The Real Quantum Risk Isn't the Computer. It's the Complacency.
Quantum computing hasn't broken Bitcoin. No one has cracked elliptic-curve cryptography. But a new Glassnode report published this week reveals that 6.04 million BTC — roughly 30.2% of all issued supply, worth approximately $469 billion — already has its public keys exposed on-chain, sitting in formats that a future quantum-capable machine could theoretically exploit.
That number should concern you. Not because quantum computers are imminent, but because the exposure is largely self-inflicted.
Two Types of Exposure
Glassnode breaks the risk into two categories, and the distinction matters.
Structural Exposure: 1.92 Million BTC (9.6%)
Some Bitcoin script types expose public keys by design. Early pay-to-public-key (P2PK) outputs from Bitcoin's first years, legacy multisig arrangements, and certain Taproot (P2TR) outputs all reveal the cryptographic key that secures the coins. These 1.92 million BTC are structurally vulnerable — the protocol itself made the exposure unavoidable at the time of transaction.
Many of these coins belong to Satoshi-era wallets and early miners. They can't be migrated without the original private keys, and in many cases, those keys are likely lost forever.
Operational Exposure: 4.12 Million BTC (20.6%)
This is the bigger and more concerning category. Over 4 million BTC are exposed not because of how Bitcoin works, but because of how people use it. Address reuse is the primary culprit. When a wallet spends from an address it has previously used, the transaction broadcasts the public key to the entire network.
The fix is simple in theory: use a fresh address for every transaction. In practice, exchanges and custodians have been the worst offenders.
Exchanges Are the Weak Link
Glassnode's data on exchange exposure is striking. Exchanges collectively hold about 1.66 million BTC in operationally exposed bitcoin — roughly 40% of all operational exposure.
But the variation between platforms is enormous. Coinbase shows just 5% exposure. Binance sits at approximately 85%. Bitfinex is marked at 100%.
These numbers reflect differences in custody architecture and address management practices — decisions made years ago that now carry forward as measurable quantum risk.
What's Being Done
The Bitcoin developer community isn't ignoring this. BIP-360 proposes a new output format called Pay-to-Merkle-Root (P2MR), designed to be quantum-resistant from the ground up. The proposal would allow voluntary migration of coins to quantum-safe formats before any actual breakthrough occurs.
Other proposals go further, suggesting deadlines after which unmigrated coins in vulnerable formats would be frozen — a controversial idea that touches on Bitcoin's core property-rights guarantees.
None of these proposals are close to activation. The consensus process is slow by design. But Glassnode's data makes the case that preparation should start now, not when the first cryptographically relevant quantum computer appears.
The Timeline Question
Current quantum computers operate with hundreds of noisy qubits. Breaking Bitcoin's ECDSA signatures would require millions of stable, error-corrected qubits. Most estimates place that capability at least 10-15 years away, though projections have been accelerating.
The point isn't that Bitcoin is in immediate danger. It's that 30% of the supply is already exposed, the migration path is unclear, and the institutions holding the most exposed coins — exchanges — have the least urgency to act.
Bitcoin Gate Take
This report is a wake-up call for custodians, not for the protocol. Bitcoin has time to implement quantum-resistant upgrades, but exchanges sitting at 85-100% exposure need to fix their address hygiene now. The cheapest time to migrate is before there's a reason to panic. If you hold Bitcoin on an exchange, this is one more reason to consider self-custody with proper address management.