Analytics platform Glassnode has quantified how much Bitcoin is genuinely at risk in the event of a quantum computing breakthrough. The figure is striking: 1.92 million BTC, or 9.6% of the total supply, is structurally unsafe, meaning the public key is exposed by design regardless of how the owner manages their wallet. Another 4.12 million BTC is vulnerable due to key and address management errors.
Taken together, more than 30% of the supply falls under some form of exposure. These are not hypothetical coins in some distant future scenario. They are specific addresses holding specific Bitcoin today.
1.92 Million BTC: Three Address Types Under Structural Threat
Structural vulnerability means the public key of an address is visible on the blockchain by design, regardless of the owner's behavior. Glassnode identified three groups.
First: Pay-to-Public-Key (P2PK), the early format from the Satoshi era. The public key is written directly into the transaction output. Coins of this type account for roughly 1.72 million BTC, most of them from early mining. Second: Pay-to-Multisig (P2MS), legacy multi-signature structures. Third: Pay-to-Taproot (P2TR), Bitcoin's modern address format. Somewhat paradoxically, Taproot exposes the public key by default through the key path spend, leaving owners vulnerable even when they use their wallet correctly.
The breakdown: Satoshi's coins account for 1.1 million BTC (5.5% of total supply), other Satoshi-era coins for 620,000 BTC (3.1%), and Taproot addresses for about 200,000 BTC (1%).
Who Is Most Exposed: From Satoshi's Coins to Binance and Franklin Templeton
Glassnode examined not only address types but also specific large holders. The picture is uneven.
Among corporate holders, 100% of BTC held by Franklin Templeton, WisdomTree, and Robinhood sits on vulnerable addresses. Revolut stores 99% of its Bitcoin that way. Grayscale's exposure is 52%. Fidelity is more careful: only 2% of its holdings are at risk.
The exchange comparison is stark. Coinbase holds only 5% of its BTC in exposed formats. Binance: 85%. Bitfinex: roughly 100%. This means billions of dollars in Bitcoin on major trading platforms sits in address formats that a sufficiently powerful quantum computer could attack.
When the Real Threat Arrives: 2,330 Qubits and Billions of Operations
The quantum threat to Bitcoin is theoretical today. Breaking Bitcoin's elliptic curve cryptography (ECC) would require approximately 2,330 logical qubits and tens of millions to billions of quantum gate operations, according to a March 2026 white paper from Ark Invest. No such machine exists. The most powerful public quantum computers today count a few thousand physical qubits, and a logical qubit requires many physical qubits to handle error correction.
Ark Invest's March analysis aligns with Glassnode's numbers: Ark found 65% of the supply to be safe, versus Glassnode's 69.8%. The gap reflects different methodologies for classifying address types, not a meaningful disagreement on the underlying risk.
The timeline, though, is not fixed. Quantum computers are advancing faster than researchers predicted five years ago. If a breakthrough arrives before the Bitcoin network has migrated to quantum-resistant formats, the coins currently sitting on exposed addresses face a real threat, not just a theoretical one.
What Exchanges and Wallets Should Do Before a Quantum Breakthrough
Glassnode outlined three steps for exchanges and custodial providers: reduce key reuse, improve address hygiene, and begin planning migration to a quantum-resistant format.
At the protocol level, Bitcoin developers have already proposed a solution. BIP-360 introduces a Pay-to-Merkle-Root (P2MR) output type that removes the vulnerable key path spend from Taproot. P2MR does not itself add post-quantum digital signatures, but it closes the most obvious attack vector through Taproot addresses.
For individual BTC holders, the picture is this: if coins sit on P2PKH or P2WPKH addresses and the public key has never been exposed on-chain, they fall into the 69.8% safe category. If the wallet uses Taproot addresses or old P2PK outputs, the risk level depends on how fast quantum hardware matures. The migration conversation has started in the Bitcoin community. Waiting until it becomes urgent is not the recommended approach.
Comments
Your email address will not be published. Required fields are marked *