4.12M BTC Exposed to Quantum Risk, Glassnode Finds

On-chain analytics firm Glassnode reports 4.12 million Bitcoin, roughly 30.2% of all issued BTC, are held in addresses the firm classifies as exposed to potential quantum attacks. The firm attributes most of the exposure to address reuse, partial spending and custody practices rather than solely to legacy script designs.

Glassnode separates the exposed supply into structural and operational categories. Structural exposure covers outputs that reveal a public key on-chain by default, including early Pay-to-Public-Key (P2PK) coins, bare multisig outputs and Pay-to-Taproot (P2TR) outputs. Operational exposure arises when address types that hide public keys behind hashes at rest-such as Pay-to-Public-Key-Hash (P2PKH) and Pay-to-Witness-Public-Key-Hash (P2WPKH)—are reused or partially spent, which can reveal the public key for any remaining funds.

The firm counts 1.92 million BTC in older script types as structural exposure and reports the operational pool increases the total to 4.12 million BTC. Glassnode says the operational share is about 2.1 times larger than the structural share and notes the pattern reflects address and key management rather than protocol design alone. “The main insight is that most current at-rest exposure is not simply a legacy script-design problem – it is a key- and address-management problem,” the report states.

Exchanges are the largest identifiable group within the operationally exposed supply, holding about 1.66 million BTC, roughly 40% of the exposed coins. Exposure rates vary across custodians: Coinbase balances are roughly 5% exposed, Binance holdings are near 85% exposed, and Bitfinex balances appear fully exposed. The asset manager WisdomTree appears fully exposed, while Grayscale holds about half its supply in outputs Glassnode flags as exposed. Sovereign wallets in the United States, the United Kingdom and El Salvador show zero exposure in Glassnode’s labeled dataset.

Glassnode documents a trend in custodial behavior: the share of exchange-held BTC considered operationally safe fell from about 55% in 2018 to about 45% today. The firm notes that proposals such as Bitcoin Improvement Proposal 360 (BIP-360) could harden Taproot outputs, while many operational exposures can be reduced now by changing wallet practices.

The report recommends address rotation, avoiding reuse and avoiding partial spends that leave remainder outputs with revealed public keys. The broader concern is that future quantum computers could derive private keys from exposed public keys, allowing an attacker to spend those funds if a key is revealed on-chain. Hash-based address types protect public keys while funds are at rest, but that protection ends when the key is revealed through spending or reuse.