Executive Summary
A heated debate is raging in the Bitcoin community over how soon advances in quantum computing could endanger wallets, and whether developers are responding to the threat with sufficient urgency.
The risk to investors is real. A sufficiently capable quantum computer could, theoretically, derive the private keys to a wallet from exposed public keys, enabling an attacker to forge a signature and steal coins.
However, some perspective is warranted.
For starters, not all wallets are equally vulnerable. In fact, most wallets are not vulnerable today. Funds are at risk only when public keys are exposed onchain. This creates two primary categories of exposure:
Wallets whose public keys are already visible (relics of the Bitcoin network’s early days)
Wallets whose public keys are revealed at the time of spending (more common)
Analysis from Project Eleven, a security group focused on quantum risk to digital assets, estimates that roughly ~7 million BTC (worth $470 billion at recent prices) may be vulnerable under a “long exposure” definition (public keys already revealed onchain). Other estimates are significantly lower depending on classification methodology.
Pragmatically, these exposed coins are primarily comprised of these groups:
Coins held by users who have reused their public address (spent from it more than once). While default behavior by most wallets is to create a new address for every receipt, users who practice poor transaction hygiene may reuse old addresses.
Coins held by some exchanges or custodians that re-use deposit addresses for simplicity or compliance purposes.
Coins held in legacy address formats, which crucially include coins thought to have been mined by Satoshi Nakamoto, Bitcoin’s pseudonymous creator.
While a large portion of BTC supply is structurally exposed under a hypothetical quantum scenario, those coins are not presently exploitable given publicly known quantum capabilities.
Recent public debate has polarized into two broad camps:
Those who say quantum is decades away → and therefore no urgency required
Those who say quantum is imminent → urgent action required now
This note outlines:
The specific technical problem
Major mitigation proposals under discussion
Ongoing work that may determine Bitcoin’s preparedness in a post-quantum environment
Galaxy Research will periodically update and recirculate the third section as the work evolves. But as our survey of initiatives will show, that work is already substantial, notwithstanding recent accusations of complacency leveled at the developer community. This makes us optimistic that the problem of quantum vulnerability can and will be solved in time to mitigate the threat, despite the formidable technical and governance challenges involved.
What Is the Problem?
Bitcoin’s transaction authorization depends on elliptic curve-based cryptographic signature schemes, specifically ECDSA (the original signature scheme used since Bitcoin’s launch) and Schnorr (introduced with the Taproot upgrade in 2021).
As with all modern classical cryptography, these signature systems rely on a mathematical assumption: that it is computationally infeasible to derive a private key from a public key using classical computers. More specifically, their security rests on the difficulty of solving the elliptic curve discrete logarithm problem, a problem that is easy to compute in one direction (public key from private key) but extraordinarily difficult to reverse.
Shor’s algorithm (if implemented on a sufficiently powerful, fault-tolerant quantum computer) could, in theory, efficiently derive private keys from public keys. (“Fault-tolerant” means the quantum computer can correct its own errors fast enough to perform long, stable computations. Today’s experimental quantum machines are noisy and error-prone; a fault-tolerant machine would be far more advanced.)
This is the primary risk vector: forgery via private key derivation.
It’s important to note that while signature schemes (ECDSA/Schnorr) are vulnerable to Shor’s algorithm, hash functions (SHA-256), the cryptographic fingerprints critical to securing the Bitcoin blockchain, remain comparatively resilient, though they are vulnerable via Grover’s algorithm.
The conceptual origin of quantum computing is often traced back to the observation (famously articulated by Nobel Prize-winning physicist Richard Feynman) that classical computers struggle to simulate quantum systems. Classical computers process information in bits: either 0 or 1. Quantum computers use qubits, which can exist in a superposition of 0 and 1 simultaneously. (In simple terms, a qubit can represent multiple states at once, allowing certain classes of problems to be explored far more efficiently.)
