A prominent XRPL validator has published a comprehensive analysis of the quantum risk facing both networks. The finding: only 0.03% of the circulating XRP supply is exposed to quantum attacks. For Bitcoin, that figure stands at roughly 32 to 35%.
The validator, known by the pseudonym "Vet," presented the analysis on April 7. It arrives just days after a high-profile Google paper describing the theoretical feasibility of cracking Bitcoin's ECDSA-256 encryption in under nine minutes. As a result, the debate around quantum computing and crypto security has gained fresh urgency.
Subscribe to our newsletter
The best articles of the week, directly delivered into your mailbox.
Why Bitcoin is more exposed than XRP
The difference comes down to architecture. Bitcoin uses a UTXO model in which public keys appear directly in transaction data under certain conditions. Early pay-to-public-key outputs (P2PK) exposed keys permanently. Around 6.9 million BTC sit in such wallets, including Satoshi Nakamoto's estimated one million BTC. The equivalent value: roughly $440 billion.
XRPL works fundamentally differently. Its account-based model only exposes public keys upon the first outgoing signing operation. Users who never send a transaction remain protected. According to Vet's analysis, approximately 300'000 XRP accounts holding a combined 2.4 billion XRP have never sent a transaction. Consequently, their keys have never become public.
The validator identified only two dormant whale accounts with exposed keys. Together, they hold around 21 million XRP. With a circulating supply of 61 billion XRP, that amounts to the cited 0.03%. Moreover, Bitcoin lacks a native key-rotation mechanism. Users can only move funds to new addresses, which itself briefly exposes the public key in the mempool.
Google Quantum AI intensifies the debate
In late March, Google Quantum AI published a paper with updated estimates. According to the research, breaking Bitcoin's ECDSA-256 would require fewer than 500'000 physical qubits. Compared to 2019 estimates, that represents a roughly 20-fold reduction in the resources needed.
Google also modeled a specific attack vector targeting Bitcoin's ten-minute block confirmation window. The calculated success rate: 41%. Consequently, the researchers recommend that the entire crypto industry migrate to post-quantum cryptography by 2029.
Vet himself considers the current situation manageable. In his view, no existing quantum computer can currently break blockchain encryption, and the industry will deliver solutions in time. However, the varying degrees of preparedness are notable. The development curve is steepening faster than expected. Industry consensus nevertheless sees a window of three to five years for migration.
XRPL already tests post-quantum cryptography
In December 2025, the XRP Ledger switched its AlphaNet testnet to CRYSTALS-Dilithium, a NIST-recognized post-quantum standard. This upgrade covers accounts, transactions, and validator consensus. In addition, the network is testing ML-DSA signatures as a quantum-resistant alternative.
A structural advantage also plays a role. XRPL validators can approve encryption changes without a hard fork. This governance model allows faster adjustments than Bitcoin's consensus-based BIP process. Furthermore, escrow and timelock tools secure funds through time-based logic rather than cryptography alone.
Grayscale identified the XRP Ledger in a report as one of the few networks actively testing post-quantum standards. Bitcoin developers also research quantum-resistant upgrades at the BIP level. Yet no proposal has reached formal adoption so far.
What is at stake for Bitcoin holders
The exposed attack surface on Bitcoin is not merely theoretical. Two scenarios stand out. In a "long-exposure" attack, adversaries target dormant coins whose public keys already sit in the open. A "short-exposure" attack, by contrast, exploits the roughly ten-minute window during which a public key is visible in the mempool.
Security experts therefore recommend that Bitcoin users migrate to "bc1" addresses (Native SegWit or Taproot). This step moves funds to addresses whose keys have never faced exposure. However, it does not solve the problem of the approximately 6.9 million BTC in legacy wallets. Those owners are either inactive or have lost access.
One detail often goes unnoticed: even after a successful migration, the mempool remains a brief exposure window. XRPL offers a more elegant solution through key rotation, allowing users to update signing keys without moving funds. Google's 2029 deadline gives the industry a clear timeline. Whether Bitcoin's decentralized governance process can respond quickly enough remains the central question.
