MPC custody is the operational backbone of institutional crypto. Fifteen providers collectively protect over $10 trillion in digital assets, serve 550+ million wallets, and process $50 billion+ in monthly notional volume. A separate $32 billion in tokenized real-world assets now sits on classically signed chains. Every one of them relies on classical signature schemes (ECDSA secp256k1, Ed25519) that NIST will deprecate by 2030 and disallow by 2035. The industry's preferred conservative post-quantum replacement, SPHINCS+ (NIST FIPS 205), is mathematically incompatible with MPC. BlackRock BUIDL ($2.5B), JPMorgan Kinexys, Franklin FOBXX, Fidelity, DTCC, Visa, WisdomTree, Ondo ($2B), State Street, Goldman Sachs, and Broadridge ($362B daily) all run on these rails with zero disclosed post-quantum migration roadmaps. This report maps exactly where every provider, every chain, every programme, and every institution stands today.
“Quantum computers will break currently deployed public-key cryptography”
If you are an institution using Fireblocks, Copper, BitGo, Anchorage Digital, Cobo, or any MPC custody provider, this report maps your provider's quantum risk score against 14 peers and names the chains and programmes exposed.
If you are an MPC custody provider (Fireblocks, Copper, BitGo, Anchorage Digital, Ripple Custody, Fordefi (Paxos), Cobo, Ceffu, Safeheron, Dfns, Zodia Custody, Qredo, or others), this report scores your PQ readiness, names your institutional clients' exposure, and identifies the structural barrier you face under hash-based PQ migration.
If you are a VC evaluating custody or infrastructure (Haun, Dragonfly, Founders Fund, Brevan Howard Digital, a16z, Paradigm), this report quantifies the stranding risk across the MPC custody category and identifies the one structural moat that survives PQ migration.
If you are a compliance or risk officer at BlackRock, JPMorgan, Franklin Templeton, Goldman Sachs, Fidelity, DTCC, Visa, or any institution building on classically signed chains, this report frames the NIST 2030/2035 deprecation timeline against your current custody and settlement stack.
The Institutional MPC Market
Every major institutional custody decision made since 2018 is built on MPC. That installed base is now structurally exposed. The market splits into three segments: large institutional platforms combining MPC with governance, settlement, and regulated trust structures (Fireblocks, Copper, BitGo, Anchorage Digital, Ceffu); bank-grade custody and tokenization infrastructure (Ripple Custody / Metaco, Zodia Custody / Standard Chartered, Fordefi / Paxos, Dfns, Qredo); and hybrid MPC plus HSM or TEE stacks (Safeheron, Liminal, Blockdaemon, Cobo). Across all three segments, the MPC layer improves operational security. Across all three, the final on-chain signature remains classical.
| Provider | Segment | Disclosed Scale | Chains | Regulatory Status | Key Institutional Clients |
|---|---|---|---|---|---|
| Fireblocks | Institutional platform + trust | $10T+ protected, 550M wallets | 40+ | NYDFS trust charter | BNY Mellon, ABN AMRO, BNP Paribas, ANZ Bank |
| Copper | Institutional custody + settlement | $50B+ monthly notional, 1,000+ counterparties | 50+ | SOC 2, ISO 27001 | Brevan Howard, Flow Traders, B2C2, Cumberland |
| BitGo | Custody + wallets + prime | $104B+ on platform | Broad | SD custodian, NY trust, OCC | Galaxy Digital, Pantera Capital, Hashdex, Bitstamp |
| Fordefi (Paxos) | DeFi-first institutional wallet | ~300 institutional clients, $20B monthly | 90+ chains | SOC 2 Type 2 | Paxos, Clearstar, Pantera Capital, Figment |
| Cobo | Wallet infra + custody | $3.8T+ transactions, 200M+ wallets | 80+ | Licensed in 3 jurisdictions | MetaMask Institutional, Safe{Wallet}, Polymarket, dForce |
| Ceffu | Institutional custody + exchange | Not publicly disclosed | Multi-chain | ISO 27001, SOC 2 Type 2 | Hamilton Lane, Binance institutional clients |
| GK8 / Galaxy | Institutional treasury | Not publicly disclosed | Multi-chain | Galaxy group context | Galaxy Digital (parent), Goldman Sachs (via Galaxy) |
| Liminal | Custody + wallet infra | 12 countries, 1,200+ tokens | Multi-chain | Compliance integrations | CoinDCX, Hbar Foundation, El Salvador gov |
| Safeheron | MPC self-custody | $150B+ transferred, 170+ institutions | EVM-wide | ISO 27001, SOC 2 | dtcpay, Matrixport, Sinohope, HashKey |
| Dfns | Wallet infra for banks, PSPs | ~1% global stablecoin payments | Multi-chain | Not publicly disclosed | Stripe, Circle, Kraken, MoonPay |
| Blockdaemon | Validator + treasury custody | Not publicly disclosed | Multi-chain | Not publicly disclosed | CI Global, LHV Bank, Copper (infra partner) |
| Anchorage Digital | Federal crypto bank + custody | $10T+ transactions, 2,400+ clients | 45+ chains | OCC federal charter, SOC 2 | Visa, Western Union, Securitize, Aptos |
| Zodia Custody (SC) | Bank-backed custody + SaaS | 75+ assets, 7 offices, ~150 staff | Multi-chain | FCA, MiCA, HK, Singapore | Standard Chartered, Northern Trust, SBI Holdings, Emirates NBD |
| Qredo | Distributed MPC custody | Not publicly disclosed | Multi-chain | Not publicly disclosed | ConsenSys Mesh, FBG Capital |
| Ripple Custody (Metaco) | Bank-grade custody + tokenization | Not publicly disclosed | Multi-chain | Swiss-regulated, multi-jurisdiction | HSBC, BNP Paribas, BBVA, DBS |
MPC is not a feature. It is the foundation. And that foundation has a structural flaw no firmware update can fix.