Shor’s algorithm exploits quantum interference to extract periodic structure from problems that appear computationally unmanageable to classical machines. This means that, in the ECDSA context, an attacker with a cryptographically relevant quantum computer (CRQC) could produce valid signatures and spend the victim’s coins (if the attacker obtains the victim’s public key).
Importantly, Bitcoin’s unspent transaction output (UTXO)-based model, which treats coins as discrete outputs that must be individually spent, provides a degree of structural protection not found in account-based blockchains such as Ethereum. In Bitcoin, public keys are typically revealed only when coins are spent, meaning a large share of the supply remains protected behind hashed addresses until transaction time. While elliptic curve cryptography is theoretically vulnerable to Shor’s algorithm on a sufficiently powerful quantum computer, hash functions such as SHA-256 are believed to remain secure against both classical and quantum attacks, though not theoretically unbreakable. (Grover’s algorithm provides only a quadratic speedup against hash preimage resistance, meaning that unscrambling a 256-bit hash would still require computational resources widely considered astronomically large.) By contrast, most account-based systems (such as Ethereum and Solana) permanently expose public keys at the account layer. This distinction does not eliminate risk for Bitcoin, but it does materially affect the scope and sequencing of exposure in a potential Q-day event (Q-day is the name for the moment when the existence of a cryptographically relevant quantum computer becomes publicly known).
What Even Is a 'Cryptographically Relevant Quantum Computer'?
Not all quantum computers pose a risk to Bitcoin. The relevant threshold is a cryptographically relevant quantum computer (CRQC). Breaking 256-bit elliptic curve cryptography would require:
Hundreds to thousands of logical qubits (lower bound estimates of ~768, according to Hunter Beast, a Bitcoin and quantum researcher).
Large-scale quantum error correction sufficient to maintain sustained fault-tolerant operation
Physical qubits are the raw hardware-level qubits in a quantum processor; logical qubits are error-corrected qubits that behave reliably enough to support long computations. Because real quantum hardware is noisy, constructing a single logical qubit requires many physical qubits for error correction, putting current machines orders of magnitude away from the threshold needed to threaten Bitcoin.
Attack Vectors
Bitcoin’s quantum exposure is a function of when and how public keys become visible onchain. There are two distinct attack classes:
Long Exposure Attacks
Long exposure attacks target coins whose public keys are already visible onchain. This includes legacy pay-to-public-key (P2PK) outputs, reused addresses, and previously spent outputs where pubkeys were revealed.
Because the pubkey is permanently exposed, an attacker would have unlimited time to attempt key recovery in a CRQC scenario.
Short Exposure Attacks
Short exposure attacks target coins whose public keys are revealed only at the time of spending. In these cases, an attacker would need to derive the private key quickly enough to front-run the transaction during its confirmation window in the mempool (while it is “in flight” and not yet confirmed on the blockchain).
Bitcoin addresses typically encode a hash of a public key. The public key is only revealed when coins are spent. We wrote about the different address types and how much BTC each contains here.
Quantum Timelines
In recent months, several prominent industry participants have publicly emphasized the urgency of quantum preparedness and questioned whether Bitcoin development is moving quickly enough.
This has sparked heated debate over whether the ecosystem is proactively addressing quantum risk or underestimating the coordination challenges required for a transition.
Quantum timelines remain uncertain. Estimates range from conservative (decades away) and aggressive (12-24 months), but there is no consensus that a CRQC is imminent (remember that expert consensus is often wrong, especially about emerging technologies).
The more actionable takeaway for Bitcoin is that even if CRQC is “far off,” “far off” is not a precise number, and migration timelines for the most decentralized blockchain are measured in years, not weeks. That uncertainty motivates preparation even under conservative assumptions. Consensus changes require broad coordination across developers, wallet providers, custodians, miners, and node operators, which means post-quantum migration is a governance problem as much as a technical one.
Perception vs. Reality
Recent discussion on social media has amplified claims that Bitcoin Core developers (contributors to the reference implementation and most widely used node software for Bitcoin) are “ignoring” and “gatekeeping” quantum-related proposals such as BIP 360.
