- Almost one-third of all mined Bitcoin now has publicly visible keys on-chain, which means that exposure can be measured if quantum computers are able to break current cryptography.
- Approximately 6.04 million BTC are in the “exposed” category, and almost 13.99 million BTC are “protected” as their public keys are still hidden.
- Bitcoin’s exposure to quantum is dynamic, and varies significantly based on how large custodians address quantum wallet hygiene before quantum technology becomes mature.
According to a new report from on-chain analytics firm Glassnode, nearly a third of all Bitcoin ever minted is held in wallet structures where the underlying public key is now on display on the blockchain—exactly the condition that would make them vulnerable if a powerful quantum computer ever emerged.
The figure breaks down into two distinct problems with very different remedies.
The 30% Number and What It Actually Means
The first and foremost issue is technical. Each Bitcoin address has a private key that ultimately controls it. The public key is the counterpart of this cryptographic element; it enables the network to validate transactions without the secret key. Given the current assumptions in computing, it would be of no use to know somebody’s public key. It is impossible to practically reconstruct the private key from it.
That changes all that with quantum computing. In theory, Shor’s algorithm can be used to work backwards from a public key to its private key if it is run on a quantum machine with enough processing power. So the crucial question in Glassnode’s analysis is a simple one: has the public key already appeared on-chain? If so, the coin is subject to measurable exposure in this context. If no, it isn’t — at least not yet.
Using the same criteria, the number of BTC that are exposed is now 6.04 million. There are also 13.99 million BTC remaining, which represents almost 70% of the total supply, that have no public key visibility at rest.
Not All Exposure Is Equal
These 6.04M are divided into two categories: structural exposure and operational exposure, and the two will have entirely different means of resolution or, in some cases, no means of resolution at all.
Structural exposure represents 1.92 million BTC or 9.6% of the total issuance. These are coins held in output types where the public key is revealed by design, regardless of how carefully the owner manages their wallet. The oldest layer here is Satoshi-era P2PK outputs, the earliest type of transactions that Bitcoin used, in which the public key is just in the output script. These are coins believed to be minted by Satoshi Nakamoto and early miners. If those coins are lost or permanently inactive, they cannot be migrated to safer address types. Until these issues are solved by Bitcoin’s protocol, they will be exposed forever.
Taproot is the latest wrinkle in this category, which was added to Bitcoin in 2021. Taproot is a major technical advancement that enhanced Bitcoin’s privacy and scripting features and is generally viewed as a positive advancement. But in Glassnode’s model, the Taproot output key is structurally exposed since it appears on-chain by default. A new proposed standard, BIP-360, which adds Pay-to-Merkle-Root outputs, is being developed in part to solve this — but it doesn’t automatically protect existing Taproot balances and is not a complete solution to the post-quantum problem.
Operational exposure represents the bigger part at 4.12 million BTC or 20.6% of supply, more than twice the structural number. Wallet behavior, not script design is the vulnerability. Other output types, such as P2PKH and P2WPKH, still hide the public keys behind cryptographic hashes, but coins remain untouched. The issue is that if an address is used after spending. When signing a transaction, the public key becomes public. If any balance is still linked to that address after that — or if that key is used again in any subsequent transactions — then the public key is now visible forever. The coin enters the category of exposed coins and remains in this category.
Exchanges Are the Largest Identifiable Source
Exchange held balances make up the largest labeled subset in the operational exposure bucket. According to the data from Glassnode, the exchange-related BTC is at 1.66 million coins, which is around 8.3% of total supply, or about 40% of all operationally exposed Bitcoin. More striking is the relative figure: roughly half of all labeled exchange-held BTC falls into the exposed category, compared to under 30% for non-exchange supply.
This breakdown by exchange is highly variable. Coinbase’s labeled balances sit at just 5% exposed, suggesting systematic address management practices. Binance comes in at 85% exposed. Bitfinex shows 100% exposure across its labeled balances under this methodology. Other companies include bitFlyer at 2% and Robinhood and WisdomTree both at 100%. Grayscale is around 50%.
That’s a different situation for holders of the sovereign. It serves as a stark reminder of the differences between the hygiene of the wallet in the U.S. government and commercial exchange facilities, given that the U.K. government and El Salvador have also demonstrated an effective zero quantum exposure on labeled holdings.
The direction of exchanges is visible from the trend line. The percentage of exchanges reporting operating in safe structures is around 55% in 2018. That’s now dropped to approximately 45% by 2026. The direction has been consistent and gradual, driven by the compounding effect of address reuse across years of high transaction volume.
Bitcoin Quantum Exposure Remains a Dynamic Metric
Glassnode is clear that this research is not calculating the likelihood of attack, setting a timeline for the quantum breakthrough, or stating what the security stance of any custodian would be. It puts a map of what the public keys are visible today.
The numbers should also be interpreted with the knowledge of the difference between at-rest and on-spend exposure. This dataset includes only coins which are present in already-exposed outputs. It doesn’t address the distinct issue of public key visibility when broadcasting a transaction, which falls into another class of risk and in another class of mitigation requirements.
The data does enable entity level comparison and trend monitoring. The exposure category is not set in stone – it can be reduced. Exchanges and custodians that adopt stricter address rotation, key changes, and migrate assets to less exposed output types can minimize their measurable exposure without any change at the protocol level. The structural category is more challenging. They are Satoshi-era coins that have no owner to act on their behalf, and there is no mechanism on the network to move these coins.
The 6.04 million figure will be dynamic. Structural exposure gradually increases with each new Taproot adoption. Any address reuse on an active exchange wallet increases operating risk. Whether that number is increasing or decreasing over time hinges largely on the largest custodians in the industry’s approach to address hygiene: as an infrastructure maintenance or as a secondary priority.
Conclusion
The data does not forecast a quantum attack: it represents an attack surface that already exists. Almost one-third of all Bitcoin supply is exposed with its public key visible, and a majority of this exposure has come from easily avoidable wallet practices by active, identifiable institutions. There is no definitive resolution on the structural piece (satoshis and keys that have been put to sleep). The operational piece does. The question is yet to be answered whether exchanges will respond to it before quantum computing makes such an action a must.
Credit: Source link