That works out to 27% of all accounts — roughly 2.13 million wallets. Two factors account for their safety: either the wallets have never signed a transaction, meaning the public key has never been exposed, or the account holders rotated their keys and disabled master keys as an extra security step. The first group covers over 24% of accounts. The second, more deliberate group accounts for 2.65%.
The logic is straightforward. When a wallet signs a transaction, its public key becomes visible on the ledger. A sufficiently advanced quantum computer could theoretically use that public key to work backward and derive the private key. Wallets that have never signed anything don’t have that exposure.
Did a Full History deep dive on all 7.8M XRP Accounts for Quantum Threat exposure targeting dormant accounts.
Genesis XRP accounts, the Satoshi Era equivalent, is 0.02% of all XRP supply that is dormant and exposed.
On the other side of the ledger, 76.82 billion XRP spread across 5.6 million accounts is considered exposed. But Vet noted that 96% of that amount belongs to users who are still active — people who, when the time comes, can move their funds to safer addresses.
The harder problem is dormant accounts. Wallets that have been inactive for five or more years hold 2.94% of the total XRP supply, which amounts to 3.83% of all exposed XRP. At the far end, accounts with no activity since before 2014 represent just 0.02% of total supply.
Nobody knows why dormant wallets were abandoned. Lost keys, forgotten accounts, and personal circumstances all come into play. That uncertainty makes them the most difficult part of the quantum exposure problem.
A 2028 Deadline Already In MotionRipple has laid out a four-phase roadmap aimed at making the network fully quantum-resistant by 2028. Early testing of new systems is already underway, with updates to the main network planned for later phases.
The long-term fix for exposed wallets is expected to involve quantum-resistant encryption that lets users migrate funds to better-protected addresses.
That works for people who still have access. For those who don’t — whether due to lost credentials or other circumstances — the exposure may be permanent.
Featured image from ForkLog, chart from TradingView