Ethan Heilman publicly responded that Core contributors have in fact engaged substantively with Bitcoin Improvement Proposal (BIP) 360, the most prominent and developed solution for quantum resistance so far. It has actually received “more comments than any other BIP so far in history of BIPs,” noted Heilman, himself a BIP 360 co-author.
This exchange highlights a recurring dynamic in Bitcoin development discourse: the difference between public perception of inaction and the slower, review-heavy process that characterizes consensus-level changes.
“Yes, developers are working on [quantum resistance]. I can point to many people working on this.” – Matt Corallo, Bitcoin developer, Unchained podcast
“We are working very hard on this very serious problem, and we think that it is the most serious concern that people have raised about Bitcoin” – Hunter Beast, Bitcoin developer, Quantum Computers & the Future of Bitcoin (video interview).
Mitigation Pathways
Bitcoin’s quantum preparedness problem has two layers. The first is a protection layer: how Bitcoin enables post-quantum signatures so users can move coins into outputs that remain secure even under Shor’s algorithm.
The second is a mitigation layer: what Bitcoin does about coins that cannot or will not migrate, particularly those with permanently exposed public keys or lost keys.
BIP 360 and Post-Quantum Outputs
On Feb. 11, the community received a durable specification draft for a Taproot-like output that would remove the key-path spend: Pay-to-Merkle-Root (P2MR).
This would be implemented via a soft fork (backward-compatible software upgrade) and is documented under BIP 360. Authored by Hunter Beast, Heilman, and Isabel Foxen Duke, BIP 360 preserves tapscript and script-tree semantics while committing only to a Merkle root and omitting the internal key. The result is a script-tree output that is resistant to long exposure attacks because there is no always-visible internal public key to target.
A tradeoff is that P2MR spends are somewhat larger than pay-to-Taproot (P2TR) key-path spends, which allow for compact key-path signature spends without revealing script data. Nonetheless, as a conservative, first-step protective measure, P2MR is compelling: it reduces the long-exposure surface area without forcing an immediate choice of post-quantum (PQ) algorithm.
BIP 360 documentation is substantial and explicit about the distinction between long and short exposure and about P2MR’s inability by itself to prevent confirmation-window exploitation.
Hourglass (separate from BIP 360, also authored by Hunter Beast)
Even if Bitcoin adopted a quantum-resilient spend path, the ecosystem would still have to confront a harder question: what happens to legacy outputs whose public keys are already exposed onchain (particularly P2PK outputs associated with early mining and long-dormant holdings... think Satoshi)?
This is the heart of the quantum debate because it cannot be “fixed” by simply offering a new address type. If a CRQC (or any non-quantum break) became practical, exposed-key UTXOs would be the first and most attractive targets, precisely because the attacker would have unlimited time to perform key recovery and could opportunistically sweep coins at scale.
The policy surface here is ugly. One extreme is the “confiscatory” approach (most prominently advocated by Jameson Lopp and said to be inevitable by prominent Bitcoin Core developer Matt Corallo), to freeze or burn vulnerable coins after a deadline if they have not migrated to quantum-resistant addresses. This proposal has the virtue of simplicity and solving the problem of dormant and vulnerable supply, but it carries an obvious governance cost: retroactively changing spendability rules on existing coins, potentially without keyholder consent.
The opposite extreme is laissez-faire liquidation: do nothing and accept that quantum-capable actors will steal these coins once they can and then dump them on the market, potentially tanking the price. That path avoids confiscation, but it opens the door to the sharpest supply overhang and possible shock in Bitcoin’s history. Because Bitcoin’s security model is ultimately funded by fiat-denominated mining revenue, a sufficiently violent price dislocation risks reducing aggregate hash rate and weakening the network in the aftermath of the event.
Hourglass is best understood as an attempt to find a third path: not burning coins, not preventing recovery outright, but constraining the rate at which vulnerable coins can be extracted and sold. It is a “harm reduction” proposal whose primary goal is to mitigate market destabilization in a quantum event while preserving a mechanism for legitimate keyholders to recover funds over time.
