Recent analysis by Glassnode has revealed significant vulnerabilities within the Bitcoin ecosystem, particularly regarding exposure to quantum computing threats. The firm’s data indicates that approximately 4.12 million Bitcoin (BTC) are held in addresses exposed to quantum risks, an alarming figure that more than doubles the 1.92 million BTC at risk due to Bitcoin’s older script types.
Glassnode categorizes the Bitcoin supply at risk into two distinct categories: structural risk and operational risk. Structural risk arises from the underlying protocol design, specifically the exposure of public keys. This category includes early Pay-to-Public-Key (P2PK) coins from the original Satoshi era, basic multisig wallets, and modern Pay-to-Taproot (P2TR) outputs.
On the other hand, operational risk pertains to how Bitcoin holders manage their addresses and spending practices. For instance, address types such as Pay-to-Public-Key-Hash (P2PKH) and Pay-to-Witness-Public-Key-Hash (P2WPKH) initially protect public keys by hashing them. However, if a user reuses an address or makes a partial spend, the remaining balance loses that protective layer, making it vulnerable.
Notably, Glassnode estimates that these two exposure types together account for 30.2% of all issued Bitcoin. Crucially, the operational exposure aspect is identified as significantly larger, being 2.1 times that of structural exposure. “The main insight is that most current at-rest exposure is not simply a legacy script-design problem – it is a key- and address-management problem,” the firm noted in its report.
In terms of on-chain behavior, the data highlights that exchanges constitute the largest identifiable subset of operationally exposed BTC, holding around 1.66 million BTC — roughly 40% of the total exposed pool. Interestingly, the relative exposure of exchange-held BTC is high, with about half falling into the susceptible category, compared to less than 30% for non-exchange-held Bitcoin.
The level of exposure varies considerably among different custodians. For instance, while Coinbase has only 5% of its balances exposed, platforms like Binance and Bitfinex show much higher exposure rates at approximately 85% and a total of 100%, respectively. Other Bitcoin-holding entities also display varying levels of exposure: WisdomTree appears to be fully exposed, while Grayscale has about half of its supply at risk. In contrast, sovereign wallets in the US, UK, and El Salvador seem free of any exposure.
The evaluation of exchange-held BTC shows a worrying trend; what was once about 55% operationally safe in 2018 has diminished to around 45% today. To address these vulnerabilities, Bitcoin Improvement Proposal 360 (BIP-360) has been proposed to enhance the security of Taproot, but much of the operational risk can also be mitigated through better habits such as address rotation and the avoidance of address reuse — actions that don’t require protocol changes.
As the landscape of Bitcoin continues to evolve, awareness and proactive management of these risks have become essential for holders looking to safeguard their assets against potential quantum threats.