Fireblocks publicly names ABN AMRO among its customer stories and references infrastructure protecting $10T+ across 550M wallets. Copper lists Brevan Howard, Flow Traders, B2C2, Amber, Cumberland, and Fasanara as counterparties. Anchorage Digital, America's first OCC-chartered crypto bank ($4.2B valuation), custodies assets for Visa, Western Union, and Securitize and has processed $10T+ in transactions. Ripple Custody (Metaco) serves some of the deepest Tier 1 bank relationships in the MPC market: HSBC, BNP Paribas, BBVA, DBS, SocGen Forge, and DekaBank. BitGo ($104B+ on platform, NYSE: BTGO) custodies for Galaxy Digital, Pantera Capital, Hashdex, and Bitstamp across 4,600+ institutional clients. Zodia Custody, founded by Standard Chartered and Northern Trust, is being absorbed into SC's CIB digital asset division (May 2026) with minority stakes from SBI Holdings, National Australia Bank, and Emirates NBD across 7 offices and 75+ assets. Dfns names Stripe, Circle, Kraken, MoonPay, Apex Group, Paxos, SCB, and Vermont State Bank as customers. Cobo identifies MetaMask Institutional and Safe{Wallet} as partners. Safeheron publicly quotes dtcpay. Blockdaemon references CI Global and LHV Bank. Qredo names ConsenSys Mesh and FBG Capital.
Beyond the custody providers themselves, $32 billion in tokenized real-world assets now sits on classically signed chains (RWA.xyz, May 2026). Major institutional programmes building directly on these rails: BlackRock BUIDL ($2.5B AUM, Ethereum/Solana/Polygon/Avalanche/Arbitrum/Optimism/Aptos/BNB Chain, all secp256k1 or Ed25519), JPMorgan Kinexys (settling tokenized Treasuries on public chains, Ethereum-linked), Franklin Templeton FOBXX/BENJI (Stellar/Solana, Ed25519), Goldman Sachs GS DAP (Canton, deployment-specific classical), Fidelity tokenized Treasuries (multi-chain), DTCC (multi-chain settlement integration), Visa stablecoin infrastructure (Ethereum/Solana, secp256k1/Ed25519), WisdomTree WTGXX (surged 759% YoY, Ethereum), State Street digital custody (multi-chain), Broadridge DLT Repo ($362B daily via Canton), and Ondo Finance ($2B combined OUSG/USDY, Ethereum). Zero of these programmes have disclosed a post-quantum migration roadmap. Every one relies on ECDSA or Ed25519 signatures that NIST will deprecate by 2030.
“tokenisation today is roughly where the internet was in 1996”
The Impossibility: $3.4 Billion Stolen Classically. Quantum Makes It Automatic.
“With possession of the private key, an attacker virtually owns all of the currency”
The attack pattern has not changed in a decade. Compromise the private key, move the funds. Attackers are not exploiting smart contract code. They are exploiting authority: mint keys, admin multisigs, bridge signers, vault operators, governance councils. The control plane of money. Today, that requires human error. Leaked devices. Phishing. Weak multisigs. Tomorrow, it requires math.
“bad actors are early adopters of transformative technology”
| Date | Target | Loss | Attack Vector | Signing Scheme Exploited |
|---|---|---|---|---|
| Feb 2025 | Bybit | $1.46B | Multisig cold wallet compromise. 3 of 5 signers targeted via phishing + malware. | secp256k1 ECDSA |
| Apr 2026 | Drift Protocol | $285M | DPRK operatives infiltrated over months. 31 withdrawals executed in 12 minutes. | Ed25519 (Solana) |
| Apr 2026 | KelpDAO | $292M | Bridge validator private key compromised. Fake message released 116,500 rsETH. | secp256k1 ECDSA (Ethereum) |
| Jan 2026 | Step Finance | $30M | Compromised private keys. No smart contract bug involved. | Ed25519 (Solana) |
| May 2026 | StablR | $12.8M | Unauthorized minting: 8.35M USDR + 4.5M EURR minted in 2 minutes via key control. | secp256k1 ECDSA |
| Feb 2026 | IoTeX (ioTube Bridge) | $4.4M | Full control of validator private key. Malicious contract upgrade bypassed signer checks. | secp256k1 ECDSA (Ethereum) |
| Apr 2026 | Volo Protocol | $3.5M | Private key compromise. Attacker impersonated vault owner, drained 3 vaults. | Classical (EVM) |
| Q1 2026 | 47 incidents (total) | $482M | Phishing and social engineering drove $306M (63%) of Q1 2026 losses alone. | Various classical schemes |
The pattern is structural. In 2025, adversaries stole $2.87 billion across 150 incidents, with the top 10 accounting for 81% of total losses. In the first four months of 2026, North Korean-linked actors alone were responsible for 76% of all value stolen. $482 million was lost in Q1 2026, with phishing and social engineering driving 63% of those losses. The attack surface is not the smart contract. It is whoever controls the signing key. Whoever controlled the signing key controlled the money. Full stop. MPC distributes key generation and signing, reducing insider and device compromise risk. But on every major public chain, the final signature verified by consensus remains classical ECDSA or Ed25519. A quantum adversary does not need months of social engineering to infiltrate a team. It recovers the private key from the public key visible on-chain after the first transaction. The result is identical. The control plane breaks. The money is gone.
