Glassnode Estimates 6.04 Million BTC May Be Exposed to Future Quantum Risk
Blockchain analytics firm Glassnode estimates that approximately 6.04 million Bitcoin (BTC) in circulation could be vulnerable to a future quantum computing breakthrough, based on how those coins are currently secured on-chain. The firm shared the assessment in a recent post on X, outlining which segments of the supply are most at risk and why.
What “Quantum Risk” Means for Bitcoin
Bitcoin relies on elliptic curve cryptography (ECDSA) and, more recently, Schnorr signatures (used by Taproot) to secure funds. In theory, sufficiently powerful quantum computers running Shor’s algorithm could derive private keys from publicly exposed keys, enabling unauthorized spending.
Not all BTC is equally exposed. Many Bitcoin addresses hide public keys until spending occurs, but several script types or usage patterns place public keys on-chain today. According to Glassnode, coins are considered “quantum exposed” when their public keys are already visible, including:
- Taproot (P2TR) outputs: Taproot places a public key in the output itself, making these UTXOs visible to a potential future quantum attacker.
- Early pay-to-public-key (P2PK) outputs: Common in Bitcoin’s early years, these scripts embed the public key directly in the locking script.
- Bare multisig (P2MS): Multisignature scripts that list public keys on-chain without a hashing layer.
- Address reuse with public-key exposure: If a user spends from an address that reveals a public key and later receives funds to that same address, subsequent funds to that address are also exposed.
Scope and Composition of the Exposed Supply
Glassnode’s estimate suggests that roughly 6.04 million BTC—around a third of circulating supply—is currently in categories where public keys are visible on-chain. This pool spans multiple eras of the network, from early P2PK-era coins to more recent Taproot outputs and address-reuse patterns seen with some operational wallets.
The figure provides a high-level view of potential exposure rather than evidence of imminent danger. Actual risk depends on whether and when a large-scale, fault-tolerant quantum computer capable of breaking Bitcoin’s signature schemes is developed—a capability that does not exist today.
Context and Mitigation Outlook
Security researchers broadly agree that practical quantum attacks against Bitcoin’s cryptography are not feasible with current technology. Nonetheless, the distribution of quantum-exposed coins highlights the importance of key and address hygiene, and informs long-term protocol discussions around quantum-resistant signature schemes.
Developers and researchers have discussed migration paths—such as soft-fork upgrades to post-quantum cryptography—should credible quantum capabilities emerge. For now, Glassnode’s analysis frames the scale and makeup of potentially exposed BTC, offering a baseline for monitoring how network usage patterns evolve over time.