Nearly One‑Third of Bitcoin Supply Is Already Quantum‑Exposed, Glassnode Finds

The exposed portion is split into two main categories: structural exposure and operational exposure.

Structural Exposure: Script Types That Reveal Public Keys

Structural exposure comes from Bitcoin output types that reveal public keys by design, meaning the risk exists even if the owner never reuses an address or spends the coins.

Glassnode‑related analysis highlights several script types responsible for this category:

• P2PK (Pay‑to‑Public‑Key): Early Bitcoin outputs directly embed the public key in the locking script.
• P2MS (Pay‑to‑Multisig): Legacy multisig scripts also reveal the participating public keys.
• Taproot key‑path spends: Taproot outputs are built around a public key structure, meaning the key becomes visible on‑chain.

Together, these structural mechanisms account for about 1.92 million BTC—close to 10% of the supply that remains systemically exposed regardless of user behavior.

Why Satoshi‑Era Coins Matter

A large portion of structurally exposed coins originates from Bitcoin’s earliest years.

Many Satoshi‑era transactions used P2PK outputs, which permanently revealed the public key. Estimates suggest roughly 1.1 million BTC attributed to Satoshi Nakamoto reside in these legacy addresses.

Unless those coins are moved to newer address formats, they remain structurally exposed if future quantum computers become capable of deriving private keys.

Operational Exposure: Wallet Behavior That Reveals Keys

The majority of the 6.04 million BTC figure comes from operational exposure—coins that became vulnerable through normal usage patterns.

Two behaviors drive most of this category:

1. Address reuse

Bitcoin wallets are designed so that a public key becomes visible when a coin is spent. If the same address is reused afterward, any remaining funds now sit behind an already‑revealed public key.

This means repeated address use can leave coins theoretically vulnerable in a post‑quantum world.

2. Exchange custody and wallet management

Large custodial platforms often move funds through operational wallets and hot‑wallet systems, which can repeatedly expose public keys during transaction flows.

Glassnode’s research examines exchange‑related addresses—including those associated with major platforms such as Coinbase, Binance, and Bitfinex—but the publicly available summaries do not provide exact exposed balances for each exchange. As a result, the data cannot reliably rank them by quantum‑exposed holdings.

Why Quantum Computing Matters for Bitcoin

Bitcoin relies on elliptic‑curve cryptography (ECDSA) to secure transaction signatures. A sufficiently advanced quantum computer running algorithms such as Shor’s algorithm could theoretically derive a private key from a known public key.

That scenario would enable an attacker to move funds from any address whose public key has already been revealed.

However, researchers emphasize that no existing quantum computer can perform this attack today. The technology needed to break Bitcoin’s cryptography would require far more stable and scalable quantum hardware than currently exists.

Proposed Solutions: Toward Quantum‑Resistant Bitcoin

Developers are already discussing potential upgrades that could protect the network before such machines appear.

One proposal, BIP‑360, outlines a soft‑fork mechanism to introduce quantum‑resistant Taproot‑compatible outputs, designed to remove reliance on vulnerable elliptic‑curve signatures in certain spending paths.

Other proposals in the ecosystem have suggested measures such as encouraging migration to new address types or restricting vulnerable dormant coins—ideas that remain controversial because they touch on Bitcoin’s governance and property‑rights norms.

The Bottom Line

Glassnode’s analysis shows that Bitcoin’s exposure to quantum attacks is primarily about visibility of public keys, not the number of coins in existence.

• 6.04 million BTC (30.2% of supply) currently have public keys visible on‑chain.
• ~1.92 million BTC (~10%) are structurally exposed due to legacy script types.
• The remainder stems from operational practices like address reuse and custodial wallet activity.

For now, the threat remains theoretical. But the research highlights why developers are already exploring post‑quantum upgrades—long before quantum computers become powerful enough to test Bitcoin’s cryptographic foundations.