Glassnode has published a report estimating that 30.2% of Bitcoin's circulating supply — roughly 6.04 million BTC — carries on-chain public-key exposure, making it theoretically vulnerable to a future quantum computer running Shor's algorithm. The analysis breaks down the risk into structural and operational categories, and reveals that some of the largest exchanges hold vastly different levels of exposure.
Two types of exposure
The report splits the 30.2% figure into two buckets. Structural exposure — coins whose script types reveal public keys by design, such as P2PK, P2MS, and Taproot — accounts for 1.92 million BTC, or 9.6% of total supply. Operational exposure, caused by address reuse, partial spending, or custody practices that make public keys visible, covers another 4.12 million BTC (20.6%). Combined, that's 30.2% of supply. The remaining 69.8% — about 13.99 million BTC — shows no public-key exposure at rest.
Exchange exposure varies wildly
Within the operational category, exchange-related balances total 1.63 million BTC, or 8.1% of all supply. But how those coins are held differs sharply across platforms. Coinbase has only 5% of its Bitcoin exposed. Binance sits at 85%. Bitfinex hits 100%. The numbers suggest that custodial practices — whether an exchange reuses addresses or spends from them — determine most of the risk, not the underlying protocol.
Governments in the clear
Not everyone is sweating this. Glassnode's data shows that the United States, the United Kingdom, and El Salvador all have 0% quantum exposure in their known Bitcoin holdings. That likely means those governments keep their coins in addresses that have never revealed a public key — for example, unused addresses or those using advanced script types that hide key material.
The quantum timeline
A Cryptographically Relevant Quantum Computer (CRQC) that can run Shor's algorithm doesn't exist yet. But the report frames the current exposure as a preemptive warning: the coins are safe until someone builds one, and then they're not. With 69.8% of supply already in a safe state, the industry has time — but the clock is ticking. The unresolved question isn't whether the vulnerability is real, but how many years it'll take for the hardware to catch up to the theory.