“if a user has made even one transaction, then the signature of that transaction reveals the public key”
NIST published SLH-DSA (FIPS 205) in August 2024 as the stateless hash-based PQ signature standard. Circle's Arc selects SLH-DSA-SHA2-128s for smart-account verification. Aptos proposes the same scheme for post-quantum accounts. Ethereum's PQ working group targets a hash-based direction by 2029. Taurus SA, a regulated HSM-based custodian, independently recommends SPHINCS+ because it relies on hash function security assumptions studied for decades, not on lattice problems less than 20 years old. NSA CNSA 2.0 mandates PQ migration for national security systems by 2027. NIST IR 8547 deprecates ECDSA after 2030 and disallows it after 2035.
“There is no need to wait for future standards”
“The work must begin well before the threat arrives”
Taurus SA published in June 2026 that hash-based signatures are "theoretically impossible" under MPC. The mathematical basis is unambiguous. SPHINCS+ signing requires 10,000 to 20,000 SHA-256 compressions per signature. Each compression is approximately 22,000 AND gates in a boolean circuit. To threshold-compute this across 5 institutional MPC parties at 128-bit security: approximately 26 terabytes of communication per signature and 500 to 700 sequential communication rounds. This is 6 to 7 orders of magnitude beyond what institutional custody requires. No optimization trajectory closes this gap. The constraint is not engineering. It is mathematical structure. Hash functions lack the algebraic properties needed to distribute signing computation while preserving completeness, correctness, and privacy.
| PQ Signature Family | Examples | Institutional Adoption | HSM Support | MPC Support |
|---|---|---|---|---|
| Lattice-based | ML-DSA (Dilithium), FN-DSA (Falcon) | No major chain commitment | Supported | Possible, not production-validated |
| Hash-based | SLH-DSA / SPHINCS+, LMS/HSS | Circle Arc, Aptos, Ethereum direction | Supported | Theoretically impossible |
| Multivariate | MAYO, QR-UOV, SNOVA, UOV | No standard yet | Supported | Most MPC-friendly, not ready |
| MPC-in-the-head | MQOM, SDitH, AIMer | No standard yet | Supported | Not MPC-friendly, needs research |
The industry's preferred post-quantum signature category, hash-based schemes (SPHINCS+ / SLH-DSA, NIST FIPS 205), cannot work with the industry's preferred custody model. This is not a SPHINCS+-specific limitation. It applies to the entire hash-based signature family. Hash functions lack the algebraic properties required to distribute signing computation while preserving completeness, correctness, and privacy. Every institution that chose MPC faces a binary path. Path A: abandon MPC, switch to HSM-only custody, accept single-point-of-failure risk, re-architect, re-certify. Path B: adopt lattice-based PQ via threshold protocols that are 2025-2026 vintage, unvalidated for production, and carry security assumptions less than 20 years old. Neither path delivers hash-based PQ security with distributed key management.
Where Every Provider and Every Chain Stands
No reviewed MPC custody provider qualifies below High Quantum Risk. The best firms have better migration starting points. None have solved the problem.
