Binance’s quantum-exposed holdings are equivalent to nearly $41.9 billion.
6 million BTC (30% of the issued supply) have their public key visible, according to Glassnode.
Binance has 85% of its bitcoin (BTC) coins with the public key already visible on the blockchain, while other exchanges such as Bitfinex and Robinhood reach 100%, according to an analysis by the Glassnode platform, which leaves those holdings vulnerable to a theoretical quantum attack.
The Binance platform custody approximately 640,000 BTC, of which about 544,000 BTC (85%) equivalent to nearly USD 41.9 billion are exposed to quantum, as seen in the following Glassnode graph:
Likewise, the report published this May 19 reveals that Bybit custody approximately 55,000 BTC, with 81% exposure according to the report. The vulnerable balance amounts to about 44,500 BTC, equivalent to about USD 3.4 billion.
Coinbase, for its part, with approximately 940,000 BTC in custody (the largest balance among the exchanges on the chart) registers only 5% in exposure. That represents about 47,000 BTC, or about $3.6 billion.
The exposure of those BTC has a relatively straightforward solution: migrate the funds to SegWit addresses, the address format that does not expose the public key while the bitcoin remains at rest. For exchanges with a higher percentage of exposure, this is primarily an operational decision.
Two routes of exposure, according to the Glassnode report
The public key is the data that allows an eventual attacker with a sufficiently powerful quantum computer to try to derive the private key and access the funds, without having to wait for the holder to move the bitcoin. While that key remains invisible on-chain, funds are not exposed under this model. Once visible, yes.
Glassnode distinguishes two ways in which this visibility occurs. In principle, the structural exposure affects address formats that reveal the public key by design, regardless of the behavior of the custodian, such as the Payment to Public Key (P2PK) addresses of the Satoshi era and those established by the Taproot update in 2021.
Operational exposure, on the other hand, results from behavior: when it is partially spent from one address, the key is registered and any balance that remains associated with it is exposed. This is the problem of address reuse. This second category is 2.1 times larger than the first, according to the report, and is what explains most of the differences between the mentioned platforms.
Glassnode advises that operational exposure is reversible through practices such as avoid address reuse and rotate change outputs.
In total, according to Glassnode, 6.04 million BTC (30.2% of the issued supply) have their public key visible on the chain. Of that total, 1.66 million BTC correspond to funds in exchange houses.
Glassnode’s analysis does not detail when ‘Q-day’ would arrive, when a quantum computer could affect digital systems, but that debate remains open in the community. While Google, Cloudflare, Grayscale and the Ethereum Foundation (EF) propose completing post-quantum migrations before 2029, experts and analysts such as Adam Back, Samson Mow and the BNB Chain team maintain that the risk is ten or twenty years away, as reported by CriptoNoticias.