Every major crypto exchange generates your deposit address the same way. A public key sits on a hot server. It derives fresh addresses for every user, every deposit, every top-up. The private signing key stays locked in cold storage, offline, untouched. This separation is the backbone of exchange security, and it has worked since BIP32 standardized hierarchical deterministic wallets over a decade ago.
It will not survive the shift to post-quantum cryptography.
Project Eleven, a post-quantum cryptography startup founded in 2024 and backed by Coinbase Ventures and Castle Island Ventures, released a prototype wallet on March 9 that restores this critical capability under quantum-resistant signature schemes. The timing matters: NIST has already finalized ML-DSA, the digital signature standard that replaces the elliptic curve cryptography underpinning every wallet in the industry.
BIP32 Breaks Under Quantum-Resistant Signatures
The problem is not hypothetical. It is architectural.
BIP32 wallets use a property called non-hardened key derivation. A parent public key can generate child public keys, and those child keys can generate addresses, all without the private key ever participating. This is why exchanges can spin up millions of deposit addresses on internet-facing servers while keeping signing keys in air-gapped cold storage.
Under ML-DSA and other post-quantum signature schemes, non-hardened derivation disappears. The mathematical relationship that lets a public key alone produce child keys does not hold in lattice-based cryptography the way it does in elliptic curve systems.
"Any system that needs to generate fresh receiving addresses, exchanges, payment processors, custodial services, can no longer do so from a public key alone," Conor Deegan, CTO and co-founder of Project Eleven, told Decrypt.
That means every exchange, every custodial wallet, every payment processor that generates deposit addresses would need the private key to participate in address derivation. The private key would need to come out of cold storage. The security model that has protected billions of dollars in user funds would collapse.
What Project Eleven Actually Built
Project Eleven's prototype operates at the wallet layer, not the protocol layer. The research, published on the IACR cryptographic archive, demonstrates that non-hardened key derivation can be reconstructed using quantum-resistant mathematical techniques.
The practical result: exchanges could continue generating deposit addresses from public keys on hot servers while keeping private keys offline, even after migrating to post-quantum signature schemes. No fundamental change to how exchanges operate. No private key exposure during routine operations.
This matters because the alternative is grim. Without a wallet-layer solution, exchanges would face two options: either bring private keys online (destroying the security model) or redesign their entire deposit infrastructure from scratch (a multi-year engineering effort during which they remain vulnerable).
Project Eleven's approach sidesteps both. It preserves the existing operational model while swapping the underlying cryptography.
Ethereum Can Adopt This Now, Bitcoin Cannot
The implementation paths diverge sharply by chain.
On Ethereum, account abstraction already provides the flexibility to integrate quantum-resistant key derivation without any protocol-level changes. Smart contract wallets can incorporate new signature schemes at the application layer. An exchange running on Ethereum could, in theory, begin migrating its deposit address generation to post-quantum schemes using Project Eleven's approach today.
Bitcoin is a different story. The protocol itself needs to be upgraded before ML-DSA or similar schemes can be deployed. Bitcoin's scripting language does not currently support the operations required for lattice-based signatures. Any migration on Bitcoin requires consensus-level changes, which historically take years of debate, development, and activation.
This creates an asymmetry. Ethereum-based exchanges and self-custody wallets could begin hardening against quantum threats while Bitcoin infrastructure remains exposed. For users who hold funds on exchanges that support both chains, the security posture of their Bitcoin deposits and their Ethereum deposits may diverge significantly during the transition period.
The Deposit Address Problem Is a Card Problem Too
Every crypto card that lets you top up from an exchange balance depends on the same address generation infrastructure. When you send USDC from Coinbase to fund your card, or move USDT from Binance to a prepaid wallet, the deposit address you send to was generated by a BIP32-derived public key sitting on a hot server.
If that derivation mechanism breaks, the entire top-up pipeline breaks with it. Card issuers that rely on exchange custody, which includes every custodial card on the market, inherit this vulnerability by default.
Self-custody card providers face a different version of the same problem. Wallets like MetaMask and Ledger also use hierarchical deterministic key derivation. When you generate a new receiving address in your hardware wallet, you are using the same BIP32 mechanism that Project Eleven's research addresses. The quantum threat does not discriminate between custodial and non-custodial architectures.
The difference is timeline. Ethereum-based self-custody wallets can potentially migrate faster through account abstraction. Bitcoin-only wallets and exchanges are constrained by protocol upgrade timelines that no single company controls.
Coinbase Ventures Backing Signals Urgency
Coinbase is not investing in Project Eleven as a speculative bet on distant quantum computing breakthroughs. Coinbase runs one of the largest deposit address generation systems in crypto. Every user who deposits funds gets a unique address derived from a master public key using exactly the BIP32 scheme that ML-DSA breaks.
Castle Island Ventures, the other named backer, is a crypto-focused fund that has historically invested in infrastructure plays with near-term commercial application. Their participation suggests Project Eleven's wallet-layer approach is closer to production readiness than the typical academic cryptography project.
NIST's finalization of ML-DSA removed the "if" from the post-quantum migration. The remaining questions are "when" and "how." Project Eleven is answering the "how" for the specific piece of infrastructure that matters most to exchanges: deposit address generation.
For context, our earlier coverage of PsiQuantum's million-qubit quantum facility in Chicago explored the timeline question from the hardware side. Project Eleven's work tackles the software side of the same problem. Both pieces fit the same picture: the industry is preparing, not panicking, but the preparation is now backed by real engineering and real capital.
FAQ
What is non-hardened key derivation and why does it matter? Non-hardened key derivation lets a public key generate child public keys without the private key participating. This is how exchanges create millions of unique deposit addresses while keeping signing keys in cold storage. Post-quantum signature schemes like ML-DSA break this capability.
Does this mean quantum computers can already steal crypto? No. Current quantum computers cannot break the elliptic curve cryptography protecting crypto wallets. The threat is forward-looking: when sufficiently powerful quantum machines exist, today's key derivation methods will be vulnerable. The point of Project Eleven's research is to have solutions ready before that happens.
Which exchanges are affected? Every exchange that uses BIP32 hierarchical deterministic wallets, which includes Coinbase, Binance, and effectively every major platform. The vulnerability is in the standard itself, not in any specific exchange's implementation.
Do I need to do anything right now? No immediate action is required for individual users. This is an infrastructure-level problem that exchanges and wallet providers need to solve. The research from Project Eleven suggests solutions exist and are being actively developed. Monitor whether your exchange or wallet provider has announced post-quantum migration plans.
Overview
Project Eleven, backed by Coinbase Ventures and Castle Island Ventures, released a prototype wallet demonstrating that quantum-resistant key derivation can preserve the security model exchanges depend on. Current BIP32 hierarchical deterministic wallets break under NIST's finalized ML-DSA post-quantum signature standard because non-hardened key derivation, the mechanism that lets exchanges generate deposit addresses without exposing private keys, does not work with lattice-based cryptography. Project Eleven's wallet-layer solution restores this capability without requiring protocol changes on Ethereum (via account abstraction), though Bitcoin still needs a protocol upgrade. The research affects every custodial exchange, every self-custody wallet, and every crypto card that depends on exchange deposit infrastructure for top-ups.
Recommended Reading
- What Happens in the 2 Seconds After You Tap a Crypto Card
- Construction Begins at a Quantum Facility Big Enough to Break Bitcoin, and PsiQuantum Says It Has No Plans To
- Google Uncovers Coruna, a Spy-Grade iOS Exploit Kit That Steals Crypto Wallets From Older iPhones
