Glassnode data shows that 4.12 million Bitcoin held in operationally exposed addresses represent more than double the 1.92 million BTC exposed through structural protocol design, with the two categories combined accounting for 30.2% of all issued Bitcoin. The distinction between the two types of exposure is important. Structural exposure covers outputs where the public key appears on-chain by default, including early Pay-to-Public-Key coins from the Satoshi era, bare multisig, and modern Pay-to-Taproot outputs. Operational exposure is different and more significant: address types like P2PKH and P2WPKH protect public keys behind hashes at rest, but that protection disappears the moment a holder reuses an address or partially spends from it, leaving any remaining balance exposed regardless of the address type used.Glassnode's key conclusion is that the larger quantum vulnerability problem in Bitcoin is not a legacy protocol design issue but a key and address management problem driven by everyday holder behavior. Address reuse, partial spending, and certain custody practices are creating exposure at a scale that dwarfs the structural risks baked into older script types.

The good news embedded in that finding is practical: much of the operational exposure can be reduced without any changes to the Bitcoin protocol itself. Address rotation and avoiding reuse are both available as solutions today, meaning a significant portion of the 4.12 million exposed BTC could be moved into safer outputs through individual and institutional behavior changes rather than waiting for a consensus upgrade like BIP-360 to harden the protocol at the network level.