Module 6

Quantum Threats, Insurance, and Long-Term Planning

Three topics that serious holders rarely plan for until something goes wrong: the quantum timeline (what's real, what's hype), insurance options that actually exist, and what happens to your crypto if you die.

Video Narration: Q3 2026

Video narration arrives Q3 2026. Full written lesson available below.

Quantum Computing: An Honest Assessment

Every few months a headline announces that quantum computers have broken encryption. These headlines are almost always wrong about the specifics. Here is the accurate picture as of early 2026.

Where the technology actually stands

Google's Willow processor, announced in December 2024, achieved 105 physical qubits and demonstrated quantum advantage on a specific benchmark problem. It can solve certain computational tasks faster than classical supercomputers. The task it demonstrated on was intentionally designed for quantum systems; it is not a general-purpose cryptographic attack capability.

Breaking secp256k1 (the elliptic curve used by Bitcoin and Ethereum) requires approximately 1,200 logical qubits. Logical qubits require error correction because physical qubits are noisy and error-prone. Current error correction overhead means each logical qubit needs hundreds to thousands of physical qubits. At today's error rates, you'd need millions of physical qubits to produce 1,200 logical qubits. Google has 105 physical qubits.

Other quantum efforts run on parallel timelines. IBM published its Heron R2 processor in late 2024 at 156 physical qubits, with improved error rates over Google's Willow. Its experimental Condor chip reached 1,121 physical qubits in 2023, but Condor was designed to test scaling rather than to run useful computation. IBM's public roadmap targets a 100,000-qubit architecture (Quantum System Two scaling) by 2033. Microsoft took a different path with Majorana 1, announced February 2025, which uses topological qubits built from a new class of materials Microsoft calls topoconductors. The first Majorana 1 chip has 8 qubits, but the architecture is theoretically more error-resistant than transmon-based approaches. None of these systems is close to the 1,200 logical qubits secp256k1 actually requires.

Google's internal planning target is post-quantum migration readiness by 2029. This refers to Google migrating its own infrastructure to quantum-resistant algorithms, not Google building an attack capability. The honest expert consensus: 10-15 years before a cryptographically relevant quantum computer exists, with substantial uncertainty in both directions.

NIST post-quantum standards (finalized August 2024)

NIST finalized three post-quantum cryptographic standards after a six-year competition involving submissions from cryptographers worldwide:

CRYSTALS-Kyber (ML-KEM)

Key encapsulation and encryption. Replaces RSA and ECDH for key exchange. Lattice-based math that resists both classical and quantum attacks.

CRYSTALS-Dilithium (ML-DSA)

Digital signatures. Replaces ECDSA (which Bitcoin and Ethereum currently use). Trezor Safe 7 with TROPIC01 chip already supports this.

SPHINCS+ (SLH-DSA)

Hash-based digital signatures. More conservative design (relies on hash function security, which is well-understood). Larger signature sizes than Dilithium but no novel mathematical assumptions.

What the blockchain networks are doing

Solana: launched the Quantum-Resistant Vault as opt-in in 2024, using Winternitz one-time signatures for post-quantum security. The trade-off: each address can sign only once, which constrains active wallet use but works cleanly for cold storage.

Ethereum: Vitalik Buterin has written about a phased quantum-resistant upgrade path with account abstraction as the migration vehicle. No firm timeline. The upgrade is technically feasible but requires significant coordination across clients, wallets, and L2s.

Bitcoin: the community has debated approaches (BIP proposals exist for quantum-resistant signature schemes), with no consensus change yet. Old coins with exposed public keys (pay-to-public-key format used in early Bitcoin) are more vulnerable than modern P2WPKH or P2TR addresses, where the public key is hashed and only revealed when the coin moves.

What to actually do right now

Nothing panic-worthy. Keep your keys rotated to modern address formats (avoid reusing addresses with exposed public keys). Watch for upgrade announcements from the blockchains you use. When post-quantum upgrades arrive, migrate early rather than late. If you're buying hardware in 2026, consider devices with post-quantum support built in (Trezor Safe 7). Do not lose sleep over quantum in the near term.

Crypto Insurance

Under 20% of crypto holders have any insurance coverage. The market grew 140% year-over-year in 2025. Several real products exist.

Evertas

Institutional / High-net-worth

Coverage limit: Up to $360 million per policy

Covers: Theft, fraud, unauthorized access, operational failures, private key loss

Does not cover: Price drops, market volatility, voluntary transfers

Lloyd's of London-backed. The largest specialized crypto insurer. Requires institutional-level due diligence and security assessment. Not a retail product.

Canopius

Institutional / Custodian

Coverage limit: Large limits for qualified custodians

Covers: Cyberattacks, unauthorized access, insider theft

Does not cover: Market losses, user errors, voluntary transfer to fraudsters

Lloyd's market syndicate. Primarily used by exchanges and custodians to cover assets they hold on behalf of customers.

