30% of All Bitcoin at Risk From Future Quantum Computer Attacks, Study Warns
A new analysis by blockchain data provider Glassnode reveals that approximately 6.04 million Bitcoin, equivalent to around 500 billion US dollars at current market prices, are potentially vulnerable to future quantum computers. This represents 30.2 percent of the total circulating Bitcoin supply. The study, authored by Rafael Schultze-Kraft, Kilian Heeg, and other Glassnode analysts, is the first systematic mapping of where public keys are already visible on the blockchain.
As previously reported, the so-called Q-Day — the moment when quantum computers will be capable of breaking common encryption methods — could arrive as early as 2029, according to Google. The internet giant has set itself a deadline to migrate authentication services to quantum-safe cryptography by that date — sooner than previously anticipated (more on that here).
Why visible public keys pose a risk
Bitcoin coins are controlled by private keys. The associated public key is used by the network to verify transactions. Under current cryptographic assumptions, it is computationally infeasible to derive a private key from a public key. However, this could change: a sufficiently powerful quantum computer could theoretically do exactly that using the so-called Shor algorithm.
The critical question is therefore: is the public key already visible on the blockchain? If so, an attacker equipped with a suitable quantum computer would be able to steal the affected coins without having to wait for the owner to initiate a new transaction.
“Has the public key already been exposed? If so, the coin is at risk. The attacker would not need to wait for the owner to move the coin,” Glassnode states.
Two types of vulnerability
The study distinguishes two fundamental categories of vulnerability, which differ considerably in their cause and resolvability.
Structural vulnerability: at risk by design
Approximately 1.92 million Bitcoin (9.6 percent of supply) are considered structurally vulnerable. For these outputs, the script type exposes the public key by its very construction, regardless of the owner’s behavior. This includes early P2PK outputs from the Satoshi era, older multisig structures, and modern Taproot outputs (P2TR).
Particularly problematic: a portion of these coins is likely to be permanently immovable. Coins from the Satoshi era, considered lost or inactive, cannot be voluntarily migrated to more secure address structures. They remain potentially exposed indefinitely, unless the protocol responds at the network level.
Operational vulnerability: at risk through behavior
At 4.12 million Bitcoin (20.6 percent), the operational vulnerability is more than twice as large as the structural one. This category covers coins that were originally protected by hash structures, but whose public keys have already been exposed through address reuse, partial spending, or certain custody practices.
The core problem is address reuse. Once a public key has been revealed in a transaction, all remaining or future balances at the same address lose their protection.
Crypto exchanges particularly affected
Within the operationally vulnerable coins, 1.66 million Bitcoin (8.3 percent of total supply) are attributable to exchange-held balances. This represents approximately 40 percent of all operationally exposed Bitcoin. Notably, around half of all known exchange-held Bitcoin falls into the vulnerable category, compared to less than 30 percent for non-exchange balances.
The differences between individual actors are significant. The study presents the following picture:
| Entity | Share of exposed balances |
|---|---|
| Coinbase | approx. 5 percent |
| Fidelity | approx. 2 percent |
| CashApp | approx. 2 percent |
| Grayscale | approx. 50 percent |
| Binance | approx. 85 percent |
| Bitfinex | 100 percent |
| Robinhood | 100 percent |
| WisdomTree | 100 percent |
| USA, UK, El Salvador (state reserves) | 0 percent |
Government Bitcoin reserves show virtually no vulnerability. Governments have held more than 99 percent of their holdings in secure structures for years. Crypto exchanges, by contrast, have slipped from around 55 percent secure balances in 2018 to approximately 45 percent today.
What the study means — and what it does not
The Glassnode analysts explicitly emphasize that the study does not constitute an immediate risk assessment or a statement on the solvency of individual custodians. It is positioned as a stocktaking exercise: a map of the public keys already visible today within the Bitcoin network.
“It is a data perspective: a way to quantify where public keys already exist, which portions of this exposure are likely permanent, and which could be reduced through improved wallet and custody practices,” it states.
The study makes no claim about whether or when a practically deployable quantum computer could actually attack Bitcoin addresses. The operational vulnerability is, however, fundamentally addressable: exchanges and custodians could move a significant portion of exposed balances into secure structures through consistent address hygiene, avoidance of key reuse, and active migration management. The structural vulnerability — particularly from the early days of the network — remains an open question for the entire Bitcoin community.
