Recent analyses have highlighted the potential risks quantum computing poses to the Bitcoin (BTC) ecosystem. A significant study has drawn attention to vulnerabilities not associated with current cryptographic weaknesses but rather with the implications of quantum computers becoming advanced enough to exploit certain algorithms.

The research indicates that approximately 6.04 million Bitcoin, which represents about 30.2% of the total issued supply, is at risk due to its exposure when assessed under an “at-rest” model. This framework examines whether public-key information is accessible on-chain. The remaining 13.99 million BTC, or 69.8% of the supply, shows no public-key exposure under this model.

Understanding Exposure Types

The study categorizes the exposure risks into two main groups: structural exposure and operational exposure. Structural exposure refers to outputs whose script types inherently disclose the public key. In contrast, operational exposure involves coins that were initially secure but have become exposed through address reuse, partial spending, or other custody behaviors that reveal the public key while still tethered to the original address or script.

To break it down further:

• Structural Exposure: Accounts for 1.92 million BTC, or 9.6% of the total issued supply.
• Operational Exposure: Larger in scale, totaling 4.12 million BTC, which is 20.6%. Notably, exchange balances contribute a significant portion of this exposure.

The risk analysis hinges on the hypothetical scenario in which a sufficiently advanced “Cryptographically Relevant Quantum Computer” (CRQC) utilizes Shor’s algorithm. This algorithm could theoretically allow an attacker who knows a public key to determine the matching private key.

Key Insights on Exposure Risks

According to the study, structural exposure is particularly concerning because the nature of certain output types automatically makes public-key information available, regardless of how securely the owner manages their addresses.

Examples of vulnerable output types include:

• Early P2PK outputs, linked to coins from the Satoshi era.
• Legacy multisignature structures like P2MS.
• Modern Taproot (P2TR) outputs.

Even though these outputs were designed in different eras for various purposes, they share a critical flaw: the public key or its equivalent is inherently visible on-chain, making them targets while unspent.

On the other hand, operational exposure presents a layered challenge. In these situations, vulnerability arises not from design flaws but from prior public key disclosures during transactions. This situation is often due to what is termed an “address reuse problem.”

Operationally Unsafe Bitcoin

The study categorizes 4.12 million Bitcoin, equating to 20.6% of issued supply, as operationally insecure. Within this category, substantial attention is given to cryptocurrency exchanges.

For exchange-related balances, estimates suggest that 1.66 million BTC, or 8.3% of total supply, falls into the operationally unsafe category, representing approximately 40% of all operationally unsafe BTC.

The research also analyzed the exposure levels across various exchanges. For example, Coinbase appears to have a low level of exposure, with only 5% of its balances revealed. In contrast, exchanges like Binance and Bitfinex exhibited much higher levels of vulnerability, with exposure rates of 85% and 100%, respectively.

Furthermore, in regions such as the United States, the United Kingdom, and El Salvador, the study indicated a 0% rate of quantum exposure concerning their Bitcoin holdings.

Understanding these vulnerabilities is crucial for Bitcoin holders and traders. As quantum technology advances, awareness of and preparations for potential risks become imperative in preserving the integrity of digital assets.