6.04 million Bitcoin exposed to quantum risk, says Glassnode

Roughly 6.04 million BTC, about 30.2% of Bitcoin’s total issued supply, sits exposed to potential quantum computing attacks because the public keys tied to those coins are already visible on the blockchain. That’s the finding from on-chain analytics firm Glassnode, which also noted that the remaining 13.99 million BTC, or 69.8%, has no public-key exposure at rest.

In English: if quantum computers ever get powerful enough to crack Bitcoin’s cryptography, almost a third of all Bitcoin in existence would be the low-hanging fruit.

Why public-key visibility matters

Bitcoin’s security model relies on a one-way mathematical relationship between private keys and public keys. Your private key generates your public key, and your public key generates your address. The trick is that going backward, from public key to private key, is computationally impossible for today’s machines.

Quantum computers threaten to change that equation. Using an algorithm known as Shor’s algorithm, a sufficiently powerful quantum computer could theoretically reverse-engineer a private key from a known public key. The operative word is “known.” If your public key has never appeared on-chain, a quantum attacker has nothing to work with. If it has, you’re in the exposed category.

This is the core distinction Glassnode’s analysis draws. The 13.99 million BTC sitting behind addresses whose public keys have never been broadcast are, for now, structurally shielded. The 6.04 million BTC with visible public keys are not.

Structural vs. operational exposure

Glassnode breaks that 6.04 million figure into two buckets, and the split is revealing.

The first is what you might call structural exposure: 1.92 million BTC, or 9.6% of issued supply. These are coins sitting in older address formats, like pay-to-public-key (P2PK) addresses, where the public key is inherently part of the address itself. Many of these date back to Bitcoin’s earliest days, when the network’s address standards didn’t account for a threat that was purely theoretical at the time. Some of these coins likely belong to lost wallets, early miners, and possibly Satoshi Nakamoto’s own holdings. They can’t be moved to safer formats without the owner’s private key, and in many cases, nobody’s coming back for them.

The second, larger bucket is operational exposure: 4.12 million BTC, accounting for 20.6% of issued supply. This is the more actionable category. These are coins whose public keys have been revealed through normal Bitcoin usage, specifically through spending transactions. Every time you send Bitcoin from an address, your public key gets broadcast to the network as part of the transaction signature. If you then reuse that address, or if funds remain in it after the spend, those leftover coins sit behind an exposed public key.

Within that operational exposure, 1.63 million BTC is tied to exchange-related balances. That’s notable because exchanges routinely reuse addresses and process high volumes of transactions, meaning their public keys are almost certainly visible on-chain. It also means exchange practices around address hygiene and key rotation could meaningfully reduce the quantum-exposed surface area, if exchanges choose to prioritize it.

How real is the quantum threat today

Here’s the thing. No quantum computer in existence today can break Bitcoin’s elliptic curve cryptography. The most advanced quantum machines have a few thousand qubits. Estimates for the number needed to crack Bitcoin’s 256-bit encryption in any reasonable timeframe range into the millions of stable, error-corrected qubits. We are not there yet, and the timeline for getting there is a matter of genuine scientific debate.

But “not yet” is doing a lot of heavy lifting in that sentence. Quantum computing research is progressing across multiple fronts, with major investments from governments, tech giants, and defense agencies worldwide. The concern isn’t that someone will crack Bitcoin tomorrow. It’s that cryptographic transitions take years, and the coins that are already exposed can’t be un-exposed retroactively.

Think of it like a slow-moving flood warning. The water isn’t at your door yet, but if you live in the floodplain and your belongings are on the ground floor, maybe start moving them upstairs while you still can.

What this means for investors

For individual holders, the practical takeaway is straightforward: don’t reuse addresses, and move funds to modern address types like pay-to-witness-public-key-hash (P2WPKH) or pay-to-taproot (P2TR) where the public key isn’t exposed until you spend. If you’ve never sent a transaction from your storage address, your public key hasn’t been revealed, and you’re in the protected 69.8%.

For institutional players and exchanges, the calculus is more complex. The 1.63 million BTC in exchange-related balances with exposed public keys represents a concentrated risk surface. Exchanges that implement better key rotation policies and avoid address reuse could shrink this number significantly. Whether they will is another question entirely, since operational convenience often wins over theoretical security improvements.

The broader Bitcoin ecosystem faces a longer-term strategic question. Bitcoin’s core developers have been discussing post-quantum cryptographic upgrades for years, and several proposals exist for adding quantum-resistant signature schemes to the protocol. But implementing such changes requires consensus across the network, and Bitcoin’s governance model moves deliberately. Any hard fork or soft fork to introduce quantum-resistant signatures would need overwhelming community support.

The 6.04 million BTC figure also raises an uncomfortable inheritance problem. Coins in old P2PK addresses, many of which are presumed lost, can’t be migrated by anyone other than their owners. If quantum computers eventually reach the necessary capability, those coins could theoretically be seized by whoever gets there first. That scenario, where ancient dormant Bitcoin suddenly starts moving, would be one of the most disruptive events in the network’s history.

Glassnode’s data doesn’t predict when or if quantum computers will pose a real threat. What it does is quantify exactly how much Bitcoin is in the blast radius if they do.

Disclosure: This article was edited by Editorial Team. For more information on how we create and review content, see our Editorial Policy.