Author
Ahmed Barakat
Author
Share
Bitcoin News: New Glassnode data puts 4.12 million BTC at quantum risk from behavioral factors alone, address reuse, partial spending, and custody practices, more than double the 1.92 million BTC exposed by Bitcoin’s older script architecture.
Combined, the two categories cover 30.2% of all issued Bitcoin, but the more urgent finding is this: the dominant source of today’s Bitcoin quantum risk is not legacy code. It is how holders manage their keys.
Discover: The best crypto to diversify your portfolio with
Bitcoin News: Two Categories of Exposure. Why Structural and Operational Risk Are Not the Same Thing
Glassnode splits quantum-exposed supply into two distinct buckets, and conflating them produces exactly the kind of vague, unhelpful headline that obscures where the real risk is concentrated.
Structural exposure covers outputs where the public key appears on-chain by design, baked into the protocol itself, not the result of user behavior.
The primary offenders are Pay-to-Public-Key (P2PK) outputs, the script type used in Bitcoin’s earliest blocks, where the public key is embedded directly in the UTXO with no hash layer at all.
Also included: bare multisig outputs and, more recently, Pay-to-Taproot (P2TR) outputs, which expose the public key at rest as part of their design. Glassnode estimates structural exposure at 1.92 million BTC.
Operational exposure is a different problem. Address types like Pay-to-Public-Key-Hash (P2PKH) and Pay-to-Witness-Public-Key-Hash (P2WPKH) do not expose public keys by default; they hide them behind cryptographic hash functions (SHA-256 and RIPEMD-160) that are considered quantum-resistant under current models.
A quantum computer running Shor’s Algorithm can derive a private key from a known public key in polynomial time using ECDSA’s elliptic curve structure. But it cannot reverse a hash to discover the public key in the first place. The hash layer is a genuine protection, until it isn’t.
The protection breaks the moment a holder spends from a P2PKH or P2WPKH address. Spending requires broadcasting a transaction that includes the public key in the signature, and once that transaction is confirmed on the blockchain, the public key is permanently on-chain.
If that address then receives additional funds, address reuse, those funds are now exposed in exactly the same way as a P2PK output. The hash layer protected the coins until the address was spent from. After that, it protects nothing for any remaining or subsequent balance.
Glassnode puts operationally exposed supply at 4.12 million BTC, 2.1 times the structural figure. The firm’s conclusion is direct: “The main insight is that most current at-rest exposure is not simply a legacy script-design problem, it is a key- and address-management problem.”
Discover: The best pre-launch token sales
Trending News
RecommendedPopular Crypto TopicsPrice Predictions