“signature schemes that were not built to withstand quantum threats”
| Provider | Chain Exposure | Signature Footprint | Quantum Risk | Assessment |
|---|---|---|---|---|
| Fireblocks | EVM, BTC, Solana, tokenization | secp256k1, Ed25519 | High | Scale, API breadth, and NYDFS trust structure create migration optionality. Serves ABN AMRO and 550M+ wallets. No PQ-native stack. |
| Copper | EVM, BTC, staking, DeFi | secp256k1 dominant | Critical | ClearLoop settlement for Brevan Howard, Flow Traders, B2C2, Cumberland, Fasanara. No public PQ pathway. |
| BitGo | Bitcoin-first, broad custody | secp256k1 ECDSA, Schnorr | Critical | Deepest licensing (SD, NY, OCC). $104B+ on platform. No PQ transition design in reviewed material. |
| Fordefi (Paxos) | EVM, DeFi-heavy | secp256k1 dominant | High | MPC SDK and developer stack improve migration potential. Paxos acquisition adds stablecoin infrastructure depth. DeFi frequency worsens exposure window. |
| Cobo | Broad multichain (80+) | secp256k1, Ed25519 | High | Broadest wallet abstraction and TSS depth. Partners: MetaMask Institutional, Safe{Wallet}. $3.8T+ transactions. Still classical on-chain. |
| Ceffu | Exchange-linked multichain | Chain-native classical | Critical | Institutional MPC language. No PQ roadmap evidence in reviewed material. |
| GK8 / Galaxy | Institutional treasury | Chain-native classical | Critical | uMPC architecture likely capable. Public evidence incomplete in this review. |
| Liminal | Multi-sig + MPC hybrid | secp256k1 dominant | Critical | Hybrid MPC+HSM widens operational resilience. Does not solve chain-verifier problem. |
| Safeheron | EVM-wide self-custody | secp256k1 dominant | High | Open-source MPC-TSS posture, strong API surface. Best transparency in the cohort. No PQ-native stack. |
| Dfns | Banking, PSP, stablecoin | EVM + payment classical | High | API-first bank infra. Serves Stripe, Circle, Kraken, MoonPay, Apex Group, Paxos, SCB. ~1% global stablecoin payments settle through Dfns. No PQ-native stack. |
| Blockdaemon | Custody + validators | Chain-native classical | Critical | Biggest hidden quantum debt sits in validator and staking key operations, not wallet signing. |
| Anchorage Digital | EVM, BTC, Solana, stablecoin issuance | secp256k1, Ed25519 | High | OCC federal charter and $10T+ transactions create strongest regulatory positioning. MPC + secure enclave architecture. Stablecoin issuance (USDGO, USAT via Tether) adds exposure surface. No PQ-native stack. |
| Zodia Custody (SC) | EVM, BTC, stablecoin custody | secp256k1, Ed25519 | High | Standard Chartered CIB absorption (May 2026) gives GSIB-scale migration resources. FCA, MiCA, HK, Singapore licensed. Zodia Switch with LMAX. No PQ-native stack. Bank backing creates strongest migration optionality in the cohort. |
| Qredo | Distributed MPC custody | Chain-native classical | High | dMPC architecture is flexible. No PQ verifier layer. Middleware ends before the chain verifier. |
| Ripple Custody (Metaco) | Bank treasury, tokenization | Chain-native classical | Critical | Deepest Tier 1 bank client base (HSBC, BNP Paribas, BBVA, DBS). Harmonize platform is bank-grade. No PQ verifier layer. Bank clients inherit full chain-level quantum exposure. |
| Chain | Dominant Signing | PQ Status | Quantum Failure Mode |
|---|---|---|---|
| Ethereum | secp256k1 ECDSA | Not PQ-safe | Private key recovery from public key. EOA signature forgery. BLS consensus also exposed. Hosts majority of $32B tokenized RWA value. BlackRock BUIDL ($2.5B), JPMorgan Kinexys, WisdomTree, Visa, Ondo ($2B), Circle USDC, Securitize. |
| Solana | Ed25519 | Not PQ-safe | Transaction signing key recovery. All three verification programs remain classical. Franklin FOBXX migrated here. Visa stablecoin pilot. 163,000 RWA holders. Drift Protocol hacked $285M Apr 2026. |
| Canton | Deployment-specific | Not PQ-native | Greater migration flexibility than public L1s. Not PQ-native in reviewed evidence. Goldman Sachs GS DAP, Broadridge $362B daily DLT Repo. |
| Stellar | Ed25519 | Not PQ-safe | Classical account key failure. Direct private key recovery. Franklin FOBXX original chain (launched 2021). Circle USDC. Among earliest institutional tokenized fund rails. |
| Bitcoin | secp256k1 ECDSA + Schnorr | Not PQ-safe | Public key exposed at spend time. Signature forgery on any UTXO with visible public key. Fidelity, MicroStrategy, Coinbase Custody, BitGo primary chain. |
| Base | secp256k1 (EVM) | Not PQ-safe | Inherits full Ethereum EOA exposure. Coinbase institutional settlement layer. |
| Polygon | secp256k1 (EVM) | Not PQ-safe | Inherits full Ethereum EOA exposure. Franklin FOBXX secondary chain. |
| Arbitrum | secp256k1 (EVM) | Not PQ-safe | Inherits full Ethereum EOA exposure. KelpDAO hacked $292M Apr 2026 via bridge signer. |
| Avalanche C-Chain | secp256k1 (EVM) | Not PQ-safe | Inherits full Ethereum EOA exposure. |
| BNB Chain | secp256k1 (EVM) | Not PQ-safe | Inherits full Ethereum EOA exposure. |
| Cosmos | secp256k1 + ed25519 | Not PQ-safe | User key and validator key forgery. Dual exposure surface. dYdX, Injective, Osmosis ecosystems. |
| Sui | Ed25519, secp256k1, secp256r1 | Not PQ-safe | All three signature schemes classical. zkLogin wrappers do not change underlying crypto. |
| Aptos | Ed25519 + multisig | Not PQ-safe | Classical account-signing failure. PQ proposal exists but not deployed. |
| Starknet | Stark-curve signature | Not PQ-safe | Account-validation layer forgery. Custom account logic helps flexibility, not safety. |
| Hedera | Ed25519 + secp256k1 | Not PQ-safe | Account key compromise. Transaction forgery across both key types. |
| XRP Ledger | secp256k1 + Ed25519 | Not PQ-safe | Account key and signer-list failure across both key models. |
The breakpoint is structurally identical across all chains. Once consensus verification depends on a classical signature, MPC does not protect the chain-facing layer. For hash-based PQ signatures with MPC custody, even account abstraction and custom verifier contracts are insufficient because the threshold computation itself is impossible.
