Cryptocurrency exchanges are emerging as the clearest pressure point in Bitcoin’s long-running debate over the risk of quantum computing, involving millions of coins with publicly visible cryptographic keys.
Bitcoin’s quantum risk starts with a fundamental feature of transaction authentication: public keys are hidden until the money is spent.
Once a wallet signs a transaction, the public key needed to verify that signature is permanently published on the blockchain. The risk increases when a custodian reuses that address, leaves residual balances in it, or continues to make deposits into wallets that should have been shut down.
That exposure has reached enormous scale with Glassnode noticing that approximately 6.04 million Bitcoin, representing 30.2% of the assets’ circulating supply, are currently held in wallets with visible public keys.
In Glassnode’s framework, public key exposure becomes the key metric for identifying wallets that matter most in a future quantum attack scenario.
The data does not imply an immediate threat, as quantum computers are still years away from the scale needed to break Bitcoin’s encryption.
However, the measurement shows exactly where network vulnerabilities are concentrated if advances in quantum hardware eventually make public key exposure a practical security problem.
According to Glassnode, about half of all Bitcoin held on tagged exchanges is susceptible to the company’s public key visibility framework, compared to less than 30% of off-exchange offerings.
Exposure mainly falls into two different categories, the largest of which is operational risk.
This bucket includes 4.12 million Bitcoin and is directly related to poor portfolio management decisions such as address reuse and partial spends without proper rotation of the change results. Exchanges account for a significant portion of this risk as they hold approximately 1.66 million exposed Bitcoin, equivalent to more than 8% of the total issued supply.
Furthermore, data suggests that custody standards are declining as trading platforms expand their wallet infrastructure, deposit systems and liquidity operations. The proportion of publicly held Bitcoin considered operationally safe has steadily declined from around 55% in 2018 to around 45% today.
That makes Bitcoin wallet security a measurable custody issue rather than a theoretical protocol debate.
Crypto Exchanges vs. Wall Street vs. State Portfolios
A broader look at the data shows that exposure to public keys is vastly uneven across the global financial landscape, with sharp fault lines along the lines of crypto-native platforms, traditional Wall Street institutions and nation states.
The clearest divide is with crypto exchange wallets, where reuse of addresses and existing infrastructure makes large balances more visible on-chain.
Within the crypto sector alone, security standards vary drastically.
Binance, the world’s largest crypto exchange by volume, holds 85% of the tagged Bitcoin balances at addresses where public keys have already been exposed, Glassnode found.
Since users hold more than $40 billion worth of Bitcoin on the platform, according to DeFiLlama data, this methodology places over $34 billion of those assets in the exposed category.
Meanwhile, other major trading platforms show even higher concentrations. Bitfinex, Crypto.com and Gemini have each classified 100% of their tagged Bitcoin balances as exposed.
Coinbase, the largest US-based exchange, is at the other end of the spectrum. The Brian Amrstong-led company has just 5% of its Bitcoin reserves in public key holdings, making it among the strongest large-scale custodians in the report.
Meanwhile, that same gap in custody is starkly evident when comparing crypto exchanges to traditional financial heavyweights and retail-focused platforms.
Bitcoin ETF issuers like Fidelity maintain an exposure level of almost 2%, while rivals like Grayscale and WisdomTree have exposure levels of around 50% and 100% respectively.
Other platforms, like Block’s Cash App, align with industry best practices, while Robinhood and Revolut mark nearly 100% exposure in their labeled wallets.
Government actors, meanwhile, practice the strictest cryptographic hygiene of all. Portfolios associated with the United States, United Kingdom and El Salvador have maintained zero quantum exposure and have boasted safety rates above 99% for years.
The division over these platforms confirms that the vulnerability stems from the internal wallet architecture and address rotation policies, rather than the inherent burden of managing massive liquidity.
A slow Bitcoin upgrade leaves exchanges with the first move
While the timeline for a quantum attack is still hotly debated, Glassnode’s data makes one thing clear: the crypto industry’s most immediate defense lies in basic operational hygiene, not protocol-level revisions.
By dividing exposed supply into structural and operational categories, the data highlights that operational exposure, the biggest vulnerability, can be drastically reduced without waiting for a complex change to Bitcoin’s consensus rules.
This means trading platforms can immediately lower their risk profile by simply moving balances to new addresses, decommissioning used wallets and tightening internal controls around the execution of changes.
This gives custodians a direct path to safeguarding customers’ funds while the broader Bitcoin community debates longer-term cryptographic solutions.
Notably, Bitcoin itself cannot be changed overnight. Thus, any systemic migration to post-quantum signatures would require massive coordination between developers, miners, node operators, wallet providers, and custodians.
Given that changes in consensus are deliberately slow, a broad cryptographic transition will likely unfold over several years.
However, exchanges currently have a much shorter path available to them.
As Bitcoin becomes increasingly embedded in spot ETFs, traditional investment accounts and institutional custody products, the first line of defense against future quantum threats will not come from code upgrades, but from the entities that hold the largest collection of customer coins.
Wallet hygiene is no longer a back-office detail; it is a highly visible test of whether Bitcoin’s security layer is prepared for a threat that, while uncertain in timing, is already measurable on-chain.
Bitcoin quantum computing risk therefore becomes a test of custody before it becomes a protocol-level emergency.