Latest analysis has introduced consideration to an rising Bitcoin safety query: which cash are at the moment uncovered to quantum threat at relaxation? The related threshold is whether or not the general public key wanted to spend a coin is already seen on-chain. By that measure, 6.04M BTC, or 30.2% of issued provide, is uncovered, whereas the remaining 13.99M BTC, or 69.8%, reveals no public-key publicity at relaxation. These numbers are broadly according to not too long ago printed work [1].
We separate this publicity into two classes. The primary is structural publicity: outputs whose script sort reveals the general public key by design. The second is operational publicity: cash that will have been protected initially, however the place handle reuse, partial spending, or custody behaviour has already made the general public key seen whereas BTC stays tied to it.
Structural publicity accounts for 1.92M BTC, equal to 9.6% of issued provide. The bigger share comes from operational publicity, which totals 4.12M BTC, or 20.6%. Inside this bucket, exchange-related balances alone signify 1.63M BTC, or 8.1% of all issued BTC, underscoring the position of pockets hygiene and custody practices in lowering public-key publicity.
This evaluation doesn’t take a place on whether or not, or when, sensible quantum assaults towards Bitcoin will change into doable, nor ought to or not it’s learn as a press release on the safety or solvency of any particular person custodian. It’s a information lens: a approach to quantify the place public-key publicity already exists, which parts of that publicity are doubtless persistent, and which can be diminished by means of improved pockets and custody administration.
Public-Key Publicity, in Easy Phrases
Bitcoin cash are managed by non-public keys. Public keys are the corresponding verification objects that permit the community to verify {that a} legitimate signature was produced by the holder of the non-public key. Below present cryptographic assumptions, a public key could be safely identified as a result of deriving the non-public key from it’s computationally infeasible.
The quantum concern is {that a} sufficiently succesful Cryptographically Related Quantum Laptop (CRQC), utilizing Shor’s algorithm, may in precept recuperate a non-public key from a identified public key. In that framework, the related on-chain query turns into easy:
Has the general public key already been revealed?
If the general public secret is already seen, the coin is uncovered. The attacker wouldn’t want to attend for the proprietor to maneuver the coin; the general public secret is already obtainable. If the general public key just isn’t seen on-chain, the coin just isn’t at the moment uncovered beneath this particular at-rest mannequin.
ℹ️
At-Relaxation vs On-Spend Publicity: This text focuses on at-rest publicity: BTC at the moment held in outputs the place the related public secret is already identified. That is distinct from an on-spend state of affairs, the place the general public key turns into seen solely when a transaction is broadcast or confirmed. On-spend publicity is a timing and settlement drawback; at-rest publicity is a measurable inventory of provide. “Protected” on this article due to this fact means “not at the moment uncovered at relaxation,” not post-quantum-proof beneath each doable future assault mannequin.
The uncovered provide separates into two classes: structural publicity (1.92M, 9.6%) and operational publicity (4.12M, 20.6%).
Structural Publicity: Susceptible by Design
The primary supply of at-rest publicity is structural. In these circumstances, the output sort itself reveals the general public key, no matter whether or not the proprietor follows good handle administration practices.
This contains early P2PK outputs (Satoshi and different early Satoshi-Period cash), legacy naked multisig constructions equivalent to P2MS, in addition to trendy Taproot (P2TR) outputs. These script sorts differ considerably in period and goal, however they share the identical property on this framework: the general public key, or a public-key equal, is by default seen on-chain. From a quantum perspective, the coin is due to this fact targetable whereas it stays unspent.
We at the moment classify 1.92M BTC, or 9.6% of issued provide, as structurally unsafe. This bucket separates into three analytically distinct components:
The Satoshi and Satoshi-era cohorts are probably the most persistent type of structural publicity. If these cash are misplaced, deserted, or managed by inactive holders (incl. Satoshi themselves), they can not voluntarily migrate to safer handle constructions. In that case, they might stay uncovered indefinitely until the community finally adopts a broader and certain contentious protocol-level response.
Taproot is the essential trendy nuance. Taproot just isn’t inherently “unsafe” in a normal Bitcoin design sense. It improves privateness, effectivity, and scripting flexibility. Nonetheless, on this particular public-key publicity framework, P2TR outputs are structurally uncovered as a result of the Taproot output secret is seen on-chain. BIP-360’s proposed Pay-to-Merkle-Root (P2MR) output is finest understood as a mitigation for this long-exposure challenge: it goals to supply Taproot-like script-tree performance whereas eradicating the quantum-vulnerable key-path spend. It isn’t a whole post-quantum repair, and it doesn’t routinely migrate present Taproot outputs.[2]
The structural perception is due to this fact not simply that 1.92M BTC is uncovered by design. It’s that a part of this publicity could also be successfully motionless, whereas one other half may very well be diminished if pockets infrastructure, handle requirements, and person behaviour evolve.
