Exchange & Custody Migration Playbook

How centralized exchanges and institutional custodians can implement dual signatures, upgrade HSMs, and protect client assets before Q-Day. Timeline: 12–24 months.

Why This Matters Now

Since 2022, over $7 billion in cryptocurrency has been stolen—with nearly 70% from infrastructure attacks where private keys or seed phrases were compromised. The Federal Reserve warns that “harvest now, decrypt later” attacks are already active: adversaries collect encrypted data today, waiting for quantum computers to break it. Exchanges and custodians hold concentrated targets. The time to upgrade is before Q-Day, not after.

The Threat Landscape

Cryptocurrency exchanges and custody providers face a unique quantum threat profile. Unlike individual wallets, institutional custodians aggregate billions in assets behind relatively few key management systems—creating high-value targets that justify sophisticated, patient attacks.

$7B+

Stolen since 2022 (TRM Labs)

70%

From key/seed compromise

$2.2B

Stolen in 2024 alone

A September 2025 Federal Reserve paper titled “Harvest Now, Decrypt Later” analyzes this threat directly. The researchers warn that adversaries are already harvesting encrypted blockchain data—including transaction signatures that reveal public keys—with plans to decrypt it once quantum computers mature. For exchanges, this means:

Hot wallet signatures are permanently recorded on-chain, exposing public keys
Cold storage transfers during routine operations create harvestable data
Historical transactions cannot be retroactively protected—only future operations can use PQC
Client trust depends on proactive security posture, not reactive breach response

The February 2025 Bybit Incident

A $1.5 billion Ethereum theft occurred during an on-chain transfer from cold to warm wallet—demonstrating that even “cold storage” procedures can be compromised if signing processes or keys are exposed. Quantum computers would make such attacks trivially reproducible across any exchange with harvestable signatures.

Current Custody Architecture

Modern institutional custody relies on layered security combining cold storage, hot wallets, and increasingly, Multi-Party Computation (MPC). Understanding these components is essential for planning PQC migration:

Component	Function	Quantum Exposure
Cold Storage	Offline HSMs holding 95%+ of assets	Low (signatures only during transfers)
Warm Wallets	Intermediate staging for scheduled operations	Medium (periodic signature exposure)
Hot Wallets	Online wallets for immediate liquidity (1–5% of assets)	High (frequent signatures recorded on-chain)
MPC Infrastructure	Distributed key shares across multiple parties	Variable (depends on underlying signature algorithm)
HSM Clusters	Hardware-protected key generation and signing	Upgradeable (firmware-based PQC now available)

MPC is an implementation strategy, not a signature algorithm. This distinction matters: MPC distributes key shares to eliminate single points of failure, but the underlying cryptographic operations (ECDSA, EdDSA) remain quantum-vulnerable. The good news is that MPC architecture can adopt PQC algorithms without fundamental re-architecture—the distributed signing model works with any signature scheme.

HSM Post-Quantum Readiness

The major HSM vendors have moved beyond roadmaps to production-ready PQC support. As of late 2025, NIST-standardized algorithms (ML-DSA, ML-KEM) are available in enterprise HSMs:

Vendor	Product	PQC Algorithms	Status
Thales	Luna HSM v7.9	ML-DSA (FIPS 204), ML-KEM (FIPS 203), LMS/HSS	Production (July 2025)
Entrust	nShield HSMs	ML-DSA (FIPS 204), ML-KEM (FIPS 203)	Production (May 2025)
Utimaco	u.trust GP HSM Se-Series	ML-DSA, ML-KEM, LMS/XMSS (stateful)	Production
Crypto4A	QxHSM	ML-DSA, ML-KEM, XMSS	Production (quantum-safe native)
wolfSSL	wolfHSM	ML-KEM, ML-DSA, Falcon, LMS/XMSS	Production

Thales Luna HSM v7.9 Details

Luna HSM v7.9 delivers native ML-DSA and ML-KEM support integrated into core firmware—no external functionality modules required. The release has been validated by a partner ecosystem including DigiCert, Keyfactor, and EVERTRUST for PKI and certificate issuance. Thales co-authored the FALCON algorithm selected by NIST and participates in NIST’s NCCoE Migration to PQC Project.

Key considerations for HSM upgrades:

Signature size impact: ML-DSA-65 signatures are approximately 3,300 bytes vs. 64 bytes for ECDSA—50× larger. Plan for storage and bandwidth increases.
Performance overhead: PQC operations are slower than classical algorithms. Benchmark your specific workload before production deployment.
Firmware update process: Thales Luna updates via LunaCM or Luna Shell, requiring reboot. Schedule maintenance windows accordingly.
Custom functionality modules: Pre-built FMs for ML-DSA/ML-KEM work for standard use. Custom FMs (e.g., hybrid RSA+ML-DSA) require 4–6 weeks for Thales signing/deployment.

