Cryptocurrency exchanges have emerged as the most obvious pressure point in Bitcoin’s long-running debate over the risks of quantum computing, with millions of coins with publicly available cryptographic keys.
Bitcoin’s quantum risk begins with the fundamental characteristics of its transaction validation. This means that the public key is hidden until the funds are exhausted.
When a wallet signs a transaction, the public key needed to verify that signature is permanently published on the blockchain. The risk is further exacerbated if the custodian reuses the address, leaves a residual balance in the address, or continues to direct funds to wallets that should be retired.
The outflow has reached a massive scale, with Glassnode pointing out that around 6.04 million Bitcoins, representing 30.2% of the asset’s circulating supply, are currently stored in wallets with public keys exposed.
In Glassnode’s framework, public key exposure becomes a central metric for identifying which wallets will be most important in future quantum attack scenarios.
This data does not represent an immediate threat, as quantum computers are still years away from reaching the scale needed to break Bitcoin’s encryption.
However, if advances in quantum hardware eventually make public key disclosure a real security concern, this metric will reveal exactly where network vulnerabilities are concentrated.
According to Glassnode, around half of all Bitcoin held by labeled exchanges is susceptible under the company’s public key visibility framework, while less than 30% of the Bitcoin supply outside exchanges.
Specifically, exposures fall into two different categories, the largest being operational risk.
This bucket covers 4.12 million Bitcoins and is directly tied to poor wallet management decisions, such as reusing addresses and partial spending without proper rotation of change output. Exchanges account for a significant portion of this risk, with approximately 1.66 million publicly traded Bitcoins representing more than 8% of the total outstanding supply.
Furthermore, the data suggests that custody standards are declining as trading platforms expand their wallet infrastructure, deposit systems, and liquidity operations. The percentage of Bitcoin held by exchanges that is considered operationally safe has steadily declined from about 55% in 2018 to about 45% today.
As such, Bitcoin wallet security becomes a measurable storage issue rather than a theoretical protocol discussion.
Cryptocurrency exchange vs. Wall Street vs. sovereign wallet
A broader look at the data reveals that public key exposure is highly uneven across the global financial landscape, and is sharply divided along the lines of crypto-native platforms, traditional Wall Street institutions, and nation-states.
The most obvious gap appears in cryptocurrency exchange wallets, where address reuse and legacy infrastructure allow large balances to remain more visible on-chain.
Even within the cryptocurrency sector alone, security standards vary widely.
Binance, the world’s largest cryptocurrency exchange by trading volume, stores 85% of its labeled Bitcoin balances in addresses where public keys are already publicly available, a Glassnode investigation found.
According to DeFiLlama data, users hold more than $40 billion in Bitcoin on the platform, and this methodology would place more than $34 billion of these assets into the exact exposed category.
Meanwhile, other major trading venues show even higher concentrations. Bitfinex, Crypto.com, and Gemini each have 100% of their labeled Bitcoin balances classified as exposed.
Coinbase, the largest US-based exchange, is at the other end of the spectrum. The company, led by Brian Amleston, has released the public keys for just 5% of its Bitcoin reserves and was named in the report as one of the most powerful large-scale custodians.
On the other hand, the same custody disparity is evident when comparing crypto exchanges to traditional financial giants and retail-focused platforms.
Bitcoin ETF issuers like Fidelity maintain exposure levels near 2%, while rivals like Grayscale and WisdomTree have exposure levels of around 50% and 100%, respectively.
While other platforms such as Block’s Cash App follow industry best practices, Robinhood and Revolut have nearly 100% exposure in labeled wallets.
Government officials, on the other hand, have the strictest crypto hygiene controls. Wallets tied to the US, UK, and El Salvador maintain zero quantum exposure and have a safety rate of over 99% for several years.
The split between these platforms confirms that this vulnerability stems from internal wallet architecture and address rotation policies, rather than from the inherent burden of managing large amounts of liquidity.
Bitcoin upgrades are slow, leaving exchanges ahead of the curve
While the timeline for quantum-enabled attacks remains hotly debated, Glassnode’s data makes one thing clear. That said, the cryptocurrency industry’s most immediate defense lies in basic operational hygiene, not protocol-level overhauls.
This data highlights that by separating exposed supply into structural and operational categories, the biggest vulnerability, operational exposure, can be significantly reduced without complex changes to Bitcoin’s consensus rules.
This means trading platforms can instantly lower their risk profile by simply moving balances to new addresses, decommissioning used wallets, and tightening internal controls over change output.
This gives custodians a direct means to protect customer funds while the broader Bitcoin community debates long-term crypto solutions.
In particular, Bitcoin itself cannot be rebalanced overnight. Therefore, a systematic transition to post-quantum signatures will require massive coordination across developers, miners, node operators, wallet providers, and custodians.
Given that consensus changes are intentionally slow, a widespread crypto transition is likely to unfold over several years.
However, the path currently available to exchanges is much shorter.
As Bitcoin becomes increasingly integrated into spot ETFs, traditional brokerage accounts, and institutional custodial products, the first line of defense against future quantum threats will come from the entity holding the largest pool of customer coins, rather than code upgrades.
Wallet hygiene is no longer a back-office detail. This is a highly visible test of whether Bitcoin’s custodial layer is ready for threats that are already measurable on-chain, although the timing is uncertain.
Bitcoin quantum computing risks are therefore becoming a control test before becoming a protocol-level emergency.
(Tag translation) Bitcoin