Operational Publicity: Susceptible by Conduct
The second supply of at-rest publicity is operational. These outputs should not essentially weak by design. As an alternative, they change into uncovered as a result of the general public key has already been revealed whereas BTC stays related to the identical handle, key, or script construction.
That is the address-reuse drawback. Output sorts equivalent to P2PKH, P2SH, P2WPKH, and P2WSH can conceal public keys behind hashes whereas cash are at relaxation. Nonetheless, as soon as a public secret is revealed in a spend, any remaining or future stability related to the identical key loses that safety. The coin then enters the at-rest publicity set as a result of the general public secret is already identified.[1]
Operational publicity is the bigger bucket within the Glassnode information. We classify 4.12M BTC, or 20.6% of issued provide, as operationally unsafe. That is 2.1x the structurally unsafe stability. The primary perception is that almost all present at-rest publicity just isn’t merely a legacy script-design drawback – it’s a key- and address-management drawback.
Exchanges are crucial labeled subset. Inside the operationally unsafe bucket, 1.66M BTC, or 8.3% of whole provide, is exchange-related. This represents roughly 40% of all operationally unsafe BTC. It additionally seems excessive in relative phrases: roughly half of labeled exchange-held BTC falls into the prone bucket, in contrast with lower than 30% of non-exchange provide.
Entity-level information reveals that this publicity just isn’t evenly distributed. Some custodians seem to keep up comparatively decrease publicity beneath this system, whereas others maintain a a lot bigger share of labeled balances in outputs the place public keys are already identified.
As an illustration, among the many largest exchanges, Coinbase labeled balances seem largely concentrated in non-exposed constructions (solely 5% uncovered stability), whereas Binance and Bitfinex present a relatively excessive prone stability beneath this system – 85% and 100%, respectively.
Past exchanges, publicity amongst different identified entities is equally heterogenous. Constancy and CashApp sit close to 2%, Grayscale at ~50%, whereas Robinhood and WisdomTree are 100% uncovered.
Sovereign treasuries, then again, present largely no public-key publicity: US, UK in addition to El Salvador have 0% quantum publicity.
⚠️
IMPORTANT: Not one of the information introduced right here must be learn as a right away threat rating, a solvency sign, or a press release in regards to the safety of any particular person change or custodian. It merely reveals that custody design leaves an observable on-chain footprint.
Zooming out, these entity-level variations are persistent. Governments have held above 99% operationally secure for years, whereas exchanges, which face way more advanced pockets administration, have drifted downward from ~55% in 2018 to ~45% immediately. This development is straightforwardly reversible by means of normal address-management practices (avoiding reuse, rotating change outputs).
What the Knowledge Permits Us to Monitor
Bitcoin’s quantum publicity separates into classes with totally different implications.
The structurally unsafe bucket incorporates a legacy element that could be troublesome (or inconceivable) emigrate, in addition to a contemporary element that might change into extra addressable by means of requirements equivalent to P2MR. The operationally unsafe bucket is bigger and displays how cash are managed in apply. Inside that bucket, exchanges signify a big, labeled, and probably migratable subset.
The operational perception is due to this fact clear: quantum readiness just isn’t solely a protocol-level query. A significant share of measurable publicity sits with lively entities that may scale back it by means of present-day operational selections. For exchanges and custodians, handle hygiene, reserve administration, diminished key reuse, and migration planning should not theoretical future considerations – they’re the sensible levers by means of which the seen publicity can decline.
Till then, this evaluation must be learn narrowly. It isn’t a forecast of quantum timelines, an estimate of exploit chance, or a declare that uncovered cash face instant threat. It’s a baseline map of the place Bitcoin public keys are already seen immediately, and the place the chance to scale back that publicity is most measurable.
Sources
[1] Google Quantum AI, “Securing Elliptic Curve Cryptocurrencies Against Quantum Attacks”, March 2026.
[2] Bitcoin Enchancment Proposals, “BIP-360: Pay-to-Merkle-Root (P2MR)”, December 2024
Disclaimer: This report is for informational and academic functions solely. The evaluation represents a restricted case examine with important constraints and shouldn’t be interpreted as funding recommendation or definitive buying and selling indicators. Previous efficiency patterns don’t assure future outcomes. All the time conduct thorough due diligence and contemplate a number of elements earlier than making funding selections.
