exchange token
LEO Token LEO
LEO Token scores 3/100 (Stage 0: Unassessed / No Evidence). LEO is a standard ERC-20 utility token with dual issuance on Ethereum and Vaulta (formerly EOS), inheriting all quantum vulnerabilities of both classical ECC-based host chains. The project has published no cryptographic inventory, no quantum threat model, no risk assessment, no migration roadmap, and no PQ prototype or testnet. All production spend authorization, admin key control, and cross-chain bridge paths remain entirely ECC-dependent. The only positive credit (3 points in Algorithm & Implementation Assurance) reflects the open-source, verified contract code on Etherscan — a baseline transparency property that does not indicate any quantum readiness. Bitfinex has published general educational content about quantum computing risks but has not applied this to LEO specifically. The fully diluted valuation across both chains represents material long-exposure quantum-vulnerable value with no migration, freeze, or recovery path. Token admin keys with mint/burn/upgrade authority introduce an additional quantum-critical attack surface beyond standard holder risk. The QRI Score is capped at 5 by Stage 0 (no quantum work performed) and further constrained by the Factor Score of 3.00.
Not AssessedToken Inheritance — EthereumToken Inheritance — Vaulta/EOSCentralized Admin KeysCentralized Bridge DependencyLong-Exposure Value-at-Risk
Category breakdown
QRI Factors
Algorithm & Implementation Assurance
3 / 20
Migration Mechanism, Governance & Ecosystem Coordination
0 / 15
Migration Status & Value-at-Risk
0 / 25
Production Cryptographic Protection
0 / 35
Security Assessment & Evidence Preparedness
0 / 5
Critical Quantum Blockers
- No public cryptographic inventory — project has not published any quantum threat model, affected-asset inventory, or risk assessment (Readiness & Risk Cap: 10)
- Active production spend authorization is entirely ECC-based — LEO inherits Ethereum secp256k1 ECDSA and Vaulta/EOS classical ECC for all transaction signatures (Readiness & Risk Cap: 40)
- Material long-exposure quantum-vulnerable value exists with no migration, freeze, deprecation, burn, recovery, or policy path (Readiness & Risk Cap: 55)
- Token admin keys (controller address with mint/burn/upgrade authority) are quantum-vulnerable via host-chain ECDSA; controller address public-key exposure status is unverified
- Centralized Bitfinex bridge between Ethereum and Vaulta preserves classical ownership paths on both ends with no PQ migration plan
Key Risks
- All LEO token transfers and approvals rely on Ethereum secp256k1 ECDSA signatures, which are breakable by Shor's algorithm on a cryptographically relevant quantum computer.
- LEO holdings on Vaulta/EOS rely on the Vaulta chain's classical ECC, which is similarly quantum-vulnerable.
- The LEO ERC-20 contract's admin functions (generateTokens, destroyTokens, changeController) are controlled by an Ethereum address secured by classical ECDSA. If the controller's public key is exposed on-chain, a quantum adversary could seize unlimited minting and token-destruction authority.
- Bitfinex's centralized conversion bridge between Ethereum (ERC-20) and Vaulta LEO representations relies on internal custody infrastructure with no publicly verifiable post-quantum controls. A compromise of either chain's ECC or Bitfinex's custody keys could enable theft across both representations.
- Long-exposure risk: Ethereum EOAs that have transacted LEO have exposed their public keys on-chain, making them vulnerable to offline quantum key-recovery attacks with no time constraint.
- No evidence that Bitfinex or iFinex has commissioned any quantum-specific security audit, cryptographic inventory, or migration feasibility study for LEO.
- Dormant or lost LEO holdings cannot practically migrate even if a migration path were created, and no salvage/deprecation policy exists to address unmigratable quantum-vulnerable value.
Assurance Notes
- 2019 Callisto Security audit of the LEO ERC-20 contract is stale (7 years old) and does not assess quantum resistance; it confirms classical centralized control structure but provides no quantum assurance.
- Bitfinex has published general educational blog posts about quantum computing threats (October 2025, November 2025, February 2026) but none constitute a LEO-specific cryptographic inventory, quantum risk assessment, or migration plan.
- No source code repository was identified beyond the verified Etherscan contract; no formal specification or protocol documentation exists for LEO's cryptographic design.
- The controller address public-key exposure status is not publicly verifiable — if the controller EOA has made outgoing transactions, its public key is exposed and vulnerable to quantum key-recovery attacks against token admin functions.
