On May 20, 2026, blockchain analytics platform Glassnode revealed that nearly 10% of the total supply of Bitcoin is structurally unsafe against potential quantum computing breakthroughs. The technical diagnostic notes that approximately 1.92 million Bitcoin are exposed because their output script designs inherently reveal the public key.
— glassnode (@glassnode) May 20, 2026
This exposure directly impacts funds held in both legacy and modern addresses, completely independent of the wallet management habits or operational hygiene of the users. The comprehensive findings of this on-chain research were shared through an official report on X by the firm’s core analytics team.
The distribution of the capital at risk shows a massive concentration within the network’s earliest blocks. Coins attributed to Bitcoin’s pseudonymous creator, Satoshi Nakamoto, make up 1.1 million BTC, which represents 5.5% of the current circulating tokens. Furthermore, an additional 620,000 coins generated during the same foundational period account for 3.1% of the vulnerable assets, while close to 200,000 units of Bitcoin reside in contemporary Taproot addresses, adding another 1% to the aggregate structural risk.
The global community of open-source developers maintains active debates regarding how to decouple the implementation of post-quantum cryptography from governance decisions about coins that remain permanently vulnerable on-chain. In this context, various investment managers have expressed technical concerns regarding the infrastructure readiness of the digital asset ecosystem.
Past assessments highlight that a substantial portion of the ledger faces imminent technological threats, suggesting that Bitcoin security risks could necessitate a full-scale overhaul of institutional custody frameworks before quantum processing units reach commercial maturity.
For these structural vulnerabilities to materialize into actual financial exploits, quantum computers would need to successfully break the elliptic curve cryptography (ECC) underlying the network’s protocol layers. According to an exhaustive white paper accessible on the ARK Invest portal, accomplishing such a task would require an operational system equipped with approximately 2,330 logical qubits. Additionally, it would necessitate processing between tens of millions and billions of quantum gates, a processing scale that far exceeds the computational limits of any existing systems.
Processing requirements and institutional exposure metrics
Conversely, Glassnode’s data reflects a more resilient outlook for the vast majority of circulating assets. It is estimated that 13.99 million Bitcoin, representing 69.8% of the global supply, remain entirely unexposed to this specific structural quantum threat. However, the report introduces a vital distinction by categorizing 4.12 million BTC as operationally unsafe. This specific subset of coins does not suffer from an inherent design flaw in their spending scripts; instead, their vulnerability arises entirely from poor user habits, such as key reuse and inadequate address management practices.
At the corporate level, entity-level data reveals a sharp asymmetry in the technological preparedness of large asset managers and financial intermediaries. Prominent firms like Franklin Templeton, WisdomTree, and Robinhood have 100% of their holdings classified under structurally exposed output formats. Similarly, digital banking platform Revolut holds 99% of its Bitcoin reserves in exposed formats, while Grayscale records a 52% structural exposure rate. In sharp contrast, multinational investment giant Fidelity shows an exceptionally secure position, with only 2% of its managed assets sitting under vulnerable address criteria.
The landscape among centralized cryptocurrency exchanges also indicates highly divergent storage methodologies. Only 5% of the tokens secured by Coinbase are located within vulnerable output types, a metric that contrasts heavily with the 85% exposure reported in Binance’s corporate balances and the 100% of the assets held under the custody of the Bitfinex trading platform. To counter this structural exposure, technical analysts recommend that institutional custodians eliminate key reuse entirely and formulate coordinated migration paths toward post-quantum storage formats.
As a technological mitigation path, software engineers are evaluating improvement proposals such as BIP-360, which introduces the Pay-to-Merkle-Root (P2MR) output format. This technical structure aims to eliminate the vulnerable key-path spend that characterizes Taproot, though it does not inherently introduce post-quantum digital signatures on its own. Core development committees are expected to review performance metrics and backward compatibility data for these network upgrades during scheduled client software reviews later this year.
This article is for informational purposes only and does not constitute financial advice.
