Coinbase quantum report flags exchange cold wallets among millions of bitcoin exposed by address reuse

Coinbase's quantum advisory board says roughly 7 million bitcoin sit in addresses exposed to a future quantum attack, and that much of that exposure is not lost Satoshi-era coins but active funds, including cold wallets operated by known exchanges. The estimate appears in a report published Thursday by the company's Independent Advisory Board on Quantum Computing and Blockchain.

The board splits the exposure into two buckets. About 1.7 million bitcoin sit across roughly 20,000 legacy pay-to-public-key (P2PK) addresses, where the public key itself is the address and is fully visible onchain, leaving those coins directly vulnerable to a future attack. Many are assumed to belong to bitcoin's pseudonymous creator or to owners who lost their keys long ago.

The second and larger bucket is the one tied to address reuse. Citing the quantum-security firm Project Eleven, the report puts about 5 million bitcoin at risk because their public keys have already been revealed, and says most of those coins are assumed to belong to active users rather than lost wallets, with large amounts sitting in cold wallets of known exchanges or showing recent activity. The report does not name specific crypto exchanges.