TLDR:
- 6.04 million BTC, or 30.2% of the issued Bitcoin supply, already has its public key visible on-chain.
- Operational exposure at 4.12M BTC exceeds structural exposure, driven largely by address reuse behavior.
- Exchange-related balances account for 1.66M BTC, nearly 40% of all operationally unsafe Bitcoin supply.
- Coinbase shows only a 5% of the balance is exposed, while Binance and Bitfinex show 85% and 100%, respectively.
Bitcoin’s quantum exposure has become a measurable on-chain reality, with new data revealing the scale of the risk.
According to blockchain analytics firm Glassnode, approximately 6.04 million BTC—30.2% of the issued supply—currently have their public keys visible on-chain.
The remaining 13.99 million BTC, or 69.8%, shows no public-key exposure at rest. This data offers a clearer picture of where Bitcoin’s cryptographic vulnerabilities actually stand today.
Structural and Operational Exposure Drive Bitcoin’s Quantum Risk
Glassnode separates Bitcoin’s quantum-exposed supply into two distinct categories. Structural exposure accounts for 1.92 million BTC, or 9.6% of issued supply. Operational exposure is the larger share, totaling 4.12 million BTC, equivalent to 20.6% of all issued Bitcoin.
Structural exposure comes from output types that reveal public keys by design. These include early Pay-to-Public-Key (P2PK) outputs from the Satoshi era, legacy bare multisig structures, and modern Taproot (P2TR) outputs.
Though different in era and purpose, all share one key property: the public key remains visible on-chain while the coin sits unspent.
Satoshi-era coins present a particular challenge within structural exposure. If those coins are lost or abandoned, they cannot be voluntarily migrated to safer address formats.
As Glassnode notes, Taproot itself is not inherently unsafe — it improves privacy and scripting flexibility. However, its output key remains visible, making it structurally exposed under this specific framework.
Operational exposure, meanwhile, is entirely behavior-driven. Output types such as P2PKH and P2WPKH can protect public keys through hashing.
However, once a key is revealed during a spend, any remaining balance tied to that address enters the exposed category. This is the address-reuse problem in practice.
Exchange Custody Practices Shape the Operational Exposure Landscape
Exchange-related balances make up a notable portion of operationally exposed Bitcoin. Within the 4.12 million BTC operationally unsafe bucket, 1.66 million BTC — roughly 8.3% of total supply — is exchange-related. That figure represents about 40% of all operationally unsafe Bitcoin.
Glassnode further noted that exposure varies widely across individual custodians. Coinbase shows only 5% exposed balance among its labeled holdings. Binance and Bitfinex, however, show 85% and 100% susceptible balances, respectively, under this methodology.
Sovereign treasuries present a different picture entirely. The US, UK, and El Salvador all show 0% quantum exposure among their labeled holdings. Governments have consistently maintained above 99% operationally safe balances over the years.
The data also shows exchanges have drifted from roughly 55% operationally safe in 2018 to around 45% today. Glassnode notes this trend is reversible through standard address-management practices, including avoiding address reuse and rotating change outputs. No immediate risk ranking should be read into these figures.
