Fresh data released by crypto analytics platform Glassnode reveals that around 9.6% of the entire Bitcoin supply may be “structurally insecure” due to ongoing advancements in quantum computing. While Bitcoin wallet addresses are generally private, Glassnode emphasizes that specific spending transaction types can expose public keys, significantly increasing the risk.
Critical Bitcoin pools and risky address formats
According to Glassnode’s analysis, approximately 1.92 million Bitcoin fall within this at-risk group. These coins predominantly originate from early addresses linked to Satoshi Nakamoto’s Pay-to-Public-Key (P2PK) outputs, legacy Pay-to-Multisig (P2MS) formats, and the more recent Pay-to-Taproot (P2TR) addresses. In all these cases, technical requirements mean vital information or cryptographic keys are recorded directly on-chain during each transaction.
Wallets believed to be controlled by Satoshi Nakamoto represent the largest portion, containing about 1.1 million BTC. Additionally, nearly 620,000 early coins and 200,000 sent to Taproot addresses also fall within this insecure supply.
Glassnode’s analysis underlines the need to transition to new structures like Pay-to-Merkle-Root (P2MR), proposed in BIP-360, for Bitcoin to withstand quantum computing attacks. P2MR is designed to remove Taproot’s exposed key paths but does not by itself ensure fully quantum-resistant digital signatures.
Glassnode argues that this level of vulnerability could be reduced with improvements to wallet infrastructure, address standards, and user practices.
Mini glossary: Pay-to-Public-Key (P2PK), Pay-to-Multisig (P2MS), Pay-to-Taproot (P2TR), and Pay-to-Merkle-Root (P2MR) refer to different Bitcoin transaction and address types. P2PK exposes the public key directly in transactions; P2MS supports multi-signature transactions; P2TR, the Taproot standard, offers privacy and flexibility; P2MR is a proposed, still inactive framework for potentially quantum-safe transactions.
Distribution of secure and insecure Bitcoin in the face of quantum risk
Glassnode’s research indicates that about 13.99 million Bitcoin, representing 69.8% of total supply, is currently resilient to quantum threats. By comparison, a March report by Ark Invest put this figure at 65%, showing that a significant majority of holders have shifted to “safe” address types over recent months.
However, some 4.12 million BTC—or 20.6% of the total—is labeled as “operationally insecure.” These are vulnerable due to poor key or address management practices and nonstandard usage, with many large corporate and institutional wallets falling into this category.
Breakdown from institutions and exchanges
When analyzing data from major institutions, all the Bitcoin held by Franklin Templeton, WisdomTree, and Robinhood are stored in insecure address types. For digital banking platform Revolut, 99% of holdings are exposed, Grayscale’s risk rate stands at 52%, while only 2% of Fidelity’s Bitcoin holdings are deemed at risk.
| Institution/Exchange | Percentage of BTC at Risk |
|---|---|
| Franklin Templeton | 100% |
| WisdomTree | 100% |
| Robinhood | 100% |
| Revolut | 99% |
| Grayscale | 52% |
| Fidelity | 2% |
Looking at crypto exchanges, only 5% of Coinbase’s Bitcoin is exposed to quantum risk, whereas Binance’s wallets show an 85% exposure rate. The vast majority of Bitfinex’s Bitcoin is also classed as insecure.
Possible industry solutions and future outlook
Experts recommend minimizing address reuse, migrating holdings to more secure standards, and preparing strong contingency plans ahead of the anticipated quantum era. Adoption of these practices could substantially reinforce Bitcoin’s resilience to digital threats posed by upcoming quantum computers.
According to Glassnode, most of these risks remain theoretical unless there is a revolutionary break in Bitcoin’s cryptography. Ark Invest’s research suggests it would require thousands of logical qubits and billions of quantum gates to build a quantum computer capable of breaking Bitcoin’s encryption.
