6.97 Million BTC at Quantum Risk
The QSHA256 Vulnerability Agent continuously scans the Bitcoin blockchain, tracking every transaction output where a public key has been exposed on-chain. When a quantum computer capable of running Shor's algorithm arrives, any Bitcoin address with a visible public key becomes vulnerable to key extraction, and the funds can be stolen.
Our agent has identified 6,972,889 BTC (6.97M) currently at risk across 7 distinct address types as of block #940,816. This represents the total quantum-vulnerable exposure on the Bitcoin network.
| Type | At-Risk BTC | Risk | Vulnerability |
|---|---|---|---|
| P2WPKH | 1,822,178 BTC | HIGH | Public key revealed in witness when address spent from — vulnerable if reused |
| P2PK | 1,716,863 BTC | CRITICAL | Public key directly in scriptPubKey — always exposed on-chain |
| P2SH | 1,323,514 BTC | HIGH | Public keys revealed when redeem script exposed on spend — vulnerable if script reused |
| P2PKH | 1,198,140 BTC | HIGH | Public key revealed when address spent from — vulnerable if address reused and funds remain |
| P2WSH | 713,028 BTC | HIGH | Public keys revealed when witness script exposed on spend — vulnerable if script reused |
| P2TR | 199,109 BTC | CRITICAL | Address directly encodes 32-byte x-only public key — trivially reconstructed from address |
| P2MS | 57 BTC | CRITICAL | All M-of-N public keys directly in scriptPubKey — always exposed on-chain |
| TOTAL | 6,972,889 BTC |
Inherently Vulnerable (CRITICAL) — P2PK, P2TR, and P2MS addresses expose their public keys directly in the transaction output or address encoding. Every single coin held in these address types is permanently at risk, regardless of whether the address has ever been spent from. A quantum attacker could derive the private key directly from the public key.
Conditionally Vulnerable (HIGH) — P2PKH, P2WPKH, P2SH, and P2WSH addresses are protected by a hash layer — until the owner spends from them. The moment a transaction is broadcast, the public key is revealed in the input script or witness data. If the address is reused and still holds funds, those funds become quantum-vulnerable.
P2WPKH (SegWit) carries the largest exposure because it is the most widely used modern address format, and address reuse remains common. P2PK is the second-largest because early Bitcoin transactions (including Satoshi-era coins) used this format exclusively, locking millions of BTC with bare public keys that have been visible on-chain since day one.
Data sourced from the QSHA256 Vulnerability Agent, which scans every block and mempool transaction in real-time. Methodology: for every UTXO, check if the public key is visible on-chain AND the address still holds BTC. Baseline established via full blockchain analysis. Dashboard available at /quantum-agent.