A new Glassnode analysis has brought the quantum computing threat to Bitcoin’s cryptographic security into sharp focus, revealing that 6.04 million BTC—worth approximately $469 billion and representing 30.2% of the total supply—have publicly exposed public keys on-chain. These coins could be vulnerable if a sufficiently advanced quantum computer ever emerges.
The exposed supply is divided into two categories. Structural exposure accounts for 1.92 million BTC, mostly stemming from early Pay-to-Public-Key (P2PK) transactions where the public key was never hidden. Operational exposure, however, is far larger at 4.12 million BTC. This second category is driven almost entirely by address reuse—when the same Bitcoin address is used more than once. Spending even the smallest amount from an address reveals its public key, instantly marking all remaining funds at that address as exposed.
Address reuse has long been discouraged by developers and wallet providers for privacy reasons, but the Glassnode data highlights its alarming security implications. According to the report, exchanges alone hold 1.66 million BTC (8.3% of total supply) in wallets with exposed public keys, accounting for roughly 40% of all operationally unsafe Bitcoin. This concentration suggests systematic reuse of deposit addresses within custodian infrastructure, a practice that magnifies the network’s risk profile.
The broader crypto industry is now doubling down on quantum-proof defenses. As reported by the Financial Times, Google researchers have warned that quantum computers may crack crypto encryption sooner than previously expected, potentially as early as 2030. While current quantum machines are far from capable—needing millions of qubits to break Bitcoin’s elliptic curve cryptography—the pressure to adopt quantum-resistant solutions is rising. Blockchain developers emphasize that AI-driven attacks pose a more immediate danger, but the long-term threat remains real.
Leading cryptographers, including Blockstream CEO Adam Back, have called current quantum progress overstated, yet the Glassnode data serves as a stark measure of existing exposure. The distinction between structural and operational exposure is crucial: structural exposure is permanent, but operational exposure can be mitigated by moving funds to fresh, unused addresses. For exchanges and custodians, adopting regular address rotation and mandating one-time deposit addresses could drastically reduce the risk.
As institutional adoption of Bitcoin grows, the findings may influence custody standards and insurance requirements. Some post-quantum projects, like Abelian, are already positioning for a quantum-resistant future, but the Bitcoin network would require a coordinated soft fork to upgrade its signature scheme. In the near term, the report underscores that cryptographic practices shape network resilience for decades.
