New analysis from Glassnode quantifies the scale of Bitcoin’s quantum computing vulnerability, identifying 4.12 million BTC at risk from operational factors such as address reuse and partial spending, and an additional 1.92 million BTC exposed through structural characteristics of older script types. Combined, the two categories cover 30.2 percent of all issued Bitcoin, but the data reveals that user behavior, not legacy code, represents the dominant source of present-day quantum risk to the network.

Structural Versus Operational Exposure

Glassnode’s analysis distinguishes between two fundamentally different categories of quantum vulnerability. Structural exposure covers Bitcoin outputs where the public key appears on-chain by design, embedded in the protocol itself rather than resulting from user decisions. The primary sources include Pay-to-Public-Key outputs, the script type used in Bitcoin’s earliest blocks where the public key is directly embedded in the UTXO without a hash protection layer. Also contributing to structural exposure are bare multisig outputs and Pay-to-Taproot outputs, which expose the public key at rest as part of their design. Glassnode estimates this structural category at 1.92 million BTC.

Operational exposure is a separate and significantly larger problem. Address types such as Pay-to-Public-Key-Hash and Pay-to-Witness-Public-Key-Hash do not expose public keys by default; they protect them behind cryptographic hash functions including SHA-256 and RIPEMD-160 that are considered quantum-resistant under current computational models. However, these protections are neutralized when users reuse addresses or create partial spending transactions, both of which reveal the public key on-chain and eliminate the hash layer’s defensive value. Glassnode’s data shows 4.12 million BTC falls into this operational exposure category, more than double the structural risk.

Why User Behavior Creates More Risk Than Legacy Architecture

The finding that operational exposure exceeds structural exposure by a factor of more than two carries significant implications for how the Bitcoin community approaches quantum preparedness. A quantum computer capable of running Shor’s Algorithm could derive a private key from a known public key in polynomial time by exploiting the mathematical structure of the elliptic curve digital signature algorithm used in Bitcoin. However, it cannot reverse a cryptographic hash to discover the public key in the first place. The hash layer in modern address types is a genuine protection, but one that is bypassed the moment a transaction reveals the underlying public key.

Address reuse is the most common vector. When a user receives Bitcoin at an address and then spends from that address, the spending transaction broadcasts the public key to the network. If the address is subsequently reused to receive additional funds, those new UTXOs sit behind a now-exposed public key. Partial spending compounds the problem: when a transaction spends some but not all UTXOs at an address, the remaining balance is vulnerable because the public key has already been disclosed through the spent output.

Implications for Bitcoin Security and Industry Response

The Glassnode data arrives as the broader crypto industry increases attention to quantum computing timelines. Project Eleven’s ongoing quantum security audit of the XRP Ledger and recent academic research into post-quantum cryptographic signatures for blockchain applications reflect a sector-wide recognition that quantum preparedness is moving from theoretical discussion to practical planning. Bitcoin Improvement Proposals addressing quantum resistance have been discussed in developer forums, though none have advanced to the activation stage.

For custodians and institutional holders, the data provides a framework for assessing exposure. Wallets that follow best practices of single-use addresses and complete UTXO spending have zero operational quantum exposure under Glassnode’s methodology. The 4.12 million BTC at operational risk is concentrated in older wallets, exchange hot wallets with frequent address reuse patterns, and holdings managed by less technically sophisticated users who may not be aware of the implications of their transaction behavior.

Risks and Counterarguments

Quantum computing capable of threatening Bitcoin’s cryptography remains a theoretical prospect rather than an imminent threat. Current quantum hardware, including the most advanced systems from IBM and Google, operates at scales far below what would be required to run Shor’s Algorithm against Bitcoin’s 256-bit elliptic curve keys. Most estimates place the timeline for cryptographically relevant quantum computers at 10 to 20 years, though some researchers argue that breakthroughs in error correction could accelerate this timeline unpredictably.

Critics of quantum vulnerability analyses note that the Bitcoin network has a significant built-in defense: the community could implement a soft fork requiring migration to post-quantum address types well before any quantum computer reaches the necessary capability. The challenge is coordinating such a migration across millions of holders, many of whom hold Bitcoin in addresses that have not been active for years. The 1.92 million BTC in structural exposure includes coins in some of the oldest and most dormant addresses on the network, including outputs associated with Bitcoin’s earliest mining activity that may be permanently inaccessible.

About XT Exchange

Founded in 2018, XT Exchange is a leading global digital asset trading platform, serving over 12 million registered users across more than 200 countries and regions, with an ecosystem reach exceeding 40 million. XT Exchange supports 1,300+ tokens and 1,300+ trading pairs, offering a wide range of trading options, including spot, margin, and futures, alongside a secure RWA (Real World Assets) marketplace. Guided by the vision “Xplore Crypto, Trade with Trust,” the platform strives to provide a secure, trusted, and intuitive trading experience.

Join the XT Exchange Community: X (Twitter) | Telegram | Facebook | LinkedIn | Medium | YouTube

Disclaimer: XT Exchange reserves the right, at its sole discretion, to modify, amend, or cancel this announcement at any time for any reason without prior notice.