cryptoasset
NEXO NEXO
NEXO is a standard ERC-20 token on Ethereum (QRI Rule 7.2 Token Inheritance) with no independent cryptographic layers, no PQC features, and no quantum migration planning. The token inherits Ethereum's base-layer quantum posture, but token-specific vulnerabilities create additional quantum-critical attack surfaces: a classical ECDSA-secured owner key with privileged transfer authority over allocation pools, and the Nexo platform's entirely classical custodial infrastructure (Fireblocks MPC, Ledger Vault) holding >70% of supply. Nexo published a blog post in April 2025 acknowledging quantum risk to Bitcoin, but this does not constitute a cryptographic inventory, risk assessment, or mitigation plan for the NEXO token. The final QRI Score of 1.0 reflects: (a) a Factor Score of 1.0 driven only by minimal migration-status coverage acknowledgment (<25% protected), (b) a Readiness & Risk Cap of 10 from absence of public cryptographic inventory, and (c) a Stage 1 cap of 20. No PQC protection exists at any layer for the NEXO token or its custodial dependencies.
Token InheritanceQuantum Risk AcknowledgedECC-Only Spend AuthorizationCustodial Quantum Exposure
Category breakdown
QRI Factors
Algorithm & Implementation Assurance
0 / 20
Migration Mechanism, Governance & Ecosystem Coordination
0 / 15
Migration Status & Value-at-Risk
1 / 25
Production Cryptographic Protection
0 / 35
Security Assessment & Evidence Preparedness
0 / 5
Critical Quantum Blockers
- No public cryptographic inventory: Nexo has not published an inventory of quantum-vulnerable cryptographic mechanisms (token contract owner key, custody MPC/HSM keys, platform TLS, authentication systems). This is a Readiness & Risk Cap at 10.
- Active production spend authorization is entirely ECDSA-only: NEXO inherits Ethereum's secp256k1 ECDSA for all token transfers. No PQC or hybrid-PQC path exists. This is a Readiness & Risk Cap at 40.
- Token contract owner key is quantum-vulnerable: NexoToken contract uses an Owned pattern where the owner (ECDSA-secured Ethereum EOA or multisig) can forcibly transfer tokens from allocation addresses via onlyOwner functions. Quantum compromise enables unauthorized token distribution from investor, team, community, overdraft, and adviser allocation pools.
- Custodial platform quantum exposure: Nexo's $7B+ AUM custodial infrastructure relies on Fireblocks MPC (ECDSA-based CGGMP protocol) and Ledger Vault (classical HSM). Over 70% of NEXO token supply is held in company-controlled wallets secured by these quantum-vulnerable systems. Neither offers production PQC signing as of June 2026.
- Material long-exposure quantum-vulnerable value exists with no migration, freeze, deprecation, or recovery path: concentrated token supply in classical custodial wallets and exposed owner key create plausible quantum-enabled path to theft.
Key Risks
- Quantum compromise of token contract owner key would allow attacker to drain all allocation pools (investor, team, community, advisers, overdraft reserves) via onlyOwner transfer functions. Owner address is ECDSA-secured Ethereum account whose public key is exposed on-chain if it has ever sent a transaction.
- Quantum compromise of Nexo's Fireblocks MPC or Ledger Vault custody keys would expose >70% of NEXO supply held in company-controlled wallets, plus $7B+ of other custodial assets. Fireblocks uses ECDSA-based CGGMP threshold signatures with no production PQC alternative.
- NEXO token holders who self-custody on Ethereum are exposed to same ECDSA key-recovery risk as all Ethereum users: any account that has sent a transaction has exposed public key vulnerable to future quantum attack ('harvest now, decrypt later').
- No migration, freeze, burn, or deprecation mechanism exists for quantum-vulnerable NEXO token holdings. Neither Nexo nor Ethereum has activated protocol-level quantum migration path as of June 2026.
- Nexo platform's reliance on third-party custody providers (Fireblocks, Ledger Vault) means NEXO's quantum migration timeline is partially dependent on vendors whose PQC roadmaps are still in early research phases with no committed production dates.