SPHINCS+ / SLH-DSA (Hash-Based Post-Quantum Signatures)
BIP 360 provides the structural rail for quantum-resistant outputs but deliberately defers the choice of which post-quantum signature algorithm Bitcoin should adopt. Among the leading candidates, SPHINCS+ (standardized by the National Institute of Standards and Technology (NIST) as SLH-DSA under FIPS 205 in August 2024) has attracted significant developer attention. Its security relies solely on hash functions, the same cryptographic primitive Bitcoin already depends on for proof-of-work and transaction integrity.
Unlike lattice-based alternatives such as ML-DSA (Dilithium) or Falcon, whose security depends on newer mathematical assumptions, SPHINCS+ requires only that the underlying hash function remains one-way. NIST has characterized it as a deliberately conservative choice. If lattice-based assumptions were to fail under future cryptanalysis, a hash-based scheme would remain intact.
The primary tradeoff is size. Standard SPHINCS+ signatures are roughly 8 KB, far larger than current Bitcoin signatures. However, in December 2025, Blockstream researchers Mikhail Kudinov and Jonas Nick published a technical report showing that by tuning parameters for Bitcoin's specific needs (which require far fewer signatures per key than the general-purpose standard assumes), signature sizes can be reduced to approximately 3 to 4 KB, comparable to lattice-based alternatives.
In the February 2026 Algorithm Agility discussion on the developer mailing list, BIP 360 co-author Heilman advocated for SLH-DSA not as the everyday default but as a conservative backup. Under this framing, wallets would continue using cheap Schnorr signatures for normal spending via P2MR outputs, while holding an SLH-DSA script path in reserve as a fallback if elliptic curve cryptography is broken. The cost of simply holding the backup would be minimal, with the larger signature only incurred if and when Q-day arrives. Others have argued that even optimized hash-based signatures remain too large and that lattice-based schemes are the only viable long-term path, though those schemes are not yet considered ready for deployment.
No BIP currently proposes a specific SLH-DSA integration. BIP 360's P2MR output type is designed as the foundation into which a post-quantum signature scheme would be deployed via a follow-on soft fork, and its authors have named SLH-DSA as a leading candidate.
Commit/Reveal Function for Post-Quantum Recovery (Tadge Dryja)
The proposals above all assume Bitcoin will have time to deploy new post-quantum signature schemes before a CRQC arrives. Developer (and Lightning Network co-creator) Tadge Dryja's commit/reveal proposal, posted to the developer mailing list in May 2025, addresses a different scenario: what if a CRQC appears before any post-quantum upgrade has been activated?
As discussed above, wallets using hashed addresses are partially protected because the public key is only revealed at spending time. Dryja's scheme extends that protection through the spending process itself, without requiring any new signature algorithm. Before broadcasting a transaction, a user publishes a compact hash-based commitment onchain that binds their (still-secret) public key to a specific transaction. Only after the commitment is confirmed does the user broadcast the actual spending transaction. Because the commitment requires knowledge of the secret public key, a quantum attacker who sees the commitment cannot forge a competing one. Nodes enforce a "first valid commitment" rule, allowing them to reject fraud attempts.
A notable feature is the proposed activation trigger: a "Proof of Quantum Computer." The commit/reveal requirement would only kick in after someone demonstrates onchain that they can forge elliptic curve signatures (which, assuming hash functions remain secure, is only possible with a working CRQC). Until that happens, Bitcoin operates normally. This makes the scheme a soft fork that imposes zero cost if quantum computers never materialize.
The proposal has important limitations. Chain reorganizations remain a vulnerability. Commitments must be delivered to miners out of band, because standard transaction authorization may no longer be secure. And the scheme only protects outputs whose public keys are still hidden; it does nothing for legacy formats or reused addresses where the public key is already exposed onchain.
