Your dormant ECDSA addresses are not safe. Here’s why.
The intuition that an unused address is a safe address breaks the moment a CRQC arrives. The math is unforgiving and the remediation surface is narrower than you think.
There is a comforting intuition that runs through every wallet docs page, every cold-storage tutorial, every bridge architecture review: once you stop using an address, it is safe. The address ages out, the funds sit there, and as long as you never sign anything else from it, no one can touch it. This intuition is correct under the threat model that has dominated cryptocurrency since 2009 — that is, an adversary armed with classical compute, looking at the public ledger. It will be flatly wrong the moment a cryptographically relevant quantum computer (CRQC) ships.
The reveal happens at signing time.
Bitcoin, every EVM chain, Solana, Move chains — all of them work the same way for ECDSA-class signatures. Your address is a hash of a public key. Until you sign a transaction, your public key is private; only you and your wallet have ever seen it. The first time you sign, the public key is published on-chain forever. From that moment forward, anyone can trace from your address to your public key, and your public key is now a permanent piece of public data.
Under classical compute, this is fine — recovering a private key from a public key is the entire definition of "computationally infeasible." Under a CRQC running Shor’s algorithm, it is recoverable in polynomial time. Every public key that has ever been published becomes a permanent target for a future CRQC. Including the public keys of your dormant addresses.
What that looks like in practice.
Audit any treasury that has been moving funds for more than three years and you will find the same pattern: 80–90% of the addresses are perfectly safe (they have never signed; their public key has never been revealed; if a CRQC ships tomorrow, the funds still need a brute-force address-to-pubkey crack which is not what Shor solves). The other 10–20% are permanently exposed. Once revealed, the public key cannot be un-published. The funds cannot be moved without re-signing. And re-signing under a CRQC threat is a race condition you do not want to be running.
Why bridges are worse.
If you operate a multi-sig or a bridge with a known signer set, the public keys of every signer are already on-chain. There is no dormant period. The harvest is already complete; the only question is whether you have a migration path before the decryption hardware arrives. The only available migration path on EVM right now is account-abstraction-based, and it is not free.
What we sign at the end.
Every QorTrace Labs Smart-Contract PQC Audit produces a per-address harvest-exposure score, ranks your top-100 most-exposed addresses, and provides a concrete migration path (typically AA + hybrid sigverify via EIP-7702 or ERC-4337). The deliverable is a public, embeddable Audit Certificate, signed by our methodology key, verifiable on the QorTrace registry. See the full service →