Key Takeaways
Glassnode data shows 6.04 million BTC (30.2% of supply) have visible public keys, creating at-rest quantum attack exposure.
The majority of risk, 4.12 million BTC, comes from operational habits like address reuse, while 1.92 million BTC is structurally exposed by design.
Public Key Exposure by Entity Type
Nearly a third of Bitcoin’s circulating supply, totaling 6.04 million BTC, is potentially exposed to a future quantum computing attack, according to a new data analysis published by on-chain analytics firm Glassnode on May 20.
"By that measure, 6.04M BTC, or 30.2% of the issued supply, is exposed, while the remaining 13.99M BTC, or 69.8%, shows no public-key exposure at rest," Glassnode researchers wrote, defining exposure as any address where the public key is visible on-chain.
The exposure stems from two sources: 1.92 million BTC (9.6% of supply) is "structurally" exposed in older P2PK or modern Taproot outputs that reveal public keys by design. A larger share, 4.12 million BTC (20.6% of supply), is "operationally" exposed due to practices like address reuse, where a public key becomes visible after a transaction.
While the practical threat from quantum computers remains theoretical, the data provides the first clear map of long-term network risk and highlights how operational security by large custodians can significantly reduce exposure. The analysis suggests a meaningful portion of the risk is not permanent and can be mitigated through improved wallet management practices ahead of any future cryptographic threats.
The Glassnode report makes a clear distinction between coins that are vulnerable by design and those that become vulnerable through behavior.
Structural exposure includes very old coins, such as those from the "Satoshi era," which used Pay-to-Public-Key (P2PK) scripts that make the public key visible by default. This category, totaling 1.92 million BTC, may be difficult or impossible to secure if the coins are lost or held by inactive users.
Operational exposure is the larger and more manageable issue, accounting for 4.12 million BTC. This risk arises when users of more modern address types (like P2PKH or SegWit) reuse addresses. While these formats protect public keys initially by hashing them, the key is revealed on-chain once a transaction is made. Any remaining funds at that address, or future funds sent to it, become exposed.
The analysis reveals significant differences in quantum exposure among major crypto entities. Exchange-related balances account for 1.66 million BTC of the operationally exposed supply.
Among the largest custodians, Coinbase appears to have the strongest operational security, with only 5% of its labeled balances exposed. In contrast, balances attributed to Binance and Bitfinex show 85% and 100% exposure under this methodology, respectively. Other entities like Grayscale's Bitcoin Trust (GBTC) sit at approximately 50% exposure, while sovereign holders like the US and UK governments have 0% exposure.
These disparities show that a large portion of the network's quantum risk is concentrated in the wallet management practices of a few large entities. "A meaningful share of measurable exposure sits with active entities that can reduce it through present-day operational choices," the report states.
While the quantum threat is a distant concern for many, some market observers argue investors face more immediate risks. Speaking separately, Morgan Creek Capital founder Mark Yusko recently noted that excessive leverage in traditional markets and AI-related equity speculation pose a more present danger than long-term cryptographic vulnerabilities.
This article is for informational purposes only and does not constitute investment advice.