The commit/reveal approach is best understood as an emergency backstop, a way to keep funds safe and movable in a worst-case scenario where a CRQC arrives before post-quantum signatures have been deployed. It is complementary to the longer-term migration path envisioned by BIP 360.
Seed Phrase Zero-Knowledge Proofs
Another complementary area of research involves using zero-knowledge proofs to prove ownership of a wallet’s seed phrase without revealing the phrase itself. A user generates a ZK proof (such as a ZK-SNARK or ZK-STARK) locally on their device, confirming that they know the secret seed corresponding to a specific public address. The proof is cryptographically verifiable but reveals nothing about the underlying secret.
This has several practical applications in a post-quantum context. Most notably, it enables decentralized, non-custodial social recovery of lost keys without exposing the private seed to third parties or creating onchain privacy risks. Under existing custodial recovery models, users must either share their seed phrase with a trusted party or accept the risk of permanent loss. ZK-based recovery eliminates that tradeoff: guardians can verify that a recovery request is legitimate without ever seeing the secret material.
Beyond recovery, seed phrase ZK proofs can also serve as a wallet authentication mechanism, allowing users to prove ownership of an address to a decentralized application (dapp) or service without signing a transaction that exposes the address’s history. In a quantum threat environment where minimizing public key exposure is critical, this kind of authentication becomes more valuable.
Seed phrase ZK proofs are best understood as a way to preserve access and prove ownership under adverse conditions without compromising the security properties that make self-custody meaningful in the first place.
The Governance Challenge of Upgrading Bitcoin
Even if the developer community reaches agreement on a post-quantum solution, deploying it across the network is a separate and historically difficult problem. Bitcoin has no CEO, no board, and no central authority that can mandate a software update. Changes to consensus rules require broad coordination among developers, miners, node operators, wallet providers, exchanges, and users. This process is slow by design, and it is also one of Bitcoin's most important properties.
Protocol upgrades are implemented as "soft forks," backward-compatible rule changes that tighten the set of valid transactions. Upgraded and non-upgraded nodes can coexist on the same network, avoiding a chain split. But soft forks still require a critical mass of the network to adopt new software, and the mechanism by which that adoption is coordinated has itself been a source of controversy.
Bitcoin's two most consequential soft forks illustrate the challenge. Segregated Witness (SegWit), proposed in 2015 and not activated until 2017, became entangled in the multi-year "block size wars." Despite broad developer support, a minority of miners refused to signal readiness under the BIP9 framework (which required 95% miner signaling), and the stalemate was only broken after users organized a campaign threatening to reject blocks from non-signaling miners. The episode took years to resolve. Taproot, activated in November 2021, went more smoothly using a compressed "Speedy Trial" mechanism with a 90% threshold and a three-month signaling window, but the choice of activation method was itself contested, and the relative ease owed much to the fact that the upgrade was broadly uncontroversial.
The Bitcoin community has developed several activation frameworks (BIP9, BIP8, Speedy Trial), each with different tradeoffs around miner signaling thresholds, timing, and whether activation can be forced if miners refuse to cooperate. No single mechanism has emerged as the standard for future upgrades, and the choice of pathway for a post-quantum soft fork will likely be debated extensively.
These governance challenges are real but should be weighed against several factors. First, as documented throughout this report, developers are actively working on the problem, and the pace of proposals has accelerated meaningfully since late 2025. Second, unlike the block size wars (which were fundamentally a dispute about Bitcoin's economic vision), a post-quantum upgrade is a response to an external technical threat that affects all participants equally. There is no constituency (apart from thieves) that benefits from Bitcoin being vulnerable to quantum attack. Third, the economic incentives are strongly aligned: holders, miners, exchanges, and developers all have enormous financial exposure to the network's continued security. As the quantum threat becomes more credible, the cost of inaction rises for every participant. History suggests that when incentive alignment is strong enough, even a deliberately slow-moving network can act (see: the Y2K bug).
