1. Why the Quantum Exposure Question Has Become Urgent
The crypto industry spent the first two weeks of April 2026 processing the implications of two distinct quantum computing developments. Google's Quantum AI team published research suggesting that a future quantum computer could derive a bitcoin private key from its public key in approximately nine minutes — a finding that compressed the credible threat timeline and triggered significant market commentary about blockchain security. Separately, academic papers documented that a quantum 51% attack on bitcoin's mining process would require stellar-level energy, effectively ruling out that vector as a near-term concern.
The surviving quantum threat is focused and specific: Shor's algorithm applied to elliptic curve cryptography can, in theory, derive a private key from a public key once the public key has been exposed on-chain. The critical word is "exposed." Public keys are only revealed to the network when an account sends a transaction — at the moment the transaction is broadcast, the signing key is visible in the mempool for approximately ten minutes before confirmation. Wallets that have only received funds, never sending, have public keys that no one has ever seen and that a quantum computer cannot exploit because there is nothing to work from. This simple distinction — whether a wallet's public key has ever been revealed — determines its quantum vulnerability across every blockchain, including XRP.
2. The Audit: Two Accounts Out of Tens of Thousands
XRPL validator Vet, a longstanding contributor to the XRP Ledger network with access to its full historical transaction data, conducted a quantum vulnerability audit of the entire ledger and published results on social network X in early April. The findings were striking in their specificity. Approximately 300,000 XRP accounts holding a combined 2.4 billion XRP have never sent any funds — they have only ever received. Their public keys have never appeared on-chain. Those accounts are quantum-safe by default and will remain so until their owners initiate their first transaction.
On the opposite end of the vulnerability spectrum, Vet identified just two accounts on the entire XRP Ledger that are dormant — inactive for more than five years — and have their public keys permanently exposed from prior transactions. Together, those two accounts hold approximately 21 million XRP. At current prices, that represents roughly $28 million in potentially vulnerable assets — a non-trivial absolute amount, but one that represents approximately 0.03% of XRP's total circulating supply of approximately 61 billion tokens.
The contrast with bitcoin's quantum exposure is stark. Estimates of bitcoin's quantum-vulnerable supply range from 11% to 37% of circulating supply, depending on the methodology used to identify exposed wallets. The most commonly cited figure — roughly 35% of bitcoin in wallets with permanently exposed public keys — includes the approximately 1.7 million BTC in early pay-to-public-key (P2PK) format addresses used by Satoshi and early miners, where the public key is directly encoded in the output and is permanently visible to any future attacker, as well as an estimated 6.9 million BTC in wallets where the public key has been exposed through prior transaction activity.
3. Why Bitcoin Has Higher Exposure: Structural Architecture
The difference in quantum exposure between XRP and bitcoin is not primarily a function of user behavior — it reflects the fundamental architectural differences between the two networks and the different eras in which their dominant address formats were established.
Bitcoin's original pay-to-public-key format, used in the genesis block and early mining era, encodes the full public key directly in the transaction output. This means that every coin in those early outputs has had its public key permanently visible since the transaction was first recorded, with no action by the holder required to create or remove the exposure. The approximately 1.1 million BTC attributed to Satoshi Nakamoto's early mining wallets fall primarily into this category — they have been quantum-vulnerable since the moment they were created.
Later bitcoin address formats improved on this. Pay-to-public-key-hash (P2PKH) addresses, which have been standard since bitcoin's early years, do not expose the public key until a spending transaction is broadcast. Taproot (P2TR) addresses, activated in 2021, expose the key when spending as well. The result is a bitcoin network where three distinct exposure categories exist: permanently exposed early P2PK outputs, outputs exposed at the moment of a prior spending transaction, and outputs in wallets that have never spent — which are quantum-safe. The permanently exposed category alone, at roughly 1.1 million to 1.7 million BTC, is many orders of magnitude larger than XRP's total vulnerable supply of 21 million tokens.
