Glassnode: Nearly 10% of Bitcoin Exposed to Quantum Risk

Glassnode reported that roughly 1.92 million bitcoin, about 9.6% of the total supply, are structurally exposed to potential quantum attacks because certain output types reveal public keys by design. The analytics firm published the figures on X and explained the exposure is tied to how specific address types encode or reveal key material.

The exposed set includes about 1.1 million BTC in Satoshi-era Pay-to-Public-Key (P2PK) outputs (about 5.5% of supply), roughly 620,000 BTC in other early-era outputs such as Pay-to-Multisig (P2MS) (about 3.1%), and about 200,000 BTC in Pay-to-Taproot (P2TR) addresses (about 1%).

Glassnode found about 13.99 million BTC, or 69.8% of supply, that do not expose public keys on chain and are therefore structurally safe from a key-extraction attack. The firm also classified roughly 4.12 million BTC, or 20.6% of supply, as operationally unsafe because of key-management practices such as address reuse.

Entity-level analysis showed large differences across custodians and services. Glassnode reported Franklin Templeton, WisdomTree and Robinhood hold bitcoin positions that are 100% exposed under its criteria. Revolut’s holdings were described as 99% exposed, Grayscale about 52% exposed and Fidelity about 2% exposed.

Exchange holdings also varied. Glassnode reported roughly 5% of Coinbase’s BTC stack is exposed, compared with 85% of Binance’s and near 100% on Bitfinex.

To reduce exposure, Glassnode recommended better address hygiene, reduced key reuse and planning migrations to quantum-resistant formats. The firm pointed to BIP-360’s Pay-to-Merkle-Root (P2MR) output type as a proposal that aims to remove Taproot’s key-path spend that reveals key material; BIP-360 does not itself introduce post-quantum signature algorithms but would limit on-chain key disclosures.

Glassnode cited a March white paper from Ark Invest estimating that breaking Bitcoin’s elliptic curve cryptography would require on the order of 2,330 logical qubits and tens of millions to billions of quantum gates. The report noted the vulnerability depends on future quantum capability and remains theoretical until hardware achieves the necessary scale and error correction.

Technically, P2PK outputs embed a public key directly in the spending script, and P2MS and some Taproot spending paths can disclose key material when coins are spent or when certain scripts are published. Output types that reveal only a script hash until spending do not expose public keys until the coins move.

Glassnode’s analysis includes the proportion of exposed supply that could be reduced through changes in wallet infrastructure, address standards and user behavior. The report provides a baseline for how much bitcoin would be structurally vulnerable if quantum hardware reaches the capability to break current elliptic curve cryptography.