Nexus Mutual

Decentralized / DeFi

Coverage limit: Per-protocol, per-wallet coverage

Covers: Smart contract exploits, protocol hacks affecting deposited assets, ~0.5-1% annual premium

Does not cover: Hardware theft, private key loss, price decline

Fully decentralized. Claims assessed by NXM token holders. Annual premium at 0.5-1% of covered amount. Practical for DeFi users with significant protocol exposure.

Coincover

Retail / Wallet-integrated

Coverage limit: Typically $50,000 to $250,000 per integration

Covers: Theft from compromised infrastructure, social engineering, certain seed-loss scenarios depending on integration

Does not cover: User-authorized transfers, market losses, voluntary scams, user error

Available through wallet partnerships (BitGo, Trust Wallet, Bitkey, several others). The closest thing to retail-grade coverage. Limits and exact terms are set by the integrating wallet, not by Coincover directly. Read the partner wallet's policy disclosure before relying on it.

What crypto insurance universally does NOT cover

Price decline or market volatility
Rug pulls (debatable; some policies cover, most exclude)
Keys you personally lost or misplaced
Voluntary transfer to a scammer (you authorized it)
Funds lost through your own error

The GENIUS Act, signed July 2025, applies specifically to stablecoin issuers. It requires 1:1 dollar reserves and audit disclosures for issuers like Circle and PayPal. The bill does not directly mandate insurance for exchanges or custodians broadly. The wider 2025 regulatory direction (FIT21 House passage, OCC custody guidance, SEC SAB 122 supersession of SAB 121) has pushed institutional custodians toward more transparent reserve disclosures and insurance attestations, but no general insurance mandate exists for retail exchanges as of early 2026.

Custodian-held insurance is separate from any policy you carry. Coinbase publicly discloses a $320 million crime insurance policy covering theft of assets they hold institutionally; this protects Coinbase's balance sheet, not your account directly. Gemini discloses comparable Aon-brokered coverage. Custodial insurance does not cover account takeovers caused by your own credential compromise. Read the fine print: most exchange "insurance" language describes the exchange's coverage of itself, not yours.

For individual holders, the practical insurance picture in 2026: Nexus Mutual for DeFi protocol exposure, Coincover via your wallet partner for everyday holdings, and Evertas if your self-custody balance crosses into seven figures and warrants an institutional conversation. Most holders carry no specific policy and rely on operational security as the primary defense. That is an honest stance; it is also one reason the inheritance and multisig sections of this module matter.

Estate Planning for Crypto

When crypto holders die without an estate plan, their assets are often permanently lost. The blockchain cannot distinguish between "holder deceased" and "holder who lost their keys." The coins remain in the wallet indefinitely, inaccessible to anyone.

The core problem

A traditional will becomes a public document after probate. If you list your seed phrase in your will, anyone who requests the probate record gets your seed phrase. The solution requires separating the legal document (the will) from the access credentials (the seed phrase), while ensuring the right people can find and use both.

The heir documentation packet

Even with the right legal structure, your heirs need an operations manual. Most non-technical heirs have never used a hardware wallet. They don't know what a seed phrase looks like, what a derivation path is, or how a multisig coordinator works. Build the packet while you're alive and keep it current.

Asset inventory: every wallet, every chain, approximate balance, the device or service that controls it. Update annually with a dated revision note.
Location guide: where each device is physically stored, where each backup lives, who has co-signing authority on multisig setups, what room and what container.
Executor letter: written to a specific named person explaining what they are inheriting, what to do first, and which advisor to call (your attorney, your CPA who handles crypto, your hardware wallet vendor support contact).
Recovery checklist: step-by-step for the most likely path. If you use a Trezor with SLIP-39, write out the exact reassembly procedure with screenshots from the current firmware version. Assume the heir has never seen the device.
Tax basis records: the wallet-by-wallet cost basis records you keep under Rev. Proc. 2024-28 (covered in Module 5). Heirs need these to file accurately, and the IRS audits inherited crypto frequently.
Glossary: a short plain-language glossary of seed phrase, private key, derivation path, multisig, hardware wallet, hot wallet. Two pages, not a textbook.

Store the packet in the same sealed location as your access credentials. Update it once a year, in the same review window you use for hardware verification. Date the version. Outdated instructions cause more inheritance failures than missing instructions.

Practical approaches

Sealed letter with a lawyer

Your will references a sealed envelope held by your lawyer. The envelope contains step-by-step instructions for accessing your crypto, including the location of your seed phrase backup (not the seed phrase itself in the letter). The lawyer delivers it after death. This keeps the access instructions private while ensuring trusted parties can find them.

SLIP-39 Shamir distribution to family

Use Trezor's SLIP-39 implementation to split your seed into shares. Distribute shares to trusted family members or institutional custodians. 3-of-5 means your family needs to coordinate to access the funds - no single person can drain the wallet unilaterally, and no single death eliminates access. Include clear written instructions explaining what SLIP-39 is and how to reconstruct.

Casa Inheritance Plan

Casa offers a dedicated inheritance feature on top of their multi-key custody. You designate heirs, complete identity verification with Casa's team, and Casa retains a recovery key. After death, your heirs initiate the process; Casa verifies the request through obituary records and identity checks, then facilitates the multi-key recovery. As of 2026 it sits in the Premier tier (around $250 to $300 per month). Built specifically for the inheritance use case and includes legal documentation templates.