4. The Bitcoin-Specific Problem: No Native Key Rotation
The structural disadvantage that creates the starkest contrast between bitcoin and XRP in the quantum context is not just the scale of current exposure — it is the difficulty of remediation. On bitcoin, the only way to move funds from a quantum-vulnerable address to a quantum-safe one is to broadcast a spending transaction. That transaction will expose the public key of the source address for approximately ten minutes while it sits in the mempool awaiting confirmation. If a sufficiently powerful quantum computer exists at the moment that transaction is broadcast, the attacker has a ten-minute window to derive the private key and front-run the legitimate owner's attempt to move funds to safety.
Bitcoin's architecture provides no alternative mechanism. There is no native key rotation feature — no way to update the cryptographic keys associated with an account without moving the funds. This creates a specific and concerning dynamic for the migration period: the very act of attempting to secure vulnerable bitcoin may itself create the window of vulnerability that a quantum attacker needs. For the approximately 1.1 million BTC in Satoshi's P2PK wallets — which are already permanently exposed — the exposure has been present since the beginning and moving the funds would simply add the mempool vulnerability on top of the existing permanent exposure.
Bitcoin developers have been actively working on proposals to address this: BIP 360 would introduce quantum-resistant address formats, SPHINCS+ signatures are being evaluated, and commit/reveal schemes are being developed to reduce the mempool exposure window. But these are proposals in development that have not been activated on the network, and their activation requires the consensus of miners, node operators, and developers across bitcoin's decentralized governance system.
5. XRP's Key Rotation Feature: Changing Keys Without Moving Funds
The XRP Ledger's account-based model includes a native feature that directly addresses the remigration vulnerability that bitcoin faces: signing key rotation. On XRPL, an account's signing key — the private key used to authorize transactions from that account — can be changed without initiating a transfer of funds. The account itself persists, the balance remains unchanged, and only the cryptographic authority is updated.
This feature has a direct application to quantum resistance. An XRP holder who wants to protect their account against a future quantum threat can rotate their signing key to a post-quantum cryptographic algorithm — once XRPL adopts such algorithms — without ever broadcasting a regular spending transaction. The public key that has already been exposed from prior transactions cannot be un-exposed, but a new signing key that uses a quantum-resistant algorithm can be installed, meaning the exposed prior key becomes irrelevant for future security because it is no longer the authorized signing key.
XRPL validator Vet acknowledged the limitation of this approach: "You can rotate keys that sign on behalf of an account without switching the account. This is obviously not a perfect solution at all and actual quantum resistant algorithms will eventually be adopted." The key rotation feature is a partial mitigation — it helps for active accounts that can use it but does not protect dormant accounts where holders are not present to perform the rotation. Those dormant accounts, which hold the 21 million XRP that represent 0.03% of supply, are the vulnerable residual.
6. The Escrow Time-Lock: Logic-Based Protection
Ripple staff software engineer Mayukha Vadari highlighted a second XRPL security feature that provides a different category of quantum protection: the escrow mechanism with time locks. Funds locked in XRPL escrow with a time lock are protected not through cryptography but through protocol logic — a time lock simply prevents withdrawal until a specified future date, regardless of the cryptographic credentials presented.
This distinction matters because the quantum threat specifically targets cryptography. Shor's algorithm can derive a private key from a public key, but it cannot override a protocol rule that prevents fund withdrawal until a specific block height or timestamp has passed. For funds in time-locked escrow, even a quantum computer with unlimited capability to break elliptic curve cryptography cannot access the funds until the time lock expires — because the restriction is not cryptographic but logical.
The escrow feature is not a complete quantum defense — it only protects funds while they are in escrow and is not a permanent storage solution for ordinary holdings. But it illustrates the way that XRPL's richer protocol feature set provides additional defensive options that bitcoin's simpler UTXO-based architecture does not natively offer.
7. The Dormant Whale Caveat
The two dormant accounts that Vet identified as holding exposed public keys — together holding 21 million XRP — represent the clearest concrete vulnerability on the XRP Ledger as of April 2026. The exposure exists because the accounts transacted at some point more than five years ago, revealing their public keys, and have been inactive since. If the owners are not monitoring their accounts and do not perform key rotation before a quantum computer with sufficient capability arrives, those accounts would be vulnerable.