MPC Infrastructure and PQC

Multi-Party Computation has become the de facto standard for institutional digital asset custody, with major providers including Fireblocks (securing over $4 trillion in annual transfers), BitGo, and Copper. In August 2025, Fireblocks coordinated a cross-industry letter urging NIST to accelerate MPC standardization—recognizing the technology’s critical role in the quantum transition.

MPC Provider	Institutional Clients	Key Features
Fireblocks	1,800+ (incl. BNY Mellon, Revolut)	MPC-CMP protocol, policy engine, $4T+ annual transfers
BitGo	Thousands (incl. Kraken, ETF providers)	$250M insurance, qualified custody, MiCA licensed
Copper	Enterprise & institutional	In-custody trading network, geographic distribution
Coinbase Custody	Institutions (8 of 10 public BTC holders)	MPC library open-sourced (March 2025), SOC 2 Type II
Anchorage Digital	Federal & institutional	OCC-chartered digital asset bank

Why MPC enables smoother PQC migration:

Algorithm-agnostic architecture: MPC is an implementation strategy that can upgrade underlying signature schemes. NIST’s threshold cryptography program explicitly considers PQC-readiness.
No single key to migrate: Key shares can be refreshed with PQC-protected communications without reconstructing the full private key.
Policy engine preservation: Approval workflows, transaction limits, and governance rules remain intact during cryptographic upgrades.
Hybrid deployment: Run classical and PQC signature schemes in parallel during transition periods.

MPC Does Not Solve the Signature Problem

MPC eliminates single points of failure in key storage, but the final signature produced is still ECDSA or EdDSA—broken by Shor’s algorithm. MPC custody providers must upgrade to PQC signature schemes (ML-DSA, FALCON) to achieve quantum resistance. The architecture makes this upgrade possible; it doesn’t make it unnecessary.

Dual Signature Strategy

The recommended transition approach for exchanges is dual signatures—signing transactions with both classical (ECDSA) and post-quantum (ML-DSA or FALCON) algorithms during the migration period. This provides defense-in-depth while maintaining backward compatibility.

Phase	Classical Signature	PQC Signature	Validation Rule
Phase 1: Shadow	Required	Generated but not required	Classical only (PQC logged)
Phase 2: Hybrid	Required	Required	Both must validate
Phase 3: PQC-Primary	Optional (backward compat)	Required	PQC required; classical accepted
Phase 4: PQC-Only	Deprecated	Required	PQC only

Implementation considerations:

Transaction size increase: Dual signatures approximately double payload size. For ML-DSA-65 + ECDSA, expect ~3,400 bytes vs. ~64 bytes for ECDSA alone.
Fee implications: Larger transactions may increase blockchain fees. Model costs before rollout.
Client SDK updates: Withdrawal APIs, signing libraries, and verification code must support dual signatures.
Audit logging: Log both signatures with timestamps for compliance and forensic analysis.

Regulatory Compliance

Exchanges operating in regulated jurisdictions face explicit cybersecurity and custody requirements. The New York Department of Financial Services (NYDFS) 23 NYCRR Part 500 is the most prescriptive framework, with final requirements taking effect November 1, 2025:

Requirement	NYDFS Rule	PQC Relevance
MFA for All Systems	§ 500.12 (Nov 2025)	PQC-protected MFA recommended for long-term security
Asset Inventory	§ 500.13 (Nov 2025)	Include cryptographic algorithm inventory (CBOM)
Third-Party Risk	§ 500.11	Assess custody provider PQC roadmaps
Incident Response	§ 500.16	24-hour notification for cyber extortion; plan for quantum-enabled attacks
CISO Reporting	§ 500.4	Board-level quantum risk briefings

On September 30, 2025, NYDFS updated custody guidance for virtual currency entities, emphasizing segregation of customer assets, clear disclosures, and sub-custodian oversight. The same day, the SEC issued a no-action letter clarifying that state trust companies can serve as qualified custodians for digital assets held by investment funds.

Compliance Stakes

NYDFS penalties can reach $2,500 per day per violation under NY Banking Law. In 2022, Robinhood Crypto paid $30 million to settle NYDFS charges for AML and cybersecurity deficiencies. In 2025, a cryptocurrency company paid $2 million for Part 500 violations including inadequate asset inventory. Proactive PQC migration demonstrates security posture to regulators.