- Supply concentration risk: Over 70% of NEXO supply is held in company-controlled wallets. Single quantum compromise of Nexo's custody infrastructure could lead to catastrophic loss of token supply, destabilizing token's market value.
Assurance Notes
- Callisto Network security audit of NEXO token contract (2022-10-24) is stale (3.5+ years old) but remains relevant for identifying owner privileges. Audit was not scoped for quantum risk.
- No quantum-specific audit, formal verification, or cryptographic review exists for the NEXO token contract or Nexo's custody infrastructure.
- Nexo platform holds SOC 2 Type 2, ISO 27001, and CCSS Level 3 certifications, but these assess operational security controls, not quantum-cryptographic readiness.
- Nexo custody partners Fireblocks and Ledger Vault have no production PQC support as of June 2026. Fireblocks has published PQC research roadmap but no production PQC MPC signing exists.
- Token contract source code is publicly available on GitHub (nexofinance/NEXO-Token) and verified on Etherscan, enabling independent review of classical ECDSA-dependent ownership model.
- Ethereum base-layer PQC migration (Lean Ethereum roadmap targeting 2029 for core L1 infrastructure) will eventually benefit NEXO token holders for transaction signing, but does not address Nexo's custodial key management or token contract owner key.
- No formal quantum-specific incident-response playbook or disclosure process has been published by Nexo.
- Dune Analytics supply concentration data from 2022-11-16 indicates >70% of supply in company-controlled wallets. Current distribution may differ but structural centralization of NEXO token supply remains likely.
Non-Scoring Caveats
- Nexo blog post 'Dispatch #239' (April 2025) demonstrates quantum risk awareness but discusses Bitcoin's quantum threat generically, not NEXO token-specific vulnerabilities or Nexo's custody infrastructure. This is awareness, not a cryptographic inventory or risk assessment.
- Dune Analytics dashboard showing >70% supply concentration in company-controlled wallets is from November 2022. Concentration pattern may have shifted; however, Nexo's custodial model means quantum exposure from classical custody keys remains structurally unchanged.
- Nexo's general security certifications (SOC 2, ISO 27001, CCSS Level 3) do not address quantum threat models and should not be interpreted as quantum readiness.
- Fireblocks' PQC roadmap (MPC protocol research, NIST engagement) is in early research stages with no production timeline. Full PQC strategy document promised for later in 2026.
- Ethereum's PQC migration (Lean Ethereum, targeting 2029 for core L1) is protocol-level effort that does not cover token-specific admin keys, custodial key management, or Nexo platform's internal cryptographic infrastructure.
- No evidence that Nexo has implemented any post-quantum cryptographic controls within its internal custody infrastructure beyond standard Fireblocks/Ledger Vault integrations.
- Token contract owner key is likely held in quantum-vulnerable state (exposed EOA or classical multisig) based on contract deployment history and administrative transactions.
Evidence record
Claims and Caveats
Security Assessment & Evidence Preparedness
Public cryptographic inventory of critical public-key mechanisms and public quantum threat model
Claim: NEXO has not published a cryptographic inventory of quantum-vulnerable mechanisms for token or custodial platform.
Coverage basis: Absence of evidence across all evaluated sources
Implementation score: 0 · Evidence confidence: Medium
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Quantum blocker: No public cryptographic inventory — Readiness & Risk Cap at 10
Assurance: April 2025 blog post acknowledges quantum risk to Bitcoin but does not inventory NEXO-specific cryptographic dependencies, affected assets, or attack surfaces.
A cryptographic inventory is foundational first step for quantum migration. Without it, no credible risk assessment or mitigation plan can be developed.
Security Assessment & Evidence Preparedness
Public evidence record supporting the assessment
Claim: No public evidence record supporting a quantum risk assessment exists for NEXO token.