Developer Work/Discussion Underway (as of February 2026)
Contrary to some public criticism, our review found substantial developer work addressing the question of quantum vulnerabilities and mitigations. Below is a list of recent developer activity on the topic, in reverse chronological order.
Bitcoin Optech Newsletter
Regular references to quantum risk and post-quantum research
https://bitcoinops.org/en/newsletters/
Feb. 13, 2026 – The limitations of cryptographic agility in Bitcoin
Discussion initiated by Pieter Wuille.
https://groups.google.com/g/bitcoindev/c/O6l3GUvyO7A
Feb 10, 2026 - Hourglass V2
Soft fork proposal introducing spending constraints on P2PK outputs. Limits P2PK spends to one per block and caps net release to 1 BTC per block to mitigate quantum-driven supply shocks.
https://github.com/cryptoquick/bips/blob/hourglass-v2/bip-hourglass-v2.mediawiki
Feb. 10, 2026 – BIP 360 (P2MR): Pay-to-Merkle-Root
Draft soft fork removing Taproot key-path spend to mitigate long exposure attacks. Preserves tapscript functionality and provides a migration rail for future post-quantum signature integration.
https://github.com/bitcoin/bips/blob/master/bip-0360.mediawiki
Feb. 9, 2026 - Mailing List: Algorithm Agility for Bitcoin
https://groups.google.com/g/bitcoindev/c/7jkVS1K9WLo
Dec. 8, 2025 – Hash-Based Signatures for Bitcoin’s Post-Quantum Future
https://groups.google.com/g/bitcoindev/c/gOfL5ag_bDU
October 24-25, 2025 – Conference: Lugano Plan ₿ Forum
https://www.youtube.com/watch?v=OIaNeE97mH0
July 17-18, 2025 – Conference: Quantum Bitcoin Summit
https://www.youtube.com/playlist?list=PL8Qx0853DvlPqutRekO3feBCmn2iRkC1k
July 15, 2025 - BIP 361: Post-Quantum Migration and Legacy Signature Sunset
A phased migration plan following activation of a quantum-resistant output type. The proposal outlines a future “sunset” mechanism for legacy signatures.
https://github.com/bitcoin/bips/pull/1895
May 27-29, 2025 – The Bitcoin Conference in Las Vegas
Guillaume Girard, Jameson Lopp, Hunter Beast discuss “What Do We Do About Quantum-Vulnerable Coins?”
https://www.youtube.com/watch?v=0Xqow-DGHSs
Conclusion
The quantum debate has presented real questions for long-term BTC holders and prospective investors. While the "when" is disputed (and there may only be a handful of people worldwide qualified to prognosticate on it), the question of "how to fix" is becoming clearer by the day.
The ecosystem now has a concrete and maturing set of proposals spanning the full problem surface. These proposals are not theoretical. They are being actively developed, reviewed, and debated by some of the most experienced contributors in the Bitcoin ecosystem.
The governance challenge of deploying a solution should not be underestimated. Bitcoin's upgrade history shows that even broadly supported changes can take years to activate. But the nature of this particular threat – external, technical, and universal in its impact – aligns incentives in a way that past disputes over Bitcoin's economic direction did not. Every honest participant in the network, from miners to holders to exchanges, has a direct financial interest in the network's continued security.
We are optimistic that the problem can be solved, will be solved, and that solutions will be adopted by the network in time to mitigate the threat. The pace of developer activity has accelerated meaningfully, the proposals are becoming more concrete, and the broader Bitcoin community is increasingly engaged. For investors, the key takeaway is straightforward: the risk is real but recognized, and the people best positioned to address it are working on it.
This document, and the information contained herein, has been provided to you by Galaxy Digital Inc. and its affiliates (“Galaxy Digital”) solely for informational purposes. This document may not be reproduced or redistributed in whole or in part, in any format, without the express written approval of Galaxy Digital. Neither the information, nor any opinion contained in this document, constitutes an offer to buy or sell, or a solicitation of an offer to buy or sell, any advisory services, securities, futures, options or other financial instruments or to participate in any advisory services or trading strategy. Nothing contained in this document constitutes investment, legal or tax advice or is an endorsement of any of the stablecoins mentioned herein. You should make your own investigations and evaluations of the information herein. Any decisions based on information contained in this document are the sole responsibility of the reader. Readers should consult with their own advisors and rely on their independent judgement when making financial or investment decisions.