Migration Timeline: 12–24 Months

A realistic exchange PQC migration spans 12–24 months, depending on infrastructure complexity, regulatory requirements, and client base size.

Phase	Timeline	Key Activities
Phase 1: Assessment	Months 1–3	Cryptographic inventory (CBOM), HSM audit, MPC provider review, regulatory gap analysis
Phase 2: Planning	Months 3–6	Algorithm selection, vendor procurement, dual-signature architecture design, client communication plan
Phase 3: Development	Months 6–12	HSM firmware upgrades, API updates, SDK modifications, internal testing
Phase 4: Pilot	Months 12–15	Shadow mode deployment, institutional client pilots, performance monitoring
Phase 5: Rollout	Months 15–21	Phased client migration, dual-signature enforcement, legacy deprecation timeline
Phase 6: Optimization	Months 21–24	Performance tuning, cost optimization, documentation, audit preparation

Migration Checklist

Use this checklist to track progress across the migration lifecycle:

Phase 1: Assessment & Inventory

☐ Create Cryptographic Bill of Materials (CBOM) for all systems

☐ Inventory HSM models, firmware versions, and PQC upgrade paths

☐ Assess MPC provider PQC roadmaps and timelines

☐ Document all signature types: hot wallet, cold storage, API signing, TLS certificates

☐ Identify regulatory requirements by jurisdiction (NYDFS, MiCA, etc.)

☐ Estimate key exposure: percentage of assets with on-chain signature history

Phase 2: Planning & Design

☐ Select PQC algorithms: ML-DSA (general) vs. FALCON (size-constrained)

☐ Design dual-signature transaction format and validation rules

☐ Procure HSM firmware upgrades (Thales v7.9, Entrust nShield, etc.)

☐ Coordinate with MPC provider on threshold signature scheme updates

☐ Plan client SDK updates and migration communication

☐ Establish rollback procedures for each migration phase

Phase 3: Implementation

☐ Upgrade HSM firmware with maintenance window scheduling

☐ Generate new PQC key pairs alongside existing classical keys

☐ Implement dual-signature APIs for deposits, withdrawals, and internal transfers

☐ Update TLS certificates to hybrid (classical + PQC) where supported

☐ Conduct security audits on PQC implementation

☐ Stress test performance under production load

Phase 4: Deployment & Monitoring

☐ Deploy shadow mode: generate PQC signatures, log but don’t enforce

☐ Pilot with institutional clients; gather feedback on SDK integration

☐ Monitor signature verification times and transaction throughput

☐ Enable hybrid enforcement: both signatures required

☐ Communicate deprecation timeline for classical-only paths

☐ Document all changes for regulatory audit trail

Cost Considerations

PQC migration involves direct costs (hardware, software, labor) and operational impacts (performance, transaction fees). Budget planning should account for:

Cost Category	Typical Range	Notes
HSM Firmware Upgrades	$10K–$50K per cluster	May be included in support contract; check vendor terms
MPC Provider Upgrades	Varies by provider	Some providers include PQC in roadmap; others may charge
Development Labor	$200K–$1M+	Depends on system complexity and team size
Security Audits	$50K–$200K	Third-party PQC implementation review
Increased Transaction Fees	Variable	Larger signatures = higher on-chain costs
Client Migration Support	$50K–$150K	SDK documentation, integration assistance

QRC Scoring Integration

Exchange and custody PQC migration directly impacts multiple QRC scoring components:

QRC Component	Weight	Exchange Actions
Signature Resistance	35%	Deploy ML-DSA/FALCON for hot and cold wallet signing
Key Protection	15%	Minimize on-chain signature exposure; rotate to fresh PQC keys
Crypto-Agility	12%	MPC architecture enables algorithm upgrades without key reconstruction
Operational Mitigations	7%	HSM upgrades, key rotation policies, dual-signature enforcement

Additional Resources

Explore related playbooks for comprehensive migration planning:

Layer-1 / Base Chain Playbook – Core protocol upgrades for Bitcoin, Ethereum, and independent blockchains
Layer-2 Solutions Playbook – Optimistic rollups, ZK-rollups, and bridge security
Smart Contract Platform Playbook – EVM signature verification and gas cost modeling
Wallets & SDKs Playbook – Self-custody key management and developer tooling
All Migration Playbooks – Overview and archetype selection guide

Assess Your Exchange’s Quantum Readiness

See how 49 cryptocurrencies score on quantum resistance, and explore the methodology behind institutional custody assessments.

View Rankings

Read Methodology

Last updated: December 4, 2025 | View Sources