An expert analysis has found that XRP may be less exposed to quantum-computing threats than bitcoin.

On April 10, blockchain media outlet CoinDesk assessed that XRP has greater defensive leeway than bitcoin in terms of the scope of public key exposure and key-rotation functionality.

In general, on blockchains only an address remains on-chain when receiving assets, while a public key is exposed to the network when sending assets. As a result, quantum vulnerability depends more on whether the account has ever actually sent funds than on its balance or holding period.

Vet, an XRPL validator, said about 300,000 XRP accounts hold a total of 2.4 billion XRP without ever having sent a transaction. Because these accounts have only received funds, their public keys are not revealed on the network and they are classified as quantum-safe by default. By contrast, whale accounts that have a transaction history, have had their public keys exposed and then remain dormant for a long period could be vulnerable. Vet said he identified 2 such accounts, holding a total of 21 million XRP. Based on circulating supply, that is about 0.03 percent.

Still, XRPL can change a signing key without moving funds. If the account owner is active, the owner can reduce risk by rotating keys while keeping the existing account. Long-dormant accounts that have lost keys, whose owners have died or that are not managed are unlikely to respond in this way, the analysis said.

A separate point was raised that bitcoin is structurally exposed to quantum risk over a broader range. A significant share of early bitcoin was mined in the P2PK format, in which a public key is directly revealed in the transaction output even without a transfer. Satoshi Nakamoto's 1 million BTC is included in this category. The amount of long-dormant bitcoin that could be quantum-vulnerable was estimated at 2.3 million BTC to as much as 7.8 million BTC. That equals 11 percent to 37 percent of circulating supply.

Bitcoin lacks a key-rotation function like XRPL, leaving moving funds to a new address whose public key has not been revealed as virtually the only method. In that process, the public key of the existing address could be exposed while the transaction remains in the mempool for about 10 minutes. The outlet said that risk remains theoretical, but bitcoin developers have already put forward various proposals to strengthen quantum resistance.