Coverage basis: Absence of evidence across all evaluated sources
Implementation score: 0 · Evidence confidence: Medium
Issue classification: quantum-critical uncertainty · Score treatment: score-reducing
Assurance: No code references, specs, audits, transaction examples, or reproducible analytics supporting a quantum risk assessment for NEXO have been published.
Single blog post referencing quantum threat is not an evidence-backed risk assessment and would not qualify under this subfactor.
Production Cryptographic Protection
Spend authorization / transaction signatures are PQC or hybrid-PQC on mainnet
Claim: NEXO token transfers rely entirely on Ethereum's secp256k1 ECDSA. No PQC or hybrid-PQC signature support exists.
Coverage basis: Token inherits Ethereum base-layer ECDSA spend authorization
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Quantum blocker: Active production spend authorization remains entirely ECDSA-only — Readiness & Risk Cap at 40
Assurance: Ethereum's ECDSA dependency is well-documented. LayerQu scores Ethereum at QRI 25/100, Stage 2 (Acknowledged). Ethereum's Lean Ethereum roadmap targets 2029 for core L1 PQ infrastructure.
Under QRI Rule 7.2 (Token Inheritance), NEXO inherits Ethereum's base-layer QRI posture for spend authorization.
Production Cryptographic Protection
Account, address, public-key exposure, and key-derivation design prevents long-exposure quantum-vulnerable ownership paths
Claim: NEXO inherits Ethereum's account model where public keys are exposed on first spend. No PQ/hybrid controls exist.
Coverage basis: Token inherits Ethereum account and address model
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Assurance: Ethereum EOAs expose public keys on first transaction. EIP-8141 (account abstraction for PQ signatures) targeted for H2 2026 but not yet in production.
NEXO token contract owner address is particularly exposed: as active administrative account, its public key is almost certainly visible on-chain, making it long-exposure target.
Production Cryptographic Protection
Consensus-critical authentication is PQC or hybrid-PQC where applicable
Claim: NEXO is an ERC-20 token with no independent consensus layer.
Coverage basis: Token has no consensus layer
Implementation score: 1 · Evidence confidence: High
Issue classification: none · Score treatment: not applicable
Per QRI Rule 7.2, consensus authentication risk is scored at Ethereum base layer, not at token level.
Production Cryptographic Protection
State-integrity and data-availability mechanisms are quantum-safe where applicable
Claim: NEXO token state integrity is managed by ERC-20 contract on Ethereum. No independent state-integrity mechanisms exist.
Coverage basis: Token has no independent state-integrity layer
Implementation score: 1 · Evidence confidence: High
Issue classification: none · Score treatment: not applicable
Production Cryptographic Protection
Privacy and proof layers are quantum-safe where applicable
Claim: NEXO has no privacy layer, shielded transactions, ZK proofs, or stealth address mechanisms.
Coverage basis: Token has no privacy layer
Implementation score: 1 · Evidence confidence: High
Issue classification: none · Score treatment: not applicable
Production Cryptographic Protection
P2P transport, node identity, and peer authentication are PQC, hybrid-PQC, or satisfied by design
Claim: NEXO token has no independent P2P network layer.
Coverage basis: Token has no P2P layer
Implementation score: 1 · Evidence confidence: High
Issue classification: none · Score treatment: not applicable
Production Cryptographic Protection
Critical wallet, custody, HSM, signer, and hardware-wallet workflows support the production PQ/hybrid path
Claim: Nexo's custodial platform relies on Fireblocks MPC (ECDSA-based CGGMP protocol) and Ledger Vault (classical HSM). No production PQC support exists.
Coverage basis: Nexo platform custody infrastructure
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Quantum blocker: Custodial platform quantum exposure — Readiness & Risk Cap at 70 (major custody path remains quantum-vulnerable)
Assurance: Fireblocks has publicly confirmed (May 2026) that PQC is strategic priority with active MPC protocol research but no production PQC signing exists. Full PQC strategy document promised for later in 2026. Ledger Vault has no public PQC commitments.
This subfactor is particularly significant for NEXO because >70% of token supply is held in company-controlled wallets secured by these quantum-vulnerable custody systems.
