Glassnode puts roughly 4.12 million BTC in operationally exposed supply — addresses where the public key has already hit the chain because the owner spent from them, then reused the address — more than double the 1.92 million BTC tied up in legacy script types like P2PK and bare multisig where the public key sits on-chain by design. Combined, the two buckets cover about 30.2% of all Bitcoin ever issued.
The framing matters. The Shor's-Algorithm break of ECDSA only works once a public key is visible on-chain, so P2PKH and P2WPKH addresses that have never been spent from remain protected by their hash layer. The protection collapses the moment a holder signs a transaction: the public key is permanently embedded, and any funds subsequently sent to that reused address inherit the same exposure as a legacy P2PK output.
Why it matters
Glassnode's central conclusion is that today's quantum exposure is not a legacy-code problem — it is a key- and address-management problem. ECDSA itself remains unbroken in practice, and the hash layer that protects unspent P2PKH and P2WPKH outputs is still considered quantum-resistant under current models. But every address-reuse event, every partial spend, and every custody flow that surfaces a public key on-chain permanently converts that UTXO from protected to exposed. The fix is operational: never reuse addresses, migrate legacy balances into fresh hashed outputs, and treat any address that has ever signed a transaction as compromised-by-default for forward planning.
The structural half is harder. P2PK outputs from Bitcoin's earliest blocks and bare multisig scripts cannot be unilaterally migrated by their owners — many are Satoshi-era coins whose keys are presumed lost. A protocol-level migration, typically discussed as moving vulnerable UTXOs into a new quantum-resistant script type via a soft or hard fork, would be the only way to neutralise that bucket, and it would force one of the largest coordinated consensus changes in Bitcoin's history.
Market impact
For now the figure is a measurement, not a catalyst.
Frequently asked questions
-
How much Bitcoin is currently quantum-exposed according to Glassnode?
Glassnode splits quantum-exposed supply into two buckets: about 1.92 million BTC in structural exposure (legacy scripts like P2PK, bare multisig, and P2TR) and 4.12 million BTC in operational exposure from address reuse and partial spending. Combined, that covers roughly 30.2% of all Bitcoin ever issued.
-
What is the difference between structural and operational quantum exposure?
Structural exposure covers UTXOs where the public key sits on-chain by design — P2PK, bare multisig, and P2TR outputs. Operational exposure covers hashed-address types like P2PKH and P2WPKH that have already had their public keys revealed through spending and subsequent address reuse, which permanently strips the…
-
Why does address reuse make Bitcoin quantum-vulnerable?
Spending from a P2PKH or P2WPKH address requires signing a transaction that includes the public key in the signature. Once that transaction is confirmed, the public key is permanently on-chain. Any future funds sent to that same address are then exposed to Shor's Algorithm in exactly the same way as a legacy P2PK…
-
Does the SHA-256 hash layer still protect unspent Bitcoin addresses from quantum attacks?
Yes. Current models treat the SHA-256 / RIPEMD-160 hash layer as quantum-resistant because Shor's Algorithm can derive a private key from a public key but cannot reverse a hash to discover the hidden public key. That protection is intact for any address that has never broadcast a signature.
-
Can the 1.92 million BTC of structurally exposed coins be migrated off legacy scripts?
Not unilaterally by their owners — many of those UTXOs are Satoshi-era coins whose private keys are presumed lost. A protocol-level migration via soft or hard fork, moving vulnerable outputs into a quantum-resistant script type, would be the only path to neutralise the structural bucket, and it would require one of…
Crypto News