Unchained Capital Collaborative Custody Inheritance

Unchained's vault product is a 2-of-3 multisig where you hold two keys and Unchained holds one. Their inheritance add-on, available on the Premium tier, lets you designate beneficiaries who can claim Unchained's key after your death. Combined with the heir locating your two keys via your documentation packet, the multisig reconstructs. Pricing carries forward from prior coverage at $250 per year base plus 0.50% per trade, with the inheritance feature on Premium plans only. Re-verify on unchained.com before relying on the figure.

Revocable digital asset trust

A revocable trust keeps asset details private (unlike a will that goes through probate). The trust document can reference crypto without listing credentials. A trusted trustee named in the trust has access to a sealed document with the seed phrase location. Legal fees are higher than a simple will but the privacy protection is significant for large holdings.

Dead-man scenarios and proof-of-life

A dead-man switch triggers when you stop checking in. The pattern: you confirm "still alive" through some action (a periodic transaction, a scheduled login, a check-in with a service). If the confirmation lapses for a defined period, your designated heirs receive access instructions or a counterparty releases a key.

Casa's inheritance protocol uses a service-mediated version: their team verifies the request through obituary documentation and identity checks before releasing recovery keys. Sarcophagus is a fully on-chain alternative built on Arweave, where encrypted instructions release automatically after a configured proof-of-life timeout signed against an Ethereum address. Each path has trade-offs: service-mediated approaches add a counterparty but reduce false-trigger risk and offer human review; fully on-chain approaches eliminate the counterparty but require flawless setup and tolerate no clock drift if you happen to be alive but unable to sign.

For most holders, the simpler answer is annual coordination with your attorney and your designated executor. You confirm in writing each year that you're alive, that the documentation packet location has not changed, and that your heir contacts are still correct. A signed letter to your attorney, dated, repeated every year. Quiet, manual, reliable, no on-chain dependency.

Long-Term Storage Strategies

For holdings you won't touch for months or years, the security requirements are different from active trading wallets.

Multisig setups

Multisig (multi-signature) requires multiple private keys to authorize a transaction. A 2-of-3 setup requires any 2 of 3 keys to sign. A 3-of-5 requires any 3 of 5. No single key compromise drains the wallet.

2-of-3 multisig

Individual high-value holding. Keys stored: one on hardware wallet (home), one with a lawyer, one safety deposit box. Any two authorize. One compromise is insufficient.

3-of-5 multisig

Family or small fund treasury. Keys distributed across individuals. Requires coordination to transact, but protects against individual death or compromise. Used by many DAOs and crypto funds.

Setting up multisig at home: Sparrow Wallet is the open-source standard for self-custody multisig on Bitcoin. It coordinates signatures across multiple hardware wallets without requiring a third-party service. Specter Desktop is the primary alternative. Both are free, audited, and integrate with Trezor, Ledger, and Coldcard. Setup takes a few hours including verification on each device. The complexity is real but appropriate for high-value cold storage where the alternative is a single point of failure.

Singlesig versus multisig for heirs is a genuine trade-off. Singlesig with a strong SLIP-39 share distribution is simpler for a non-technical heir to reassemble. Multisig adds protection against any single key compromise but requires the heir to coordinate multiple parties and use a multisig coordinator tool such as Sparrow or Specter. If your heirs are technical or you can pair multisig with a service like Casa or Unchained, multisig wins. If your heirs are non-technical and self-recovery is the only path, a well-documented singlesig with SLIP-39 plus sealed instructions may serve them better than a multisig they cannot operate. Match the structure to the people who will actually inherit, not to your own technical preferences.

Annual verification

Cold storage is "set and forget" in one sense, but not in another. Hardware wallets can fail. Seed phrase backups stored in locations you don't visit can be moved, damaged, or forgotten. Once a year:

Power on your hardware wallet and verify it still works, the PIN still works, and the device hasn't been tampered with.
Verify your seed phrase backup is intact and in the location you recorded. Don't read it out loud; just confirm it exists and is readable.
Send a small test transaction to confirm the wallet signs correctly.
Review your multisig configuration if applicable - verify all co-signers and their keys are still accessible.
Update your estate plan documentation if anything has changed (new accounts, new devices, changed storage locations).

Knowledge Check

Module 6 - 8 questions

Google's Willow processor, announced in 2024, achieved 105 qubits. How many logical qubits are estimated to be needed to break secp256k1 encryption?

NIST finalized its post-quantum cryptographic standards in August 2024. Which algorithm was standardized for digital signatures (replacing ECDSA)?

Evertas is the primary institutional crypto insurance provider. What is the maximum coverage available per policy?

Nexus Mutual provides decentralized insurance for DeFi. What does it primarily cover?

What is the primary challenge of including crypto assets in a traditional will?

What does 'harvest now, decrypt later' mean for crypto, and should you be concerned today?

What is the most reliable structure for ensuring a non-technical heir can actually access inherited crypto?

As of 2026, which statement about the quantum threat to cryptocurrency is accurate?