The obvious questions

Not today, and probably not tomorrow. The quantum threat is real but not imminent. No quantum computer today can break the cryptography protecting your wallet. Current estimates put that capability in the 2030–2040 range.

That said, the risk is not zero. If your wallet has ever sent a transaction, your public key is permanently on-chain and could be vulnerable to a future quantum computer. The safest move right now: move funds to a fresh address you've never sent from, and keep an eye on Ethereum's post-quantum migration plans.

Current estimates put cryptographically relevant quantum computers somewhere in the 2030–2040 window, though there's genuine uncertainty. Breaking secp256k1 (the curve ETH uses) likely requires around 4,000 error-corrected logical qubits. Today's best machines have thousands of physical qubits but far fewer logical ones after error correction.

The timeline could compress quickly. Progress in quantum hardware has repeatedly surprised researchers. The prudent assumption: plan as if 2030 is real, not science fiction.

Yes — Bitcoin uses the same secp256k1 elliptic curve cryptography. Any address that has ever spent from (i.e., revealed its public key) is equally at risk. Legacy Bitcoin addresses (P2PK) are even more exposed because the public key is always visible, even for receive-only addresses.

The scale of the problem is larger on Bitcoin: Satoshi's early coins alone contain millions of BTC in quantum-vulnerable addresses.

Hardware wallets protect your private key from classical attacks (malware, phishing, etc.) — but they can't help with quantum attacks. Once a transaction is broadcast, your public key is on-chain regardless of where the private key was generated or stored. The attack happens at the blockchain level, not the device level.

For exposed wallets: migrate your funds to a fresh address that has never sent a transaction. That alone doesn't make you quantum-safe forever — you're just buying time.

For the long term: watch for Ethereum's post-quantum roadmap. The Ethereum Foundation is actively researching quantum-resistant signature schemes (Winternitz, STARK-based auth). Eventually the network will transition — wallets that haven't migrated by then will need on-chain mechanisms to prove ownership.

For new funds: use fresh addresses and receive-only wallets until quantum-resistant standards are finalised.

The checker looks up your address via the Etherscan API. An address is considered exposed if it has ever sent a transaction (transaction count > 0) — which means the public key has been published on-chain. Vulnerable means exposed and has a non-zero balance. Smart contracts are reported separately since the quantum risk only applies to externally owned accounts (EOAs).

Results are cached locally to reduce API calls. No wallet connection or private key is ever required or requested.

Because the math is settled, the timeline is real, and we got tired of reading dry academic framing. The domain is a joke. The threat is not.

We figured people were more likely to actually check their wallets if we made it a little fun. Security awareness doesn't have to feel like a compliance exercise.

Yes, eventually. Ethereum's roadmap includes a post-quantum transition as a long-term priority. Vitalik Buterin has written about potential approaches including ERC-4337 (account abstraction) with quantum-resistant signature schemes and a hard fork that allows users to prove ownership through new cryptographic primitives.

The tricky part is the "who holds coins in exposed addresses" problem. If your private key is cracked before the transition, you're already gone. The network can only protect future transactions — not past exposure.