One Architecture Survives
Every MPC custody provider in this report faces the same structural dead end. Two paths exist. Both fail. One chain offers a third.
You change nothing about your operating model. Your MPC infrastructure maps directly onto EternaX. You run your distributed authorization quorum exactly as you do today. Same key management. Same policy engine. Same approval workflows. Same HSM boundaries. Same regulatory licenses. The chain accepts your MPC authorization output through one pathway and handles hash-based PQ verification through a separate pathway. You never threshold-compute a hash-based signature. The impossibility result is never violated.
Hash-based PQ compliance without thresholding hash-based signatures. The chain separates the custody key (algebraic, MPC-native, threshold-friendly) from the PQ authentication key (SPHINCS+ / SLH-DSA, NIST FIPS 205, hash-based, hardware-boundary). Both compose per transaction at the protocol level. The Taurus SA impossibility is conceded and routed around by design.
160 bytes permanent, not 7,856. The on-chain settlement record is 160 bytes per transaction (SILMARILS: arXiv:2605.03230). SPHINCS+-128s on any other chain is 7,856 bytes, 49 times larger, permanently on-chain, on every transaction.
~2% TPS loss, not ~90%. EternaX retains 50,000 to 200,000 TPS under PQ operations with 20-50ms soft finality and 400-520ms hard finality. Solana loses ~90%. Ethereum loses ~84%. Canton loses ~88%.
First-mover advantage. The first custody provider to integrate with EternaX offers something no competitor on any other chain can match: hash-based PQ-safe MPC custody with the most conservative NIST-approved post-quantum signature standard. That is a new product line, a new fee tier, and a new mandate-winning capability.
Same custody provider. Same MPC. Hash-based PQ-safe. You do not switch custody providers. You do not migrate keys. You do not rebuild compliance frameworks. Your existing custody provider (Fireblocks, Copper, BitGo, Anchorage Digital, Zodia Custody, or any MPC provider) runs their MPC exactly as they do today, on the only chain where hash-based post-quantum compliance is mathematically possible.
SPHINCS+-compliant settlement from day one. Every asset issued, transferred, or settled on EternaX carries hash-based post-quantum authentication (SPHINCS+ / SLH-DSA, NIST FIPS 205) at the protocol level. No migration debt (see: Cryptographic Migration Debt framework, $57B-$135B institutional exposure). No retrofit. No deadline pressure. Your NIST 2030/2035 compliance obligation is resolved at the infrastructure layer.
Fiduciary defensibility. When your board, your regulator, or your auditor asks whether your digital asset custody is post-quantum safe, you have a verifiable answer: hash-based PQ-safe MPC custody, with the most conservative NIST-approved signature standard, on the only chain where that combination is architecturally possible. That is a fiduciary position, not a technology bet.
| Metric | EternaX | Ethereum | Solana | Canton | Stellar |
|---|---|---|---|---|---|
| Hash-based PQ + MPC custody | Supported | Impossible | Impossible | Impossible | Impossible |
| TPS loss under hash-based PQ | ~2% | ~84% | ~90% | ~88% | ~90% |
| PQ signature standard | SPHINCS+ (NIST FIPS 205) | SPHINCS+ (target) | TBD | TBD | TBD |
| TPS range | 50,000-200,000 | ~15-30 | ~4,000 (post-PQ) | ~600 (post-PQ) | ~100 (post-PQ) |
| Soft finality | 20-50ms | ~12s | ~400ms | Variable | ~5s |
| Hard finality | 400-520ms | ~15 min | ~12.8s | Variable | ~5s |
Cryptographic Migration Debt: The Post-Quantum Risk Framework for Institutional Digital Assets
$57B-$135B first-order migration debt across 9 named institutional programmes. The three-plane framework (Asset, Control, Privacy) for boards and risk committees.
Post-Quantum Exposure Map 2026
20+ institutions, 30+ tokenized products, 11 networks, zero PQ migrations found. The institutional PQ exposure landscape.
SILMARILS: Compact Post-Quantum Authentication for Blockchain Systems
How decomposing the four jobs bundled into a transaction signature makes post-quantum settlement practical without a permanent per-transaction size tax. 160-byte designated-verifier signatures with SPHINCS+ anchoring.
SILMARILS Paper (arXiv:2605.03230)
Khodaiemehr, Bagheri, Feng, Porechna. Formal ROM, QROM, and information-theoretic analysis. The cryptographic foundation of EternaX's authentication layer.
Why EternaX: Institutional Settlement with Privacy, Composability, and PQ-Native Security
Three institutional requirements converging: privacy, DeFi composability, post-quantum security. The full product thesis.
EternaX is not competing for MPC custody market share. EternaX is the settlement layer where MPC custody and hash-based post-quantum compliance (SPHINCS+ / SLH-DSA, NIST FIPS 205) converge. A competing chain would need to design and formally verify a new custody-layer cryptographic construction, redesign transaction validation, implement ephemeral signature propagation and pruning, migrate all existing accounts and state, and secure ecosystem-wide consensus. That is a multi-year protocol redesign, not a firmware update. The fifteen providers in this report do not need to wait for it. The rail exists.
