Glassnode research reveals 6.04 million Bitcoin (30.2% of circulating supply) faces quantum computing vulnerability under current cryptographic standards. The blockchain analytics firm categorized exposure into two buckets: structural (9.6%) and operational (20.6%), distinguishing between coins whose public keys are permanently visible on-chain versus those exposed through spending patterns or custody practices. At current BTC price of $77,600, the at-risk amount represents approximately $468 billion in theoretical exposure to future quantum threats.
How Bitcoin Became Quantum-Vulnerable
Bitcoin’s vulnerability stems from two distinct pathways. Structural exposure affects 1.92 million BTC locked in outdated script types—primarily Pay-to-Public-Key (P2PK) and Pay-to-Multisig (P2MS) outputs that reveal the sender’s public key by design. These outputs, including coins associated with Satoshi Nakamoto’s early mining activity, broadcast the cryptographic material needed for attack. Operational exposure affects 4.12 million BTC where users or exchanges reused addresses, made partial spends, or engaged in custody practices that leaked public keys while funds remained attached to the same address. The distinction matters: structural exposure is permanent and unfixable; operational exposure could theoretically be remediated through migration to newer address formats.
Exchange Holdings Reveal Concentration Risk
Glassnode’s analysis exposed significant variance in exchange custody practices. Bitfinex holds 100% of its analyzed BTC balance in quantum-vulnerable states, while Binance maintains 85% exposure and Coinbase just 5%. Of 1.66 million BTC held operationally unsafely across exchanges, 40% concentrates in just three platforms. This disparity suggests custody infrastructure maturity varies sharply across the industry. The United States, United Kingdom, and El Salvador registered 0% quantum exposure in the study’s country-level holdings analysis, though methodology for determining geographic custody was not detailed.
The Quantum Timeline Question
The threat remains theoretical. A Cryptographically Relevant Quantum Computer (CRQC) running Shor’s algorithm could theoretically recover private keys from visible public keys, but no timeline exists for such hardware’s practical deployment. Current quantum systems remain years away from cryptanalytic capability. However, the “harvest now, decrypt later” scenario poses risk: adversaries could record public-key data today and exploit it when quantum capability arrives. Bitcoin’s 13.99 million BTC (69.8% of supply) with no public-key exposure remain protected indefinitely under current standards, suggesting network migration pathways exist if quantum threats materialize.
What Happens Next
Glassnode provided no remediation timeline or recommended migration strategy. Bitcoin’s developer community has proposed post-quantum cryptography upgrades, but consensus on implementation remains absent. The structural 9.6% exposure cannot be recovered without protocol changes; operational exposure could theoretically migrate to newer address standards voluntarily. Neither Binance nor Bitfinex have publicly commented on the study or announced quantum-hardening initiatives.