- Bitfinex's centralized bridge between Ethereum and Vaulta representations relies on internal custody controls that are not publicly verifiable as post-quantum secure.
- No formal quantum-specific incident-response playbook, performance benchmarks, or exchange/custody migration attestations exist for LEO.
Non-Scoring Caveats
- 2019 Callisto audit is stale and not quantum-focused but confirms classical implementation; this is an assurance-only caveat under QRI §6.4 — audit age alone does not reduce the QRI Score since the quantum-vulnerable design is independently verifiable from public code and blockchain data.
- Bitfinex educational blog posts about quantum computing (2025–2026) demonstrate corporate awareness but do not constitute a LEO-specific risk assessment or migration plan.
- No formal quantum-specific incident-response playbook exists; this is an operational/product caveat under QRI §6.5 that does not independently reduce the QRI Score.
- No formal performance/resource benchmark exists for any PQ migration; this is an operational/product caveat.
- The Vaulta/EOS-to-Vaulta/$A rebranding (May 2025) is a token-symbol change, not a cryptographic migration, and does not affect quantum readiness.
- Exact current total supply split and value-at-risk distribution between Ethereum ERC-20 and Vaulta representations is not publicly aggregated beyond explorer summaries.
Evidence record
Claims and Caveats
Security Assessment & Evidence Preparedness
Public cryptographic inventory and quantum threat model
Claim: No public cryptographic inventory or quantum threat model exists for LEO Token.
Coverage basis: No inventory published
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Quantum blocker: No public cryptographic inventory — Readiness & Risk Cap 10
Assurance: Bitfinex has published general quantum-education blog posts (Oct/Nov 2025, Feb 2026) but none address LEO specifically.
Whitepaper (2019) and support documentation (2026) are silent on cryptography, signatures, and quantum threats. No GitHub repository, specification, or technical documentation exists with cryptographic details.
Security Assessment & Evidence Preparedness
Public evidence record supporting quantum risk assessment
Claim: No public evidence record supports a quantum risk assessment for LEO Token.
Coverage basis: No evidence record published
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Quantum blocker: No public evidence record for quantum risk assessment
Assurance: Exhaustive search of Bitfinex/iFinex official channels, Etherscan, the 2019 whitepaper, and third-party analyses confirms absence.
No code references, specs, audits, transaction examples, or reproducible analytics related to quantum risk have been published by iFinex or Bitfinex for LEO.
Production Cryptographic Protection
Spend authorization / transaction signatures
Claim: LEO Token inherits Ethereum's secp256k1 ECDSA and Vaulta's classical ECC for all transaction signatures. No PQ or hybrid signature path exists.
Coverage basis: Token Inheritance — host-chain ECC only
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Quantum blocker: All spend authorization is entirely ECC-based on both Ethereum and Vaulta host chains (Readiness & Risk Cap: 40)
Assurance: Verified via Etherscan — LEO is a standard ERC-20 with standard transfer/approve functions; no custom signature verification or PQ integration exists in the contract bytecode or ABI.
Token Inheritance rule (QRI §7.2) applies. LEO inherits Ethereum's ECDSA spend authorization and Vaulta's equivalent classical ECC.
Production Cryptographic Protection
Account, address, public-key exposure, and key-derivation design
Claim: LEO holders use standard Ethereum EOAs and Vaulta accounts. Transacted EOAs expose public keys on-chain, creating long-exposure quantum-vulnerable ownership paths.
Coverage basis: Host-chain account model — classical ECC only
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Quantum blocker: Long-exposure quantum-vulnerable public keys for all transacted LEO holder EOAs
Assurance: Ethereum's account model is well-documented. Any EOA that has sent a LEO transfer has exposed its secp256k1 public key on-chain.
No PQ address format, key-derivation scheme, or address-rotation mechanism exists for LEO.
Production Cryptographic Protection
Consensus-critical authentication
Claim: LEO Token has no independent consensus mechanism. Consensus security is inherited from host chains.
Coverage basis: N/A — token has no consensus layer
Implementation score: 0 · Evidence confidence: High
Issue classification: none · Score treatment: not applicable
Scored as N/A per QRI applicability rules.
Production Cryptographic Protection
State-integrity and data-availability mechanisms
Claim: LEO Token has no independent state-integrity mechanism. State integrity is inherited from host chains.
Coverage basis: N/A — token has no independent state integrity layer
Implementation score: 0 · Evidence confidence: High
Issue classification: none · Score treatment: not applicable
Token Inheritance rule applies.
Production Cryptographic Protection
Privacy and proof layers
Claim: LEO Token has no privacy or zero-knowledge proof layer.