What Institutions Should Do Now
Post-quantum custody readiness is not a project with a completion date. It is a governance obligation that starts with three questions.
“begin preparing now for migration to post-quantum cryptography”
Question 1: Does your post-quantum signature roadmap include hash-based schemes (SLH-DSA / SPHINCS+), or only lattice-based alternatives? If only lattice-based, what is your assessment of the security assumption risk given these algorithms rely on mathematical problems less than 20 years old?
Question 2: Can your MPC stack threshold-compute SPHINCS+ signatures? If not, what is your documented alternative for delivering hash-based PQ security with distributed key management?
Question 3: What is your compliance plan for the NIST IR 8547 ECDSA deprecation (2030) and disallowance (2035) timeline, and how does your custody architecture adapt when the blockchains you support migrate to PQ signatures?
“The key is to be on this journey today and not wait until the last minute”
If the answer to Question 2 is "no" or "we are evaluating," the institution is carrying unmitigated post-quantum custody risk across every chain and every asset under that provider's management. If the answer to Question 1 excludes hash-based schemes, the institution is betting its long-term custody security on lattice assumptions that have not been tested against quantum adversaries in practice. If the answer to Question 3 is "we are monitoring," the institution does not have a plan.
If your custody provider scores Critical Quantum Risk in this report: Request a written PQ roadmap within 90 days. Document residual risk. Evaluate PQ-native settlement infrastructure for new deployments.
If your custody provider scores High Quantum Risk: Request a PQ roadmap. Establish an internal review date aligned with the NIST 2030 deprecation. Begin due diligence on PQ-native chains for pilot settlement.
If your custody provider is not listed in this report: The three questions above still apply.
EternaX is a settlement rail, not a custodian. We do not compete with your custody business. We make your custody business hash-based PQ-safe. The chain enforces the post-quantum validity rule. You run the distributed authorization quorum, the policy engine, key recovery, and the customer relationship. Your existing MPC and HSM infrastructure, key-management discipline, and approval workflows map directly onto the rail. You never threshold-compute a hash-based signature. Nothing about the cryptography asks you to leave the operating model you know.
Integrate with EternaX and offer your clients the only hash-based PQ-safe MPC custody in the market. First mover wins the mandate. No competitor on any other chain can match this claim.
We are actively working with custody and HSM providers who want to offer hash-based post-quantum custody on the rail. If you are Fireblocks, Copper, BitGo, Anchorage Digital, Ripple Custody, Cobo, Safeheron, Dfns, Zodia Custody, Fordefi (Paxos), Liminal, Blockdaemon, or any MPC provider looking at the hash-based PQ migration barrier described in this report, we would like to talk.
Ask your custody provider one question: Can your MPC threshold-compute hash-based post-quantum signatures (SPHINCS+ / SLH-DSA) on any chain you currently support? The answer is no. On every chain except EternaX, hash-based PQ signatures are mathematically incompatible with MPC threshold computation.
You do not need to switch custody providers. You do not need to rebuild your operating model. Your existing provider (Fireblocks, Copper, BitGo, Anchorage Digital, Zodia Custody, or any MPC custodian) runs their MPC exactly as they do today on EternaX. The chain handles hash-based PQ verification at the protocol level. Your provider offers you SPHINCS+-compliant PQ-safe custody. No other chain makes this possible. The institutions that demand hash-based PQ-safe custody first will set the terms, win the strongest fiduciary position, and define the standard their competitors must follow.
Frequently Asked Questions
What is post-quantum custody?
Post-quantum custody is digital asset custody infrastructure that remains secure after a cryptographically relevant quantum computer can break today’s classical public-key signatures. The issue is not only wallet security; it is the full custody and settlement stack: ECDSA, Ed25519, Schnorr, key recovery, policy engines, backup encryption, MPC workflows, HSM boundaries, and chain-level signature verification. Institutions using Fireblocks, Copper, BitGo, Anchorage Digital, Cobo, Dfns, Safeheron, Fordefi (Paxos), or similar providers still rely on classical signatures on the underlying chains.
Why does post-quantum custody matter for institutions?
Post-quantum custody matters because institutional digital assets are controlled by signatures, not by branding, regulation, or custody policy alone. A quantum adversary that can recover private keys from exposed public keys can bypass the operational controls around those keys. This affects custody wallets, mint keys, bridge validators, tokenized fund administrators, stablecoin issuers, staking operators, treasury systems, and settlement rails. The risk is structural because every major public chain still verifies classical signatures.
Is MPC custody post-quantum safe?
No. MPC custody is not post-quantum safe if the final signature verified by the blockchain is still ECDSA, Ed25519, or Schnorr. MPC distributes signing authority across multiple parties, which improves operational security against theft, insiders, and device compromise. But MPC does not change the chain-visible signature scheme. A quantum adversary attacks the public-key signature layer that consensus verifies, not the internal MPC ceremony used to produce the signature.
Does MPC protect against Shor’s algorithm?
