Petr Dvořák founded Wultra in Prague in 2014 to sell banks protection against a threat that, twelve years later, still does not exist. The company now serves more than 70 financial clients across 25 countries, and just raised a €6.8 million Series A to keep going. The threat it guards against is a quantum computer powerful enough to break the cryptography underneath modern banking authentication, a machine that has not been built and may not be for years. Wultra’s wager, placed long before anyone was paying, was that the banks would need the defence ready before the attack arrived.

The round was led by Seventure Partners, the French fund, and joined by Marc Norlain and Guillaume Despagne, the founders of the identity company ARIADNEXT, who were Wultra customers before they were investors. Returning backers J&T Ventures, which wrote the first cheque in 2022, and Elevator Ventures, the venture arm of Raiffeisen Bank International, also took part. A syndicate of bankers and identity specialists funding an authentication company is less a coincidence than a tell: the buyers are turning into the backers.

Selling a cure before the disease arrives

The product is post-quantum authentication, and the idea is simpler than the name. The cryptography that protects logins and payment approvals today relies on mathematical problems that ordinary computers cannot solve in any useful time. A large enough quantum computer could solve some of them quickly, which would quietly break the locks on a great deal of the financial system. The US National Institute of Standards and Technology has published a set of quantum-resistant algorithms designed to survive that, and Wultra’s pitch is that it has already built those algorithms into a working authentication stack that banks can deploy now, rather than a promise of readiness later.

Around that core, the company has spread outward into the rest of what banks call the digital-identity journey. What began as authentication, proving a returning user is who they claim, now covers onboarding and identity proofing, authorising individual transactions, and electronic signatures, delivered through a mobile-first app, an SDK, and a hardware token it calls Talisman. The selling point banks actually respond to is mundane: it replaces the SMS one-time password, the cheap, phishing-prone method that regulators across several markets are now trying to kill, with something passwordless and harder to intercept. Dvořák frames the past year as a widening of scope, the company growing its team by nearly half, opening a hub in Singapore, and pushing past 70 clients. The quantum threat is the headline. The day-to-day sale is getting rid of the text-message code.

Regulation turned a hunch into a deadline

For most of Wultra’s life, the obvious objection wrote itself. Why would a bank pay today to defend against a computer that might arrive in 2030, or 2035, or never on any schedule a chief information officer cares about? The honest answer used to be that most would not. What changed is not the physics but the rulebook. NIST has finalised its post-quantum standards, governments and industry bodies have started setting migration timelines, and the European Union’s eIDAS 2.0 framework, with the Digital Identity Wallet it mandates, is pulling quantum-resistant identity from the realm of prudent foresight into the realm of compliance. Wultra says its platform is built to support that wallet ecosystem and the incoming PSD3 and PSR payment rules. When the regulator sets a date, the speculative purchase becomes a budget line.

That is the shift the €6.8 million is funding, and it is a real one, though it is worth keeping the scale honest. The cryptographically relevant quantum computer remains years out by most credible estimates, the migration deadlines are measured in the back half of the decade, and large banks move slowly even when the law tells them to hurry. Wultra is not alone in the space, and a market created by regulation can also be reshaped by it. None of that undoes the core point. A company that spent a decade building the unglamorous thing nobody had a deadline for is now selling into a market where everyone suddenly does.

The receipts, in the end, are what make the bet legible. A 2014 founding date, a defence against a machine that still does not exist, more than 70 banks in 25 countries already paying for it, a returning first investor, and a regulator finally setting the clock. Wultra placed its order before the deadline existed. The deadline arrived anyway.