Summary
- Over 30% of Bitcoin has its public key exposed on-chain, making it potentially susceptible to future quantum computing attacks.
- This exposure can be categorized into two types: structural, due to script designs that inherently reveal keys, and operational, arising from address reuse practices.
- Approximately 40% of operationally exposed Bitcoin is held on exchanges, with varying levels of risk depending on the platform, which can be mitigated through improved wallet management.
According to a recent report from blockchain analytics firm Glassnode, more than 6 million Bitcoin—valued at over $469 billion—are currently vulnerable to theft if advanced quantum computers become operational. This equates to more than one-third of the existing Bitcoin supply.
The study analyzed the Bitcoin blockchain to identify coins that have had their public cryptographic keys exposed. The findings revealed that 6.04 million BTC, or 30.2% of the total supply, face quantum risk, while the remaining 13.99 million BTC do not show any public-key exposure. This estimate is lower than previous projections, which suggested closer to 7 million BTC at risk.
The concern arises from the foundational security architecture of Bitcoin. Each coin is governed by a private key that corresponds to a public key, which is visible on the blockchain under certain conditions. The threat comes from the potential for a sufficiently powerful quantum computer to utilize Shor's algorithm to derive a private key from a known public key.
If this occurs, any coin whose public key has been disclosed on-chain could be targeted without requiring a transaction.
Glassnode classifies the exposed Bitcoin into two main categories. The first, structural exposure, includes 1.92 million BTC, or 9.6% of the total supply, which is vulnerable due to the design of the script formats. This includes early "pay-to-public-key" outputs tied to Bitcoin's pseudonymous creator, Satoshi Nakamoto, as well as legacy multisignature structures and newer Taproot outputs.
Many of these coins may be permanently inaccessible, being associated with lost wallets or dormant holdings that cannot be moved to safer address formats.
The second, and larger, category is operational exposure, which encompasses 4.12 million BTC, or 20.6% of the total supply. These coins became vulnerable not by design but through address reuse, where a wallet receives multiple transactions at the same address, ultimately revealing the public key during a transaction and exposing any remaining balance.
Exchanges play a significant role in this category. Within the operationally exposed Bitcoin, 1.66 million BTC, or 8.3% of the total supply, is related to exchanges, making up around 40% of all operationally exposed Bitcoin. The risk is not evenly distributed across platforms; for instance, Coinbase appears to have a majority of its balances in non-exposed structures (only 5% exposed), while Binance and Bitfinex display much higher levels of exposure at 85% and 100%, respectively.
Glassnode emphasized that its findings should not be interpreted as a risk assessment or solvency indication for individual firms, clarifying that the data reflects custody design choices rather than immediate threats. Sovereign Bitcoin holdings, such as those of the United States, United Kingdom, and El Salvador, showed no quantum exposure.
The report does not predict when or if a quantum computer capable of breaching Bitcoin's encryption will emerge but presents its analysis as a baseline. It suggests that exchanges and custodians could reduce visible exposure through improved address hygiene, reserve management, decreased key reuse, and migration planning.
This report comes at a time when advancements in quantum computing are accelerating globally, and the Bitcoin developer community is considering protocol-level responses, such as the proposed BIP-360, which aims to introduce more quantum-resistant transaction formats. Another proposal seeks to freeze coins that remain unmigrated by a specified deadline.
Estimates for “Q-Day,” the date when a quantum computer powerful enough to compromise the cryptography of blockchains like Bitcoin and Ethereum becomes operational, range from 2030 to 2032 or later. Recently, the United States government announced plans to invest over $2 billion into quantum startups and planned foundries to bolster its position in the industry.