Migration Status & Value-at-Risk
Percentage of economically relevant value-at-risk protected from quantum key-recovery attacks
Claim: 0% of NEXO token value-at-risk is protected from quantum key-recovery attacks. All token transfers, contract owner key, and custodial holdings are quantum-vulnerable.
Coverage basis: No migration or protection exists for any NEXO token holdings
Implementation score: 0.05 · Evidence confidence: Medium
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Quantum blocker: Material long-exposure quantum-vulnerable value exists with no migration, freeze, deprecation, or recovery path — Readiness & Risk Cap at 55
Assurance: Dune Analytics dashboard showing >70% supply concentration in company wallets is from November 2022. Exact current distribution may differ, but structural quantum exposure from classical custody remains. Market cap ≈$868M (May 2026).
Coverage score: <25% → 1 point per QRI 9.3.1. Implementation Score = 1/20 = 0.05.
Migration Status & Value-at-Risk
Critical wallets migrated, protected, or inherently PQ-native
Claim: No critical NEXO wallets (treasury, exchange, custody, foundation, protocol-controlled) are migrated to or protected by PQC.
Coverage basis: No evidence of any critical wallet migration
Implementation score: 0 · Evidence confidence: Medium
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Assurance: Nexo custody wallets managed through Fireblocks and Ledger Vault are entirely classical. Token contract owner wallet has not been migrated.
Critical wallets include: token contract owner address, Nexo's Fireblocks/Ledger Vault custodial wallets holding >70% of supply, exchange wallets where NEXO is listed.
Migration Status & Value-at-Risk
Legacy vulnerable pools/accounts/UTXOs/contracts are identified and addressed
Claim: No quantum-vulnerable NEXO token pools have been identified, measured, deprecated, migrated, frozen, or proven not to exist.
Coverage basis: No legacy pool identification or deprecation
Implementation score: 0 · Evidence confidence: Medium
Issue classification: quantum-critical uncertainty · Score treatment: score-reducing
Assurance: Token allocation pools (investor, team, community, advisers, overdraft) are identifiable from contract source code but have not been assessed for quantum vulnerability.
NEXO token contract allocation addresses (0xFFfF...fF, 0x1111...1111, etc.) are synthetic placeholder addresses in contract, not real EOAs. Vulnerability lies in owner key that controls distributions.
Migration Mechanism, Governance & Ecosystem Coordination
Public migration or protection roadmap with sequencing, activation criteria, and dependencies
Claim: No public quantum migration or protection roadmap exists for NEXO token or Nexo custodial platform.
Coverage basis: Absence of evidence
Implementation score: 0 · Evidence confidence: Medium
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Assurance: Nexo blog post (April 2025) discusses draft PQC proposal for Bitcoin but provides no roadmap for NEXO token or Nexo infrastructure.
Quantum migration roadmap for NEXO would need to address: Ethereum base-layer PQC migration, token contract owner key migration, Nexo custodial platform migration, and exchange coordination.
Migration Mechanism, Governance & Ecosystem Coordination
Migration accessibility and defaults
Claim: No PQ/hybrid account creation, wallet tooling, transaction paths, custody paths, warnings, education, or migration prompts exist for NEXO.
Coverage basis: No migration tooling or accessibility
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Assurance: As standard ERC-20 token, NEXO migration accessibility is largely dependent on Ethereum base-layer PQ migration tooling. Token-specific migration paths require independent planning.
NEXO token holders cannot currently create PQ-safe accounts, migrate tokens to PQ-protected addresses, or use PQ-enabled custody paths.
Migration Mechanism, Governance & Ecosystem Coordination
Migration enforcement and coordination
Claim: No enforcement mechanisms, deprecation, freeze, disabled legacy signing, restricted withdrawals, or mandatory migration deadlines exist for NEXO.
Coverage basis: No enforcement or coordination mechanisms
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Assurance: Nexo has not published coordination plan with exchanges, custody providers, or wallet infrastructure for quantum migration.
