Is your favorite cryptocurrency quantum ready? The new trend among crypto developers

NIST finalized its first three post-quantum cryptography standards in August 2024 and told organizations to begin migrating immediately, with a 2035 deadline to deprecate quantum-vulnerable public-key algorithms from its guidelines.

Coinbase's advisory board reached the same conclusion in a recent report, arguing that blockchains, wallet providers, exchanges, and custodians should prepare before urgency arrives, and that unresolved public decisions around migration are already deterring some investment.

Google set a 2029 internal PQC migration timeline in March and updated its threat model to prioritize authentication services.

Those three directives share a structure that treats readiness as the operative matter. That convergence turns post-quantum planning from a debate in cryptography into a test of governance and credibility.

Crypto wallet threat illustration

The full-stack migration problem

Coinbase's paper maps the migration burden across a stack consisting of consensus layers, execution layers, wallets, exchanges, custodians, key management systems, and hardware.

It warns that hardware-based wallets and hardware security modules take time to update, that MPC support may differ by algorithm, and that many major blockchains have not committed to exact post-quantum signature choices.

NIST defines crypto-agility as the ability to replace and adapt algorithms across protocols, applications, hardware, firmware, and infrastructure while preserving operations.

Against that definition, crypto infrastructure providers are left to assess if their full stack can absorb an algorithmic transition without operational disruption. For most, the answer is still unresolved.

A readiness matrix maps post-quantum migration requirements across eight crypto stack layers, rating algorithm, software, hardware, and coordination demands for each.

Coinbase's paper says Bitcoin's core developers largely maintain a wait-and-see posture on the full migration details, and that this approach carries a cost in market uncertainty.

The paper also cites an estimate of roughly 13.6 million exposed Bitcoin addresses whose public keys are already visible on-chain. A transition would require at least several months of coordinated work once a post-quantum path is adopted.

For the largest and most conservative network in crypto, the migration question is still open as the community discusses BIP 361, creating room for other chains, wallets, and infrastructure providers to position concrete planning as a mark of operational seriousness.

Coinbase's paper points to Ethereum's migration plan and cites layer-2 networks, including Optimism, Arbitrum, and Base, as having announced post-quantum plans. Optimism has published a January 2036 flag day, at which point ECDSA signing keys lose control of externally owned account assets.

Algorand published its official materials, saying it executed the first post-quantum transaction on mainnet in 2025 using Falcon signatures.

Hardware and cloud vendors are turning the same logic into product language. Trezor markets its Safe 7 as having a “quantum-ready architecture” and explains in its support documentation that quantum readiness extends beyond transaction signing to include firmware authenticity and hardware verification.

AWS KMS now supports ML-DSA digital signatures and hybrid post-quantum TLS using ML-KEM, framing migration as a near-term priority for users with long-term confidentiality needs.

The commercial productization of post-quantum readiness shows that reputational sorting has already started at the infrastructure edges.

The credibility test

Post-quantum readiness is beginning to serve as a way for firms to signal maturity before a risk fully materializes, much like proof-of-reserves, SOC reports, and security certifications.

Coinbase's paper explicitly recommends that communities make difficult migration decisions public sooner rather than later, because current uncertainty is already affecting investment behavior.

NIST is moving in the same direction, framing PQC migration as a long-term, organization-wide program that requires hardware inventories, interoperability planning, governance, and budget allocation across every layer of operations.

In March, China announced plans to develop national PQC standards within 3 years, prioritizing finance and energy. The UK's NCSC has laid out milestones for 2028, 2031, and 2035 and says those dates anchor investment decisions and broader security planning.

The US and South Korea are both working toward 2035 migration horizons, positioning crypto as one sector inside a coordinated global transition.

A post-quantum migration timeline stretches from NIST's August 2024 standards to Optimism's January 2036 flag day, marking eight institutional deadlines across governments, regulators, and crypto networks.

Google's March research paper sharpened the urgency debate, as the research team compiled circuits to break 256-bit elliptic-curve discrete logarithm problems using fewer than half a million physical qubits, nearly a 20-fold reduction compared with prior resource estimates.

Google also argues that inaccurate or unsubstantiated resource estimates undermine confidence through fear, uncertainty, and doubt, even before a real attack occurs.

That argument maps directly onto Coinbase's statement that credibility is already a market input, independent of when a cryptographically relevant quantum computer actually arrives.

Two cases for post-quantum

If one or two major ecosystems publish credible end-to-end migration plans, post-quantum readiness graduates from a due diligence question to a genuine institutional sales advantage.

Trezor's public marketing and AWS's production PQC features show that the process has already started at the infrastructure layer.

In that environment, “quantum-ready” begins to serve as a trust badge for exchanges, custodians, and hardware wallet vendors, much as security certifications do for enterprise software.

The firms that demonstrate crypto-agility across the full stack of protocol, custody, hardware, and key management simultaneously capture institutional relationships that competitors without roadmaps cannot easily match.

Scenario

What firms publish

What the market sees

Operational reality

Likely market effect

Who benefits

What counts as failure

Readiness becomes a trust badge

Specific algorithms, public migration roadmap, deadlines, custody and wallet upgrade plans, hardware/KMS support, governance process

Seriousness, crypto-agility, institutional maturity, lower uncertainty

Migration is difficult but coordinated across protocol, custody, hardware, and key management layers

Post-quantum readiness becomes a due-diligence advantage and eventually a sales signal

Firms with end-to-end planning across chains, wallets, custodians, exchanges, hardware vendors, and KMS providers

Missing one layer of the stack, unclear timelines, or no public plan

Readiness becomes theater

Broad “quantum-ready” claims, vague intent statements, no algorithm commitment, no hardware path, no dormant-asset or recovery policy

Marketing without substance, operational ambiguity, weak governance

Dependencies remain unresolved and migration cannot be executed smoothly under pressure

Silence and vagueness turn into negative trust signals; institutions reward clearer competitors

Firms that disclose concrete dependencies and implementation paths, even if their migration is incomplete

Roadmaps without deadlines, no signature-scheme choice, no custody or hardware coordination, no credible execution path

Roadmaps can also proliferate without substance, as projects could name post-quantum intentions without committing to algorithms, deadlines, hardware upgrade paths, or dormant-asset policies.

Coinbase's paper notes that many major blockchains have not yet adopted specific post-quantum signature schemes.

If vagueness becomes the dominant mode, silence and incomplete disclosure become evidence of operational immaturity, and the same market attention that rewards clarity punishes theater.

The firms that win may be those that move the entire dependency chain simultaneously, such as L1 and L2 protocol teams, wallet software, hardware vendors, KMS providers, exchanges, custodians, and MPC and HSM vendors.

Coinbase's paper, NIST's migration push, and the commercial moves by vendors like Trezor and AWS collectively locate the quantum risk in the present.

Reputational sorting is already underway, and projects that treat post-quantum planning as a present-tense governance obligation may appear more credible to institutions and users.