Hi joviansummer,
thanks for the substantive input and also thanks for STEEM Security — I wasn't aware of the bot, it actually solves part of what I had planned in the concept as "real-time notifications for sensitive transactions". Will definitely take a look at it and link it in the project.
You're completely right about SHA-256 and DPoS — hashing holds up well against quantum attacks (Grover halves it to effectively 128 bit at best, still beyond any foreseeable hardware), and Steem doesn't have a mining race that could be attacked thanks to DPoS. The actual weak spot really is ECDSA on the account keys — and even that more as a long-term risk than an immediate threat.

Honestly, the quantum angle is more of a hook for me. What interests me conceptually much more: which additional security layers can actually be implemented at the application level, without waiting for a hardfork? Time-locked recovery, Shamir-based recovery across multiple trustees, multi-factor for large transfers. Your bot already covers an important building block of that — detection and fast response capability. Power-down delay combined with real-time notification is actually a pretty strong combination.

_{Published with Welako}