The author(s), along with Galaxy Digital, own Bitcoin and hold financial interest in Bitcoin. Galaxy Digital regularly engages in buying and selling Bitcoin and other financial instruments, including through hedging transactions, for its own proprietary accounts and on behalf of its counterparties. Galaxy Digital also provides services to vehicles that invest in various asset classes, including Bitcoin. If the value of such assets increases, those vehicles may benefit, and Galaxy Digital’s service fees may increase accordingly. The information and analysis in this communication are based on technical, fundamental, and market considerations and do not represent a formal valuation. For more information, please refer to Galaxy’s public filings and statements. Certain asset classes discussed, including digital assets, may be volatile and involve risk, and actual market outcomes may differ materially from perspectives expressed here.
For additional risks related to digital assets, please refer to the risk factors contained in filings Galaxy Digital Inc. makes with the Securities and Exchange Commission (the “SEC”) from time to time, including in its Quarterly Report on Form 10-Q for the quarter ended September 30, 2025, filed with the SEC on November 10, 2025, available at www.sec.gov.
Certain statements in this document reflect Galaxy Digital’s views, estimates, opinions or predictions (which may be based on proprietary models and assumptions, including, in particular, Galaxy Digital’s views on the current and future market for certain digital assets), and there is no guarantee that these views, estimates, opinions or predictions are currently accurate or that they will be ultimately realized. To the extent these assumptions or models are not correct or circumstances change, the actual performance may vary substantially from, and be less than, the estimates included herein. None of Galaxy Digital nor any of its affiliates, shareholders, partners, members, directors, officers, management, employees or representatives makes any representation or warranty, express or implied, as to the accuracy or completeness of any of the information or any other information (whether communicated in written or oral form) transmitted or made available to you. Each of the aforementioned parties expressly disclaims any and all liability relating to or resulting from the use of this information. Certain information contained herein (including financial information) has been obtained from published and non-published sources. Such information has not been independently verified by Galaxy Digital and, Galaxy Digital, does not assume responsibility for the accuracy of such information. Affiliates of Galaxy Digital may have owned, hedged and sold or may own, hedge and sell investments in some of the digital assets, protocols, equities, or other financial instruments discussed in this document. Affiliates of Galaxy Digital may also lend to some of the protocols discussed in this document, the underlying collateral of which could be the native token subject to liquidation in the event of a margin call or closeout. The economic result of closing out the protocol loan could directly conflict with other Galaxy affiliates that hold investments in, and support, such token. Except where otherwise indicated, the information in this document is based on matters as they exist as of the date of preparation and not as of any future date, and will not be updated or otherwise revised to reflect information that subsequently becomes available, or circumstances existing or changes occurring after the date hereof. This document provides links to other Websites that we think might be of interest to you. Please note that when you click on one of these links, you may be moving to a provider’s website that is not associated with Galaxy Digital. These linked sites and their providers are not controlled by us, and we are not responsible for the contents or the proper operation of any linked site. The inclusion of any link does not imply our endorsement or our adoption of the statements therein. We encourage you to read the terms of use and privacy statements of these linked sites as their policies may differ from ours. The foregoing does not constitute a “research report” as defined by FINRA Rule 2241 or a “debt research report” as defined by FINRA Rule 2242 and was not prepared by Galaxy Digital Partners LLC. Similarly, the foregoing does not constitute a “research report” as defined by CFTC Regulation 23.605(a)(9) and was not prepared by Galaxy Derivatives LLC. For all inquiries, please email [email protected].
©Copyright Galaxy Digital Inc. 2026. All rights reserved.