Token contract's Owned pattern provides mechanism for owner key rotation (setOwner/confirmOwnership), which could in principle be used to migrate to PQ-safe multisig.
Migration Mechanism, Governance & Ecosystem Coordination
Emergency disclosure, incident-response, or governance process for quantum-related vulnerabilities
Claim: No quantum-specific emergency disclosure, incident-response, or governance process has been published by Nexo.
Coverage basis: Absence of evidence
Implementation score: 0 · Evidence confidence: Medium
Issue classification: assurance-only caveat · Score treatment: note-only
Assurance: Per QRI Section 8.2, absence of formal quantum-specific incident-response playbook does not by itself create Readiness & Risk Cap. Nexo's general security page describes operational security measures but none address quantum-specific scenarios.
No quantum-specific incident response framework covering scenarios such as cryptographically relevant quantum computer announcement or emergency token contract pause has been identified.
Algorithm & Implementation Assurance
Uses NIST-standardized, standards-track, or broadly reviewed PQC/hybrid-PQC algorithms appropriate to the use case
Claim: No PQC or hybrid-PQC algorithms are in use for NEXO token or its custodial dependencies.
Coverage basis: No PQC algorithms deployed
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Assurance: Fireblocks is researching NIST-standardized PQC schemes (ML-DSA, SLH-DSA, FN-DSA) for future MPC integration, but no production deployment exists.
This subfactor evaluates whether project uses standardized PQC algorithms. NEXO uses no PQC algorithms at any layer.
Algorithm & Implementation Assurance
Independent cryptographic and implementation audit exists for the quantum-critical scope
Claim: No independent cryptographic or implementation audit exists for quantum-critical aspects of NEXO token or custody infrastructure.
Coverage basis: No quantum-scoped audit
Implementation score: 0 · Evidence confidence: Medium
Issue classification: assurance-only caveat · Score treatment: note-only
Assurance: Callisto Network audit (October 2022) reviewed NEXO token contract for standard smart-contract vulnerabilities and owner privileges but was not scoped for quantum risk.
Since NEXO has no PQC implementation to audit, absence of quantum-scoped audit is primarily relevant for Confidence.
Algorithm & Implementation Assurance
Open-source, reproducible implementation
Claim: NEXO token contract source code is publicly available and verified, but no PQC implementation exists to evaluate.
Coverage basis: Token contract is open-source; no PQC code exists
Implementation score: 0 · Evidence confidence: High
Issue classification: none · Score treatment: not applicable
Assurance: Token contract is verified on Etherscan and source is available on GitHub. Nexo platform's custodial infrastructure is not open-source.
Implementation Score is 0 because there is no PQC implementation to evaluate for open-source reproducibility.
Algorithm & Implementation Assurance
Parameter agility and future upgrade path are documented
Claim: No documented parameter agility or future PQC upgrade path exists for NEXO token or custodial dependencies.
Coverage basis: No documented upgrade path
Implementation score: 0 · Evidence confidence: Medium
Issue classification: quantum-critical uncertainty · Score treatment: score-reducing
Assurance: Token contract's Owned pattern provides technical mechanism for owner key rotation, but no documented plan exists for migrating to PQ-safe owner configuration.
Parameter agility is particularly important for custodial token where majority of supply is held in institutionally managed wallets.
Algorithm & Implementation Assurance
Stateful-signature safety (where applicable)
Claim: Not applicable — no stateful PQC signatures are in use for NEXO token.
Coverage basis: No stateful PQC signatures deployed
Implementation score: 1 · Evidence confidence: High
Issue classification: none · Score treatment: not applicable
Algorithm & Implementation Assurance
Performance and resource-impact analysis exists where PQ signature/verification costs could affect safe deployment
Claim: Not applicable — no PQC deployment exists to analyze for performance impact on NEXO token operations.
Coverage basis: No PQC deployment
Implementation score: 1 · Evidence confidence: High
Issue classification: none · Score treatment: not applicable
Forward-looking note: ERC-20 token transfers on Ethereum would be affected by any base-layer PQC signature size increase.
Report metadata