You don't need to fall victim to a hacker to lose money; a single overlooked weakness is more than enough. On that front, the next major wave of risk is beyond the malware or phishing from yesterday, and in the looming advent of quantum computers.
Once sophisticated enough, such computers will be able to break widely used cryptographic signatures like ECDSA and Schnorr. That means if your public key has ever been revealed on-chain, a sufficiently powerful quantum adversary could compute your private key and take your funds.
This page introduces a tool that evaluates that exact risk. Our new tool, Crypto Checker Online, scans your wallet addresses and flags whether your public key has been exposed. You can access it here, or via the backend service that's available to both Twitter and Telegram bots. If so, you know that those funds are unsafe in a post-quantum world. If not, your assets are still shielded for the time being.
Why Checking for Post-quantum Security Matters Right Now
Every major blockchain, including Bitcoin and Ethereum, was designed before the quantum threat was practical or credible to implement. They use classical cryptography, which is strong against current machines, but theoretically breakable once a quantum computer with thousands of logical qubits emerges.
Public key exposure is the dividing line. On Bitcoin, Pay to Public Key outputs expose keys immediately, while Pay to Public Key Hash only does so at spend time. On Ethereum, every time you send a transaction, the public key is recoverable from the signature. This boils down to the same heuristic in both cases, where if the number of outgoing transactions is larger than zero, there's a vulnerability. Other chains have similar exposure schemes.
These distinctions are crucial for any crypto checker online tool to evaluate accurately. Once a public key is revealed, quantum attackers can target it directly. Unspent outputs that only reveal a hash are safer until moved. Even then, even if your coins are safe, if an attacker steals an exchange's cold wallet, it'll crash the price of a handful of different assets and affect the value of your holdings.
A quick scan using our tool tells you which category your holdings fall into so you can decide whether to rotate them to somewhere safer, or hold them where they are.
Here is why scanning now pays off:
Protect your investment by finding which addresses are PQC-exposed and should be moved first if quantum capability becomes imminent.
Verify wallet integrity against future risks, not just today's malware.
Stay ahead of threats by mapping out your migration plan before quantum computers arrive.
Gain peace of mind knowing which funds are still protected by key-hash shielding and which are not.
These benefits compound because every new transaction changes your exposure profile permanently.
How This Online Crypto Checker Tests Post-quantum Exposure
In a nutshell, the scanner performs a read-only analysis of public blockchain data.
For example, for a Bitcoin wallet address, it checks whether your outputs are still protected by hashes or whether your scriptSig or witness has revealed your public key. On Bitcoin, addresses fall into categories. Legacy P2PK keys are fully exposed. P2PKH and P2WPKH are safe until you spend, after which the public key is visible in scriptSig or witness.
Taproot addresses protect privacy better, but still reveal public keys when spent. For Taproot, the scan distinguishes between key-path spends, which expose an x-only public key, and script-path spends, which reveal additional control data.
For Ethereum, the tool flags any account that has already broadcast a transaction, since its public key can be reconstructed. Every active account has exposed its key. Our scan sorts addresses accordingly and reports whether they are PQC-secure.
Try a test run to see how it works.
Paste the Satoshi genesis address (1A1zP1eP5QGefi2DMPTfTL5SLmv7DivfNa) or Vitalik Buterin's wallet address (0xd8dA6BF26964aF9D7eEd9e03E53415D37aA96045) and run the tool. Since its funds never moved, no public key has been published, making it post-quantum safe for now. Paste an address that has spent its holdings, and the tool will find the public key and mark it as exposed.
To reiterate, if the scan shows your keys already visible on-chain, they will not withstand quantum attacks, so you need to take an action to secure your funds, preferably well in advance of sufficiently powerful quantum computers actually existing.
What to Do If You're Vulnerable
If the scan says your address is PQC-exposed, start planning migration now.
That means creating new wallets once PQC-resistant standards are adopted. NIST has finalized its first post-quantum encryption standards, including FIPS 203 ML-KEM. Developers are building PQC wallet protocols, and users will eventually need to rotate into them. Be on the lookout for opportunities to do that before it's a problem, and you'll have a much lower chance of seeing your coins get stolen by a previously-obscure vulnerability.
For now, here is a checklist of actions to take immediately:
Note which addresses are exposed.
Minimize spending from PQC-safe addresses until migration paths exist. They can still receive funds and remain secure.
Use hardware wallets to reduce classical attack surfaces while waiting for your preferred mitigation path.
Monitor updates from core projects on PQC security rollouts.
Quantum may not break wallets tomorrow, but preparing today means you will not be caught off guard. Don’t wait for quantum computers to emerge. Use Crypto Checker Online to identify vulnerabilities in your addresses.
To keep up with the latest in blockchain technology and quantum computing, join us on X and subscribe to our newsletter.
FAQs
Are unspent Bitcoin outputs PQC-safe?
Yes, until the first spend reveals the key. The timing of the spend doesn't matter much.
Are Ethereum addresses PQC-safe?
Not if they have sent any transaction. Once again, the timing of the transaction doesn't matter.
Should I panic?
No. Sufficiently powerful quantum computers at scale are likely still years away. But the migration clock is ticking, and when standards like FIPS 203 become operational in blockchains, being ready will matter. The tool helps you know where you stand today.
