The concern stems from the architecture underlying Bitcoin's security. Each coin is controlled by a private key, matched to a public key visible on the blockchain only under certain conditions. The quantum concern is that a sufficiently capable quantum computer, using an algorithm known as Shor's algorithm, could in principle recover a private key from a known public key.
In that scenario, any coin whose public key has already been revealed on-chain would be immediately targetable—no transaction required.
Many of these coins may be effectively immovable—lost wallets or dormant holdings that cannot be voluntarily migrated to safer address formats.
The larger and more actionable category is what Glassnode calls operational exposure. Operational exposure totals 4.12 million BTC, or 20.6% of the issued supply. These coins were not inherently vulnerable, but became so through address reuse—a practice where a wallet receives multiple transactions at the same address, eventually broadcasting the public key during a spend and leaving any remaining balance exposed.
Exchanges loom large in this category. Within the operationally unsafe bucket, 1.66 million BTC, or 8.3% of the total supply, is exchange-related—representing approximately 40% of all operationally unsafe Bitcoin. The exposure is strikingly uneven across platforms. Among the largest exchanges, Coinbase's labeled balances appear largely concentrated in non-exposed structures, with only 5%exposed, while Binance and Bitfinex show comparatively high susceptible balances—85% and 100%, respectively.
Glassnode was careful to note that its findings should not be read as a risk ranking or solvency signal for any particular firm, stressing that the data reflects custody design choices rather than imminent danger. Sovereign Bitcoin holdings fared considerably better: the United States, United Kingdom, and El Salvador all show zero quantum exposure.
The report stops well short of predicting when—or whether—a quantum computer capable of cracking Bitcoin's encryption will exist. It frames its analysis instead as a baseline, noting that for exchanges and custodians, address hygiene, reserve management, reduced key reuse, and migration planning are the practical levers through which visible exposure can decline.