Vet noted the specific nature of this vulnerability: it arises when people are not present to use the available protective features — either because they have lost their keys, passed away, or simply are not paying attention to quantum computing developments. The XRPL has the technical capability to address the quantum threat for these accounts — key rotation would update the signing authority and render the exposed prior keys irrelevant — but the feature cannot be used without the cooperation of the account holders.
This is a meaningful but bounded risk. 21 million XRP at roughly $1.34 per XRP represents approximately $28 million in potentially vulnerable assets — a figure that, while not trivial, is a rounding error against XRP's total market capitalization of approximately $82 billion and its 61 billion token circulating supply.
8. Post-Quantum Algorithm Development on XRPL
The comparison between XRP and bitcoin's quantum readiness is not static. Both networks' developer communities are actively working on post-quantum cryptographic algorithm adoption, and the XRPL's key rotation feature creates a more technically accessible path to deploying new algorithms when they are ready.
Early versions of ML-DSA (also known as CRYSTALS-Dilithium), the post-quantum digital signature standard published by NIST, are already being tested on XRPL testnets. Dilithium is a lattice-based cryptographic algorithm designed to be computationally infeasible for both classical and quantum computers to break, providing long-term security against the quantum threat that elliptic curve cryptography cannot offer. Once Dilithium or a comparable post-quantum algorithm is deployed on XRPL mainnet, account holders will be able to use the key rotation feature to update their signing keys to the new quantum-resistant algorithm — without moving funds or creating a mempool exposure window.
For bitcoin, the equivalent upgrade requires protocol-level changes that must be adopted through the decentralized consensus process. Proposals like BIP 360 are pursuing this path but face the governance challenges inherent in a network where no single authority can mandate protocol changes and where broad coordination among miners, node operators, and developers is required.
9. What This Means for the Broader Quantum Security Conversation
The XRP-bitcoin quantum comparison is a useful case study in how network architecture decisions made years before quantum computing was a practical concern now determine the relative security posture of different blockchains against a threat that is still theoretical but has a credible timeline. XRPL's account-based model with key rotation was not designed with quantum resistance in mind — it was designed for user experience and institutional use case flexibility. The quantum-safety benefits are a side effect of architectural choices that also serve other purposes.
The broader lesson is that quantum security readiness across blockchain networks is highly heterogeneous and depends on specific architectural features that differ substantially between networks. Bitcoin's UTXO model has significant advantages in other dimensions — privacy, security against certain attack vectors, simplicity of design — but creates specific quantum exposure challenges around key revelation and the impossibility of key rotation without fund movement. XRPL's account model creates different tradeoffs that happen to be more favorable for quantum mitigation.
The most important quantitative takeaway is the supply exposure differential: 0.03% of XRP supply quantum-vulnerable versus 11% to 37% of bitcoin supply. That difference is large enough to be analytically significant in assessing the relative risk each network's holders face from a quantum breakthrough, even while acknowledging that the threat remains theoretical and that both networks are actively working on long-term quantum-resistant solutions.
10. The Caveat That Matters
Any analysis of comparative quantum risk across blockchains must be anchored by the same caveat that applies to all quantum threat assessments: no quantum computer currently capable of exploiting elliptic curve cryptography exists. Google's research established a lower bound on the qubit requirements than prior estimates, compressing the credible threat timeline toward 2029 under the most optimistic hardware projections. But even under that timeline, several years remain for both networks to develop and deploy quantum-resistant solutions.
The value of the XRPL audit and the comparative analysis is not to suggest that XRP holders face imminent risk — they do not — but to establish the baseline of where each network stands as the quantum computing capability frontier advances. Networks with smaller percentages of supply in currently vulnerable states, and with native architectural features that facilitate migration to post-quantum algorithms, are structurally better positioned to manage the transition than those without. On both dimensions, XRPL's current position is more favorable than bitcoin's — a meaningful data point for the longer-term security conversation even as both networks continue their respective quantum resistance development work.