Coverage basis: N/A — no privacy layer exists
Implementation score: 0 · Evidence confidence: High
Issue classification: none · Score treatment: not applicable
Production Cryptographic Protection
P2P transport, node identity, and peer authentication
Claim: LEO Token has no independent P2P network layer.
Coverage basis: N/A — token has no P2P layer
Implementation score: 0 · Evidence confidence: High
Issue classification: none · Score treatment: not applicable
Production Cryptographic Protection
Critical wallet, custody, HSM, and hardware-wallet workflows
Claim: No evidence of PQ wallet, custody, HSM, or hardware-wallet support for LEO Token. All custody paths rely on classical ECC.
Coverage basis: No PQ wallet or custody support
Implementation score: 0 · Evidence confidence: Medium
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Quantum blocker: No PQ wallet/custody support; all LEO custody relies on classical ECC
Assurance: Bitfinex's internal custody infrastructure security is not publicly verifiable.
No evidence of PQ HSM integration, PQ multisig schemes, or quantum-safe cold-storage solutions for LEO.
Migration Status & Value-at-Risk
Percentage of economically relevant value-at-risk protected
Claim: 0% of LEO value-at-risk is protected from quantum key-recovery attacks. All value exists on classical ECC chains with no PQ migration path.
Coverage basis: 0% protected — entirely classical ECC on both chains
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Quantum blocker: Material long-exposure quantum-vulnerable value with no migration, freeze, or recovery path (Readiness & Risk Cap: 55)
Assurance: Total supply of 660M LEO confirmed by Etherscan. The exact split between Ethereum and Vaulta representations is not publicly aggregated but both chains are classical ECC.
Coverage is <25%, scoring 0.00 per QRI §9.3.1 thresholds. Dormant/unmigratable holdings have no salvage or freeze policy.
Migration Status & Value-at-Risk
Critical wallets migrated, protected, or inherently PQ-native
Claim: No evidence that any critical LEO wallets have been migrated to PQ protection.
Coverage basis: No critical wallets migrated
Implementation score: 0 · Evidence confidence: Medium
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Quantum blocker: Critical admin/controller wallets remain quantum-vulnerable via host-chain ECDSA
Assurance: The controller address has mint/burn/upgrade authority. Its public-key exposure status is unverified. Bitfinex's custody and bridge operational wallets are not publicly identified.
The 2019 Callisto audit confirms the token contract has owner privileges including token emission control and controller upgrade capability.
Migration Status & Value-at-Risk
Legacy vulnerable pools/accounts/UTXOs/contracts identified and addressed
Claim: No legacy vulnerable pool identification, measurement, deprecation, migration, freeze, or burn mechanism exists for LEO Token.
Coverage basis: No legacy pool management
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Quantum blocker: No mechanism to identify, deprecate, freeze, or migrate quantum-vulnerable LEO holdings
Assurance: Confirmed by exhaustive review of all available Bitfinex/iFinex official documentation.
LEO has an active buyback-and-burn mechanism (iFinex uses 27%+ of monthly gross revenues), but this is an economic supply-reduction mechanism unrelated to quantum risk.
Migration Mechanism, Governance & Ecosystem Coordination
Public migration or protection roadmap
Claim: No public quantum migration or protection roadmap exists for LEO Token.
Coverage basis: No roadmap published
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Quantum blocker: No migration roadmap — no sequencing, activation criteria, or dependencies defined
Assurance: Bitfinex's October 2025 blog post is a general educational piece containing zero LEO-specific commitments, timelines, or activation criteria.
Third-party analysis (bmic.ai, April 2026) confirms: 'Bitfinex has not announced a comprehensive migration plan to post-quantum cryptographic standards.'
Migration Mechanism, Governance & Ecosystem Coordination
Migration accessibility and defaults
Claim: No PQ/hybrid account creation, wallet tooling, transaction paths, custody paths, user-facing warnings, education, or migration prompts exist for LEO.
Coverage basis: No migration accessibility
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Quantum blocker: No PQ-enabled wallet or migration tooling available for LEO holders
Assurance: No evidence found in Bitfinex support documentation, wallet interfaces, or third-party wallet integrations of any PQ account creation or quantum-safety warnings.
LEO holders are entirely dependent on host-chain wallet infrastructure which remains ECC-only.
Migration Mechanism, Governance & Ecosystem Coordination
Migration enforcement and coordination
Claim: No enforcement mechanisms, deprecation policies, freeze capabilities, or exchange/custody coordination for quantum migration exist.
