Nearly $500 Billion in Bitcoin Supply Faces Quantum Attack Risk
Blockchain analytics firm Glassnode has identified roughly $500 billion in Bitcoin (BTC) supply as potentially vulnerable to future quantum computing attacks, with cryptocurrency exchanges named as a critical weak point. The analysis, published May 21, maps specific address types across Bitcoin’s entire circulating supply.
Glassnode found that coins held in older address formats expose their public keys on-chain, giving a sufficiently advanced quantum computer a potential path to derive private keys and drain funds.
What the Glassnode Analysis Found
Glassnode’s report centers on address-type exposure across the Bitcoin network. The most vulnerable category is Pay-to-Public-Key, or P2PK, addresses.
In P2PK addresses, the public key is embedded directly in the transaction output. That design predates modern Bitcoin address standards and means the public key is visible to anyone scanning the blockchain.
A second category of concern involves Pay-to-Public-Key-Hash, or P2PKH, addresses that have already sent at least one outbound transaction.
Once a P2PKH address spends funds, its public key becomes visible in the transaction signature. Glassnode’s data shows the combined exposure across both categories approaches the $500 billion figure.
Exchanges represent the highest-risk concentration point.
Many exchanges operate consolidated wallets that reuse addresses and process outbound transactions frequently. Each spend event reveals the public key of that address, widening the attack surface.
Glassnode did not name specific exchanges in the analysis.
Bitcoin Quantum Computing Risk in Context
The bitcoin quantum computing risk conversation has circulated in cryptography research for over a decade. The concern is not that quantum computers capable of breaking Bitcoin’s elliptic curve cryptography exist today.
No publicly known machine comes close to the computational scale required. The threat is forward-looking: researchers warn that sufficiently powerful quantum processors, potentially arriving within 10 to 20 years on current development trajectories, could Render (RNDR) existing Bitcoin address security obsolete.
Bitcoin uses the Elliptic Curve Digital Signature Algorithm, or ECDSA, to secure private keys.
ECDSA relies on mathematical problems that classical computers cannot solve in any reasonable timeframe. Quantum computers running Shor’s algorithm could, in theory, reverse-engineer a private key from a public key.
Coins in addresses where the public key has never been exposed on-chain are considered safe under this threat model.
Also Read: Eightco Holdings Discloses $337 Million Crypto Portfolio Led by Worldcoin and Ethereum
What This Means for Holders and Exchanges
The Glassnode findings do not signal an imminent attack. They do create a clear priority list for the Bitcoin ecosystem.
Coin holders using legacy P2PK addresses or addresses that have previously sent transactions face the highest theoretical exposure. Migrating funds to newer address formats, specifically Segregated Witness or Taproot addresses where the public key is not exposed until spending, reduces quantum risk substantially.
For exchanges, the implication is more complex.
Operational wallet management practices vary widely across custodians. Address reuse and frequent outbound transactions are common under high-volume settlement workflows.
Updating those practices requires infrastructure investment and coordination with compliance functions.
The Bitcoin developer community has discussed quantum-resistant signature schemes as a longer-term protocol upgrade path. No Bitcoin Improvement Proposal addressing quantum resistance has reached the activation stage as of May 2026.
Read Next: Republicans Push Back on Trump DOJ’s $1.8B Anti-Weaponization Fund
