Nearly 10% of Bitcoin Supply Risks Quantum Vulnerability Amid Emerging Threats

According to Glassnode, around 1.9 million Bitcoin are structurally vulnerable to quantum computing advances, highlighting an urgent need for quantum-resistant solutions in Bitcoin's protocol.

Editorial Team · May 20, 2026 · 2 min read · Source: cointelegraph.com

Close to 10% of Bitcoin’s total supply faces a structural vulnerability due to the way certain Bitcoin addresses reveal their public keys, a risk that stems from recent progress in quantum computing. Glassnode, a blockchain analytics firm, identified roughly 1.92 million Bitcoin at risk because their outputs expose public keys by design. This includes early Bitcoin reserved in Pay-to-Public-Key (P2PK) outputs, legacy multi-signature setups like Pay-to-Multisig (P2MS), and modern Pay-to-Taproot (P2TR) addresses.

Satoshi Nakamoto’s coins alone account for about 5.5% of this exposed portion, with an additional 3.1% tied to early-generation coins and roughly 1% originating from Taproot addresses. These types of outputs inherently reveal public keys once used in transactions, creating a window for potential quantum attacks if sufficiently powerful quantum computers emerge.

Current quantum computers remain far from being able to break Bitcoin’s underlying elliptic curve cryptography (ECC). Experts estimate that an attacker would require thousands of logical qubits and an extensive number of quantum gates to pose a real threat. Despite this, the risk has driven researchers and developers to advocate for quantum-proof improvements to the Bitcoin protocol.

One proposed upgrade involves adopting BIP-360’s Pay-to-Merkle-Root (P2MR) output, designed to eliminate the quantum-vulnerable key path in Taproot addresses. While it does not implement post-quantum digital signatures, this new output type could significantly reduce structural vulnerability.

Glassnode also highlights that over 69% of Bitcoin’s supply remains safe from quantum threats under current address frameworks. However, an additional 20% is considered “operationally unsafe,” meaning the coins could become vulnerable due to poor key or address management practices by holders.

Institutional holdings show varying degrees of exposure, with some corporate Bitcoin wallets heavily at risk. For example, 100% of Bitcoin held by Franklin Templeton, WisdomTree, and Robinhood is structurally exposed. Conversely, Coinbase—which holds a substantial amount for users—has kept exposure to a minimal 5%, while other platforms like Revolut and Grayscale show much higher vulnerability levels.