More than 6 million Bitcoin — roughly 30% of all coins in circulation — are held in wallets with publicly exposed keys, according to new data from Glassnode's public-key visibility framework. The analysis, released this week, puts about $300 billion worth of Bitcoin at heightened operational risk, with exchanges accounting for 1.66 million of those exposed coins. While quantum computers remain years away from posing a real threat, the figures highlight a persistent weakness in how many major platforms manage their wallet architecture.
Exchanges carrying the most exposure
Binance holds 85% of its labeled Bitcoin reserves in addresses with exposed public keys — that's over $34 billion. Bitfinex, Crypto.com, and Gemini are even worse: each has 100% of its labeled Bitcoin balances classified as exposed under Glassnode's framework. Coinbase, by contrast, has public-key exposure on just 5% of its Bitcoin reserves, making it the outlier among large exchanges. The share of exchange-held Bitcoin considered operationally safe has fallen from about 55% in 2018 to roughly 45% today.
ETF issuers and government wallets
Bitcoin ETF issuers show a mixed picture. Fidelity keeps exposure near 2%, while Grayscale sits at about 50% and WisdomTree at 100%. Block's Cash App aligns with best practices, but Robinhood and Revolut show nearly 100% exposure in their labeled wallets. Government wallets — including those of the US, UK, and El Salvador — have maintained zero quantum exposure and safety rates above 99% for years. That suggests the vulnerability is more about internal wallet management than about handling large liquidity pools.
The risk isn't quantum — it's operational
The findings don't signal an imminent cryptographic break. Quantum computers aren't yet powerful enough to crack Bitcoin's encryption. The real danger is simpler: poor address rotation policies. When a wallet's public key is exposed, it becomes a target for both theft and surveillance. For exchanges holding billions in customer funds, a single sloppy key management practice can cascade into a major incident. The data makes clear that many platforms still haven't fixed the basics.
