
Polkadot / Web3 Foundation — "Post-Quantum Cryptography Roadmap for Polkadot and JAM" (2024–2025) — Detailed developer roadmap for replacing Polkadot's validator and account signature schemes with Dilithium and Falcon; staged deployment targeting Kusama testnet first.
Foundational Algorithms
Shor's Algorithm (1994) — Breaks ECDSA, RSA, and Ed25519 in polynomial time on a fault-tolerant quantum computer.
Grover's Algorithm (1996) — Halves the effective security of hash functions and symmetric ciphers; mitigated by doubling key lengths.
Known Limitations
Q-Day timelines are speculative. Credible estimates range from 5 to 20+ years. The Doom Clock uses a single projected date for illustration only.
Factor scores for indexed entities are set by human researchers based on publicly available information. They are not independently audited.
AI-scored entities rely on Claude's training data, which has a knowledge cutoff. Recent PQC migration announcements may not be reflected.
Value at Risk figures are illustrative projections only. They are not financial estimates and must not inform investment decisions.
Wallet scan data reflects on-chain balances only. Off-chain and custodial holdings are not included.
This site does not constitute financial, security, or legal advice of any kind.
QEI Model v3.0 Last updated: April 2026 · 430+ entities View source on GitHub ↗ Terms of Service ↗ Privacy Policy ↗
⚠   Quantum Threat Countdown   ⚠
The End Of
---
Days
:
--
Hours
:
--
Minutes
:
--
Seconds
Q-Day Target: Wed, 08 Mar 2028 16:23:49 UTC
Jan 2020Q-Day 2028
Estimated date when cryptographically-relevant quantum computers can break current encryption standards. All timelines are projections based on published research.
⚠ Verified Breach Log

The Exposed Board

Real losses. Verified sources. Every breach below is documented, on-chain, and irreversible — the permanent record of classical cryptography failing at scale.

Total Documented Losses
$5.88B+
Data Source
Filter by Type
Step 1 of 6
Navigate with the Side Menu

Help & FAQ
Common questions about QEI
The Basics
What is the Quantum Exposure Index?
QEI ranks 420 entities — blockchains, banks, tech companies, governments, and more — by how exposed they are to the quantum computing threat. Each entity receives a composite risk score based on their cryptographic schemes, migration progress, key management practices, and public transparency.
What is Q-Day?
Q-Day is the projected moment when a cryptographically relevant quantum computer (CRQC) becomes capable of breaking today's public-key encryption — specifically RSA, ECDSA, and elliptic curve schemes. Most estimates place this between 2028 and 2035. The countdown on QEI targets 2029 as a conservative estimate. Once Q-Day arrives, any data encrypted today can be decrypted retroactively — meaning attackers are already harvesting encrypted data now.
What does "quantum-native" mean?
A "quantum-native" entity was built from day one using post-quantum or quantum-resistant cryptographic schemes, rather than inheriting classical (vulnerable) encryption. Examples include QRL (XMSS) and Diamante (Falcon). These entities have no classical key exposure risk and represent the benchmark for quantum readiness.
Scores & Methodology
How are risk scores calculated?
Each entity is scored across five pillars: Cryptographic Scheme (what algorithm protects keys), Upgrade Status (are they migrating?), Value at Risk (market cap or assets under quantum threat), Migration Timeline (how far along is the transition?), and Transparency (have they published a quantum roadmap?). Each pillar is weighted and combined into a 0–100 composite score. Lower is safer.
Are the scores updated in real time?
Market cap data is pulled live from CoinGecko for supported tokens, so the "value at risk" component updates continuously. Cryptographic and migration scores are manually reviewed and updated as entities publish new roadmaps, deploy upgrades, or make public announcements. The AI narrative tool also reflects the latest available public data at the time of your search.
Why isn't my company or token listed?
QEI currently covers 420 entities across major categories. If an entity isn't listed, open ≡ Menu → AI Search to generate an on-demand quantum risk assessment. The AI tool can score any publicly documented organization using available technical and policy information. Entities with significant market cap or public infrastructure are prioritized for inclusion in the main index.
Using the App
How do I navigate between sections?
Tap the ≡ Menu button in the top-left to open the side drawer. All eight sections are there: Index, AI Search, Wallet Scanner, Q-Day Clock, Compare, Report Cards, News Feed, Research Hub, and Methodology. The ⚠ Q-Day Clock button in the top-right is a quick shortcut to the countdown timer.
How do I search for any company or token?
Open ≡ Menu → AI Search and type any entity name — a bank, blockchain, crypto project, cloud provider, government body, or tech company. The AI analyzes publicly available information and returns a structured quantum risk score with narrative, sources, and recommended migration steps. Free users get 3 AI searches per day. Pro users get unlimited searches.
What is the Research Hub?
The Research Hub (accessible via ≡ Menu → Research Hub) is a curated library of primary sources powering QEI's assessments. It includes 20+ filterable source cards from NIST, Google Quantum AI, Microsoft, NSA, BIS, and leading blockchain teams; six sector briefings covering blockchains, banking, government, enterprise, healthcare, and telecom; and an 18-term glossary of quantum computing and cryptography terminology. It's designed for content creators, analysts, and industry professionals who need citable, primary-source references.
Is it safe to paste my wallet address?
Yes. Wallet addresses are public identifiers — they are not private keys and cannot be used to access your funds. QEI only reads the address to fetch on-chain data and calculate your personal quantum exposure score. We never ask for private keys, seed phrases, or any signing credentials. Do not paste those anywhere.
What's the difference between Free and Pro?
Free users get access to the full index, wallet scanning, and 3 AI searches per day. Pro users get unlimited AI searches, priority scoring for new entities, early access to features, and support for the ongoing research that powers QEI. Pro is $4.99/mo or $39.99/yr (save 33%).
How does the referral program work?
Every account gets a unique referral link in their profile panel. When someone subscribes to Pro using your link, you automatically receive 1 free month added to your subscription. There's no limit to how many referrals you can earn. Your referral count is tracked in your profile.
Technical
What cryptography is currently most at risk?
RSA (all key sizes), ECDSA, and standard elliptic curve cryptography are all broken by Shor's algorithm on a sufficiently powerful quantum computer. This covers the vast majority of today's blockchain signing schemes (Bitcoin, Ethereum, Solana, etc.) and most internet TLS/SSL infrastructure. Hash-based schemes (SHA-256 PoW) are much more resistant and are considered safe with appropriate key sizes.
What post-quantum algorithms are considered safe?
NIST finalized its first post-quantum standards in 2024: ML-KEM (CRYSTALS-Kyber) for key encapsulation, ML-DSA (CRYSTALS-Dilithium) for signatures, and SLH-DSA (SPHINCS+) for stateless hash-based signatures. XMSS and LMS are also NIST-approved (SP 800-208) for hash-based signatures. Falcon (NTRU-based) is also in the NIST PQC family. Entities adopting these schemes are the safest in the index.

New here? Take the 2-minute guided tour to learn how QEI works.

👤

Not signed in

Free
Name
Business Name
Email
Usage Today
AI Searches Used
Sign in to save your profile and sync your plan.
Card payments processed by Stripe. QEI does not store card details. Subscription managed by Stripe.