Coverage basis: No enforcement or coordination
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Quantum blocker: No enforcement or coordination mechanism to prevent unsafe fallback into quantum-vulnerable systems
Assurance: The centralized Bitfinex bridge could theoretically serve as a coordination point, but no quantum-related policies exist.
The LEO contract has admin-controlled functions (enableTransfers, destroyTokens) that could technically enforce migration, but these have never been used for quantum-security purposes.
Migration Mechanism, Governance & Ecosystem Coordination
Emergency disclosure, incident-response, or governance process for quantum vulnerabilities
Claim: No quantum-specific emergency disclosure, incident-response, or governance process exists for LEO Token.
Coverage basis: No quantum incident-response process
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Quantum blocker: No quantum-specific incident-response or emergency governance process
Assurance: Bitfinex maintains a general security contact and bug-bounty program, but no quantum-specific disclosure process is documented for LEO.
The centralized admin structure could theoretically enable emergency response, but no quantum-specific procedures, triggers, or governance framework exist.
Algorithm & Implementation Assurance
Uses NIST-standardized or broadly reviewed PQC/hybrid-PQC algorithms
Claim: LEO Token uses no PQC algorithms. All cryptography is classical ECC inherited from host chains.
Coverage basis: No PQC algorithms used
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Quantum blocker: No PQC algorithms integrated at any layer
Assurance: Verified from Etherscan contract ABI — no reference to NIST PQC standards, hybrid constructions, or custom PQ primitives.
Algorithm & Implementation Assurance
Independent cryptographic and implementation audit for quantum-critical scope
Claim: The 2019 Callisto Security audit of the LEO ERC-20 contract is stale (7 years), scope-mismatched (classical security only), and contains no quantum assessment.
Coverage basis: Stale, scope-mismatched audit — no quantum coverage
Implementation score: 0 · Evidence confidence: High
Issue classification: assurance-only caveat · Score treatment: note-only
Assurance: Per QRI §6.4, this stale but relevant audit does not independently reduce the QRI Score — it is an assurance-only caveat. The quantum-vulnerable design is independently verifiable from public contract code.
No independent quantum-specific audit has ever been commissioned for LEO Token.
Algorithm & Implementation Assurance
Open-source, reproducible implementation
Claim: LEO ERC-20 contract source code is verified on Etherscan, providing open-source transparency.
Coverage basis: Verified open-source contract on Etherscan
Implementation score: 1 · Evidence confidence: High
Issue classification: none · Score treatment: not applicable
Assurance: The contract is verified on Etherscan with full Solidity source code. No dedicated GitHub repository, build instructions, or test suite were identified. The Vaulta-side LEO implementation source is not independently verified.
Open-source transparency is the only subfactor receiving full credit. This reflects baseline code availability, not quantum readiness.
Algorithm & Implementation Assurance
Parameter agility and future upgrade path
Claim: No documented parameter agility or cryptographic upgrade path exists for LEO Token.
Coverage basis: No parameter agility documented
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical uncertainty · Score treatment: score-reducing
Quantum blocker: No documented upgrade path for cryptographic migration
Assurance: The LEO contract has a changeController function allowing admin upgrade, but this is an administrative control, not a documented cryptographic migration path.
Token migration would require coordinated action across Ethereum and Vaulta host chains; LEO has no independent cryptographic upgrade mechanism.
Algorithm & Implementation Assurance
Stateful-signature safety, side-channel, and custody implementation risks
Claim: No PQC signature scheme is in use, so stateful-signature safety and side-channel considerations for PQC are not applicable to the current implementation.
Coverage basis: No PQC implementation — risks not assessed
Implementation score: 0 · Evidence confidence: Medium
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Quantum blocker: No PQC signature scheme deployed; all custody paths use classical ECC
Assurance: This subfactor would become material if/when PQC signatures are deployed for LEO or its host chains.
Algorithm & Implementation Assurance
Performance and resource-impact analysis for PQ deployment
Claim: No performance or resource-impact analysis exists for PQ signature/verification deployment affecting LEO transactions.
Coverage basis: No performance analysis
Implementation score: 0 · Evidence confidence: High
Issue classification: operational/product caveat · Score treatment: note-only
Assurance: Per QRI §6.5, the absence of a formal performance benchmark is an operational/product caveat that does not independently reduce the QRI Score.
This subfactor is scored at 0.00 because no analysis exists, but the finding is classified as note-only since no PQ path currently exists to be constrained by performance limits.
Report metadata