About this project

We check wallets.
We don't judge.

A practical tool for understanding quantum computing risk to Ethereum and Bitcoin wallets — no wallet connection, no private keys, just public on-chain data.

Why we built this

We got tired of reading academic papers about quantum risk without a simple tool to check our own wallets. The threat is real, the math is settled — but nobody had made it easy to see whether your specific address is exposed.

yourwalletiscooked.com is an independent research tool. The domain name is a joke. The underlying cryptography is not.

The quantum threat, briefly

Ethereum and Bitcoin both use secp256k1 — an elliptic curve cryptographic scheme. Your private key is a 256-bit integer. Your public key is derived from it via elliptic curve multiplication. That derivation is one-way on classical computers: trivial to compute forward, computationally infeasible to reverse.

Shor's algorithm, running on a sufficiently large quantum computer, breaks this assumption. It can solve the discrete logarithm problem in polynomial time. Estimates put the required scale at roughly 4,000 error-corrected logical qubits — likely achievable sometime between 2030 and 2040.

The catch: your public key must be known for the attack to work. Every time you send a transaction, your full public key is permanently published on-chain. That's the exposure this tool checks for.

How the checker works

We query the Etherscan API for your address's transaction history. The logic is straightforward:

If your address has ever sent a transaction (outbound tx count > 0), your public key is on-chain. If it's on-chain and you hold a balance, you're in the vulnerable category. Smart contracts are identified and reported separately — the quantum risk only applies to externally owned accounts (EOAs) because only EOAs sign transactions with secp256k1 keys.

Results are cached in a local SQLite database to reduce Etherscan API calls. The cache has a configurable TTL; balance data is refreshed more aggressively than exposure data (which is permanent once exposed).

Privacy

We never ask for your private key, seed phrase, or any form of wallet connection. We only ever look up your public address — which is, by definition, already public and permanently on the blockchain.

No tracking scripts. No third-party analytics. Server access logs record the IP address and requested URL path for rate limiting and debugging; wallet addresses in API request paths appear in these logs. Logs are not shared with third parties and are rotated regularly.

The API (coming soon)

We're building a developer API that exposes quantum exposure data programmatically. Planned features include single-address lookups, batch address checking, portfolio-level exposure summaries, and webhook alerts when a watched address changes exposure status.