About 30.2 percent of issued bitcoin is held in addresses at risk of quantum exposure, and a larger share of that risk comes from how users and custodians manage addresses rather than from the protocol’s structure.

BeInCrypto reported on Wednesday that on-chain analytics firm Glassnode estimated total quantum-exposed bitcoin at 4.12 million BTC. That is more than twice the 1.92 million BTC it counted as structural exposure stemming from older script types.

Glassnode divided quantum exposure risk into two categories. One is structural exposure, in which the public key is revealed directly on-chain by design. It said this includes early P2PK (Pay-to-Public-Key) coins from the Satoshi era, bare multisig and modern P2TR (Pay-to-Taproot) outputs. The other is operational exposure, which depends on how holders manage addresses and outputs.

Operational exposure can also arise in addresses where the public key is usually hidden behind a hash, such as P2PKH (Pay-to-Public-Key-Hash) and P2WPKH (Pay-to-Witness-Public-Key-Hash). But repeated address reuse or partial withdrawals can weaken protection for the remaining balance. Glassnode said, "Most current exposure of dormant assets is not a simple legacy script design issue, but a problem of key and address management."

The market has singled out exchange wallets in particular as a key area of operational exposure. Exchanges hold about 1.66 million BTC in operationally exposed bitcoin, about 40 percent of that supply. Glassnode said about half of labeled exchange-held bitcoin falls into vulnerable areas, while non-exchange supply is below 30 percent.

Differences among exchanges were also large. Glassnode put Coinbase’s exposure share at 5 percent, while Binance was about 85 percent and Bitfinex was marked at 100 percent.

Other holders also showed differences. WisdomTree was classified as fully exposed, while about half of Grayscale’s holdings were in exposed outputs. By contrast, national wallets of the United States, Britain and El Salvador were counted as having no exposed holdings.

It also found that the safe zone for exchange-held bitcoin has shrunk over time. The operationally safe share of exchange holdings fell to about 45 percent from about 55 percent in 2018. It said accumulated practices such as address reuse and partial withdrawals have increased the likelihood of public key exposure.

It also suggested ways to respond. BIP-360 was cited as a way to strengthen Taproot’s defenses. Glassnode said a substantial share of operationally exposed holdings could be reduced even without changes to consensus rules. It said regularly rotating addresses and avoiding reuse could lower the risk.

The estimate shows that bitcoin’s quantum exposure risk is heavily influenced by custody and operational practices as well as protocol design. It also underscored the importance of operating standards, as address management practices at exchanges and custodians can increase or reduce the scale of risk.