No. MPC does not protect ECDSA, Ed25519, or Schnorr signatures from Shor’s algorithm. Shor’s algorithm attacks the mathematical hardness assumptions behind elliptic-curve and RSA cryptography. MPC can split control of a private key across parties, but once a public key is exposed on-chain, the underlying classical signature scheme remains vulnerable. This is why MPC custody and post-quantum custody are not the same thing.
Are Fireblocks, Copper, BitGo, Cobo, Dfns, Safeheron, and Fordefi post-quantum safe?
No reviewed institutional MPC custody provider is post-quantum safe today. Fireblocks, Copper, BitGo, Anchorage Digital, Ripple Custody, Cobo, Dfns, Safeheron, Fordefi (Paxos), Zodia Custody, Qredo, and similar platforms may offer strong operational controls, but the assets they custody ultimately settle on chains using classical signatures. Unless the underlying chain supports post-quantum verification and the custody architecture can operate with that verification model, the custody stack remains exposed to quantum key recovery.
Can MPC threshold-compute SPHINCS+ signatures?
No. Threshold SPHINCS+ is not commercially practical for institutional MPC custody because hash-based signatures lack the algebraic structure MPC needs for efficient distributed signing. SPHINCS+ signing requires thousands of hash computations, and threshold-computing those operations across multiple institutional parties creates extreme communication and round-complexity overhead. This is a structural cryptographic barrier, not a simple implementation gap or vendor roadmap issue.
Why is SPHINCS+ preferred for conservative institutional post-quantum security?
SPHINCS+, standardized by NIST as SLH-DSA in FIPS 205, is preferred by conservative institutions because it is hash-based. Its security relies on hash-function assumptions that have been studied for decades, rather than newer lattice assumptions. That makes SPHINCS+ attractive for critical infrastructure, long-duration assets, settlement systems, tokenized funds, and regulated financial infrastructure where robustness matters more than elegance. The problem is that SPHINCS+ is structurally incompatible with conventional MPC custody.
What is the difference between MPC and HSM custody for post-quantum migration?
HSM custody can support post-quantum signature standards such as SPHINCS+ inside a protected hardware boundary, while conventional MPC custody cannot efficiently threshold-compute hash-based SPHINCS+ signatures. The tradeoff is severe: HSMs offer post-quantum algorithm support but concentrate trust in hardware boundaries; MPC distributes trust but struggles with the most conservative hash-based PQ signatures. EternaX resolves this by separating MPC-compatible custody control from post-quantum authentication at the chain level.
What is the NIST 2030 and 2035 timeline for classical signatures?
The relevant NIST migration timeline signals that classical public-key schemes such as ECDSA, EdDSA, RSA, and related signature systems should be phased out of sensitive systems over the next decade. For digital assets, that matters because Ethereum, Bitcoin, Solana, Polygon, Avalanche, Arbitrum, BNB Chain, Stellar, and most custody systems still depend on classical signatures. Institutions should not wait until the deadline year; custody migrations require years of vendor review, chain support, testing, audits, governance, and counterparty acceptance.
Can my existing custody provider offer PQ-safe custody on EternaX?
Yes. EternaX is the only chain where existing MPC custody infrastructure remains functional under hash-based post-quantum migration. Your custody provider (Fireblocks, Copper, BitGo, Anchorage Digital, Zodia Custody, or any MPC provider) runs their distributed authorization quorum exactly as they do today. The chain handles SPHINCS+ (hash-based, NIST FIPS 205) verification at the protocol level. No threshold computation of hash-based signatures is required. Your provider keeps their MPC, their licenses, their policy engine, and your client relationship. You get hash-based PQ-safe custody without switching providers.
Does EternaX compete with MPC custody providers?
No. EternaX is a settlement rail, not a custodian. Custody providers keep their clients, their licenses, their MPC infrastructure, and their operating models. EternaX makes their custody hash-based PQ-safe. The chain provides the architecture where the custody provider's MPC authorization output composes with SPHINCS+ verification at the protocol level. This is analogous to how Ethereum provides the settlement layer and Fireblocks provides the custody layer, except that on EternaX, the custody provider can offer hash-based post-quantum compliance that is mathematically impossible on any other chain.
Which major blockchains are post-quantum safe today?
No major public blockchain is post-quantum safe in production today. Ethereum, Bitcoin, Solana, Polygon, Avalanche, Arbitrum, Optimism, BNB Chain, Stellar, Aptos, Sui, Canton, and similar networks still rely on classical signature verification in their production settlement flows. Some ecosystems are researching post-quantum migration, but research direction is not production protection. Assets remain exposed until the chain, account model, wallet stack, custody layer, and migration path are all post-quantum-ready.
Can Ethereum, Bitcoin, or Solana migrate to SPHINCS+ without breaking MPC custody?
Not cleanly. If a chain simply replaces ECDSA or Ed25519 with SPHINCS+, it may improve post-quantum signature security but can break compatibility with conventional MPC custody. That is because SPHINCS+ is hash-based and not efficiently threshold-computable under standard MPC models. A serious migration must solve both problems together: post-quantum chain verification and institutional distributed custody. Treating them separately creates a new custody bottleneck.
What is the difference between post-quantum custody and post-quantum settlement?
