Glassnode: 9.6% of Bitcoin supply is structurally quantum-exposed
The breakdown flags Taproot, legacy scripts, and high exposure at several large custodians and exchanges.
Glassnode quantified Bitcoin’s quantum-computing exposure, estimating 9.6% of supply is structurally unsafe if elliptic curve cryptography is broken. The firm also split out another 20.6% as operationally unsafe and pointed to BIP-360’s P2MR as a mitigation concept for Taproot’s key-path exposure.
Key Takeaways
- About 1.92 million BTC, or 9.6% of supply, sits in output types that are structurally exposed in a quantum breakthrough scenario, per Glassnode.
- The structurally exposed bucket spans Satoshi-era P2PK, legacy P2MS, and modern Taproot (P2TR) outputs that reveal public keys or equivalents by design.
- Glassnode estimated 69.8% of supply (13.99 million BTC) is unexposed, while 20.6% (4.12 million BTC) is operationally unsafe due to key and address management.
- BIP-360’s proposed Pay-to-Merkle-Root (P2MR) was highlighted as a way to remove Taproot’s quantum-vulnerable key-path spend, without adding post-quantum signatures.
Glassnode Puts a Number on Bitcoin’s Quantum-Exposed Supply
Glassnode’s latest accounting frames quantum risk as a measurable market-structure variable, not just a distant research problem. The firm estimated 9.6% of Bitcoin’s total supply, about 1.92 million BTC, is “structurally unsafe” in a scenario where a quantum computer can break Bitcoin’s elliptic curve cryptography (ECC).
The rest of the supply was split into two buckets: 69.8% (about 13.99 million BTC) categorized as unexposed, and 20.6% (about 4.12 million BTC) labeled “operationally unsafe,” where exposure is driven by key or address management rather than script design.
That split matters for traders because it turns “quantum” into a custody and infrastructure narrative. Structural exposure is tied to specific script templates. Operational exposure is tied to how large holders and platforms manage keys at scale.
Which Bitcoin Output Types Are “Structurally Unsafe”
Glassnode’s structurally exposed set is defined by output types that reveal a public key, or a public key-equivalent, on-chain by design. That includes early Pay-to-Public-Key (P2PK) outputs, legacy Pay-to-Multisig (P2MS), and Pay-to-Taproot (P2TR) when spent via the key path.
Within that 9.6%, Glassnode attributed about 1.1 million BTC (5.5% of total supply) to Satoshi Nakamoto-era coins, plus another 620,000 BTC (3.1%) in additional Satoshi-era coins, and roughly 200,000 BTC (1%) in Taproot addresses.
Glassnode also noted the structural bucket “could be reduced if wallet infrastructure, address standards, and user behavior evolve,” implying some of the risk is compressible through migration and better address hygiene even before any protocol change.
Custodian and Exchange Exposure Snapshots
The market sensitivity sits in who holds the exposed coins. Glassnode’s entity-level estimates showed 100% exposure for BTC held by Franklin Templeton, WisdomTree, and Robinhood, plus 99% exposure for Revolut. Grayscale was estimated at 52% exposed, while Fidelity was estimated at 2%.
On the exchange side, Glassnode estimated about 5% of Coinbase-held BTC is exposed versus 85% for Binance and about 100% for Bitfinex.
For market participants, this is less about a countdown to quantum theft and more about operational concentration. If exposure is clustered at major venues, the second-order effect is confidence and flow. A platform that can credibly demonstrate migration planning and clean key practices can reduce a tail-risk overhang. One that cannot may wear a persistent risk discount in narratives around custody quality.
Signals to Watch for Glassnode flags quantum-exposed Bitcoin supply
Progress on BIP-360 and any concrete implementation path for P2MR will be the cleanest protocol-level signal, especially if wallet and custody stacks start supporting migration away from Taproot key-path exposure.
Traders should also watch for public updates from custodians and exchanges on address hygiene, key reuse reduction, and migration plans, with particular focus on venues Glassnode tagged as highly exposed.
On the feasibility side, Ark Invest’s benchmark for breaking Bitcoin ECC, about 2,330 logical qubits and “tens of millions to billions” of quantum gates, is a useful anchor. Any credible revision to that resource estimate would change how quickly this risk gets repriced.
Finally, follow-on on-chain analytics that refresh the 9.6% structural, 20.6% operational, and 69.8% unexposed buckets, plus methodology and as-of dates for entity and exchange snapshots, will determine whether this story tightens into a durable risk metric.
How Traders Should Read the Quantum-Exposure Data
I treat this as a custody and infrastructure exposure map dressed in quantum language. The immediate edge is not predicting a quantum timeline. It is seeing that Glassnode ties risk to specific output types and then pins meaningful chunks of that exposure to specific custodians and exchanges.
The threshold that matters is whether mitigation becomes operational and visible: wallet support, migration tooling, and credible venue-level disclosures. If that infrastructure shift holds, the setup starts to look structural rather than narrative-driven, and the “quantum risk” label turns into a measurable quality spread across custodians and venues.
