Skip to main content

Scoring Methodology

WalletWall scores wallet exposure — how much attention a wallet warrants and how urgent its migration-readiness planning is. This page explains the factors in plain English, the inputs and outputs, the shared risk tiers, a worked example, and the limits of the method.
Exposure scores are forward-looking heuristics for risk prioritization and long-term migration planning. They do not indicate that a wallet is currently vulnerable to theft or exploitation by any existing technology, and they are not investment advice.

Plain-English overview

WalletWall reads public, on-chain data for a wallet and asks a few practical questions:
  • Has the wallet revealed its public key on-chain (by sending a transaction)?
  • How much value is at stake?
  • How dormant is it?
  • What does its transaction history look like?
  • How hard would migration be (EOA vs. smart-contract / multisig)?
  • How concentrated are its holdings, including stablecoins?
  • What behavioral patterns does the activity show?
  • How complete is the underlying data?
It combines these into a normalized exposure score, places the wallet in a shared risk tier, and recommends a migration-readiness path. Every result carries a confidence level and source caveats.

Scoring factors

FactorWhat it measuresWhy it matters
Signature / public-key exposureWhether the wallet’s ECDSA public key has been revealed on-chain (it becomes recoverable after the first outgoing transaction).A revealed public key is the precondition for long-horizon quantum signature risk. Receive-only wallets have lower immediate exposure.
Wallet value / asset concentrationUSD value held and how concentrated it is across assets.Higher value and concentration raise the “bounty” and the stakes of migration.
DormancyTime since the wallet last sent a transaction.Long-dormant wallets may be unmonitored and harder to migrate, raising readiness risk.
Transaction historyVolume, recency, and pattern of activity.Establishes whether the key is exposed and informs behavioral signals.
Migration frictionCapability to rotate signatures — EOA vs. smart-contract wallet (Safe, multisig, ERC-4337 AA).A programmable wallet has an upgrade path; a plain EOA with no path is harder to migrate.
Stablecoin concentrationShare of holdings in stablecoins and exposure to specific pegs/pools.Concentration risk that compounds with value-at-risk; informed by Stable Seer.
Holder / whale behaviorDeterministic behavioral signals (extraction-style activity, counterparty concentration, relay routing, activity ramp, asset/value ambiguity).Surfaces patterns that change how a wallet should be reviewed. Not findings of wrongdoing.
Confidence / data completenessHow much of the above could actually be determined.Missing or stale data lowers confidence or yields “Unknown” rather than false precision.
For the precise component weights and field contracts behind the Quantum Exposure Score, see Quantum Intelligence.

Inputs

  • Wallet transaction history — from public providers (Etherscan, Alchemy, The Graph).
  • Chain signature metadata — a derived lookup of each chain’s default signature scheme.
  • Scheduled Dune feeds — dormancy, signature exposure, value-at-risk, and migration-readiness facts (scheduled/cached, never live-streamed).
  • Market & concentration context — token/stablecoin pricing and holdings (CoinGecko, Stable Seer feeds).

Outputs

  • Quantum Exposure Score — normalized 0–100, or null when data is insufficient.
  • Exposure label — Low / Moderate / High exposure, Migration priority, or Unknown.
  • Shared risk tier — Monitor, Review, Migrate, or Vault Prototype.
  • Migration-readiness recommendation — a recommended path with urgency, difficulty, blockers, and a next action.
  • Confidence level and a caveats array describing data completeness and staleness.
  • Source provenance — which feeds contributed, and whether data is live or scheduled/cached.

Shared risk tiers

WalletWall normalizes every assessment into one of four shared tiers. The tiers are the common language across modules and reports.
TierWhat it meansTypical signalsSuggested posture
MonitorLow urgency. Nothing to act on yet.Low/moderate exposure, low value at risk, public key may be unexposed.Keep watching; re-check on schedule.
ReviewWorth a closer look and a plan.Moderate-to-high exposure with meaningful value; exposed public key.Review the wallet, plan a migration approach.
MigratePrioritize action.High exposure or Migration priority, high value, a feasible migration path exists.Begin a concrete migration (e.g. multisig, treasury custody plan).
Vault PrototypeResearch path surfaced — conditional.Long-horizon, high-value, quantum-exposed wallet where experimental migration paths are relevant.Explore the WalletWall Vault research prototype as one option. Not production custody.
Tiers are prioritization bands, not verdicts. A “Migrate” tier means a wallet should be near the top of a migration queue, not that it is unsafe today. The Vault Prototype tier always carries the research-prototype disclosure — it is conditional and research-oriented, never a custody recommendation.
Tiers map onto the underlying migration-readiness paths as follows:
Migration pathRisk tier
monitorMonitor
fresh-wallet, split-walletReview
multisig, treasury-custodyMigrate
vault-prototypeVault Prototype
See Migration Readiness for the full path definitions and recommended actions.

Example interpretation

A wallet holds ~$2.4M, mostly in one asset and a large stablecoin position. It has sent transactions (public key revealed), shows address reuse, and has been dormant for ~8 months. It is a plain EOA with no detected upgrade path.
WalletWall would read this as:
  • Exposure: High — significant value in a classical EOA with a revealed public key.
  • Concentration: Elevated — single-asset plus stablecoin concentration.
  • Dormancy: Cold (180–730 days) — raises readiness risk.
  • Migration friction: High — EOA with no automated rotation path.
  • Recommended path: multisig or treasury-custody.
  • Risk tier: Migrate.
  • Confidence: Moderate-to-high if all feeds are fresh; reduced with a caveat if Dune data is stale.
The report would recommend prioritizing this wallet for migration and distributing signing across a multisig with an upgrade path — while noting that the score reflects long-term planning urgency, not current exploitability.

Limitations

  • Heuristic, not deterministic truth. Scores are estimates derived from observable on-chain signals and weighted heuristics.
  • Data-dependent. Missing transaction history, unknown wallet type, or stale Dune data lowers confidence or yields “Unknown.”
  • Chain scope. WalletWall scores Ethereum/EVM EOAs and contract wallets. Solana and other non-EVM chains are documented as general categories only, not scored.
  • Behavioral signals are observations. They use language like “may indicate” and “resembles,” carry confidence levels, and are never findings of wrongdoing, intent, or legal status.
  • Scheduled data is not live. Dune-sourced facts are scheduled/cached and labeled as such; they can lag the latest on-chain state.

What the score does not mean

  • It does not mean a wallet is currently vulnerable, hacked, or compromised.
  • It does not predict when a quantum computer will break ECDSA, or name a “Q-Day.”
  • It is not a claim that the wallet is “unsafe” or “quantum-vulnerable.”
  • It is not a measure of the owner’s intent, identity, or legal standing.
  • It is not investment advice or a basis for valuing assets.