Post-quantum custody protects the systems that authorize asset movement; post-quantum settlement protects the chain that validates and finalizes asset movement. Institutions need both. A custody provider can harden devices, approvals, policies, and key storage, but if the blockchain still accepts classical signatures, the final settlement layer remains quantum-exposed. EternaX focuses on post-quantum settlement infrastructure so custody providers can operate on a rail designed for quantum-durable transaction validity from genesis.
What is custody control-plane risk in a post-quantum world?
Custody control-plane risk is the risk that the systems controlling authorization are compromised, even if the asset contract itself is not hacked. Today, attackers target laptops, admin consoles, policy engines, signer devices, backups, bridges, validator keys, and multisig quorums. In a post-quantum world, the attacker may not need theft, phishing, malware, or social engineering. If public keys are exposed and signatures are classical, quantum key recovery can convert control-plane risk into mathematical key compromise.
How much crypto has been stolen through private key and signing-control compromise?
Billions of dollars have been lost through private key compromise, signer compromise, phishing, malware, multisig failures, bridge validator compromise, and admin-key misuse. The institutional lesson is direct: the control plane of crypto is the signing layer. Smart-contract audits do not protect assets if the keys that authorize movement are compromised. A quantum attacker turns this same pattern into an algorithmic attack by recovering keys from vulnerable public-key cryptography.
Are tokenized funds, stablecoins, and RWAs exposed to post-quantum custody risk?
Yes. Tokenized funds, stablecoins, and real-world assets are exposed if their minting, redemption, transfer, admin, bridge, or settlement workflows depend on classical signatures. This includes assets issued on Ethereum, Solana, Polygon, Avalanche, Stellar, Canton, and other classically signed networks. The risk is not limited to asset holders; it affects issuers, transfer agents, custodians, market makers, settlement venues, auditors, administrators, and distribution partners.
Can lattice-based post-quantum signatures solve MPC custody?
Lattice-based post-quantum signatures may be more MPC-compatible than SPHINCS+, but they are not the conservative institutional default. Threshold ML-DSA and related approaches remain newer, more complex, and less production-validated than classical MPC custody. They also rely on lattice assumptions rather than hash-based assumptions. For institutions that want conservative, hash-based post-quantum assurance, lattice-based MPC is not equivalent to SPHINCS+ custody support.
Can existing blockchains retrofit post-quantum MPC custody support?
Existing blockchains can research post-quantum signatures, but retrofitting post-quantum MPC custody is much harder than adding a new signature opcode. A real migration requires new account models, wallet support, custody integrations, validator/client changes, transaction-size management, migration tooling, and governance acceptance. If the chain adopts SPHINCS+ as a simple replacement signature, it may create a custody architecture where conventional MPC cannot efficiently operate.
How does EternaX support MPC custody with SPHINCS+ compliance?
EternaX separates custody authorization from post-quantum authentication at the chain level. The custody side can remain compatible with distributed authorization models used by institutional MPC providers, while the chain enforces post-quantum transaction validity through a SPHINCS+-aligned authentication layer. This avoids forcing institutions into a false choice between distributed custody and conservative hash-based post-quantum security. The design is native to the settlement rail, not bolted on after launch.
What is EternaX’s performance under post-quantum cryptography?
EternaX is designed to keep post-quantum security compatible with institutional market speed. The architecture targets high-throughput settlement while keeping post-quantum authentication overhead structurally lower than simply placing full SPHINCS+ signatures on every transaction. The key claim is not that post-quantum cryptography is free; it is that PQ performance must be engineered at the settlement-layer architecture level, not retrofitted into chains designed around classical signatures.
What should institutions ask their MPC custody provider about post-quantum risk?
Institutions should ask their MPC provider for a written post-quantum roadmap, supported signature schemes, chain migration assumptions, control-plane protections, HSM strategy, lattice-risk posture, SPHINCS+ support, account-migration plan, and expected customer impact before 2030. The key question is not “Do you use MPC?” The key question is “How will this custody stack authorize and settle assets when classical signatures are no longer acceptable?”
What should tokenized asset issuers, stablecoin issuers, and funds do now?
Issuers should map every signing authority that can move, mint, burn, freeze, upgrade, bridge, redeem, or administer assets. They should classify which keys are classical, which chains expose public keys, which custody providers control workflows, and which assets have no documented post-quantum migration path. New tokenized assets should avoid inheriting quantum debt by default. For long-duration institutional products, post-quantum settlement should become a distribution and risk-management requirement, not a future compliance footnote.
Is post-quantum custody only a security problem?
No. Post-quantum custody is a market-infrastructure problem. The institutions that solve it first can offer safer tokenized funds, stronger stablecoin issuance, more credible collateral rails, and better long-duration settlement guarantees. The institutions that delay may face stranded custody workflows, expensive migrations, counterparty pushback, and weaker distribution in regulated tokenized markets. Post-quantum readiness is not only defensive security; it is a trust and distribution edge.
What is EternaX?
EternaX is post-quantum market infrastructure for stablecoin issuance, tokenized real-world assets, institutional custody workflows, and settlement. It is designed as a PQ-native Layer 1 where post-quantum authentication, institutional performance, and custody-provider compatibility are engineered into the settlement rail from genesis. The core thesis is simple: institutions should not have to choose between MPC-grade operational control and hash-based post-quantum security.
