Summary:

Glassnode says 1.92 million BTC, or 9.6% of Bitcoin's supply, is structurally exposed to future quantum breakthroughs.
The exposed coins include Satoshi-era wallets, legacy multisig outputs, and Taproot-related outputs.
Another 4.12 million BTC is considered operationally unsafe due to poor key and address management.
Nearly 70% of Bitcoin's supply remains protected from current quantum threats.
Glassnode says Bitcoin may need upgrades like BIP-360 to strengthen future resistance.
Large institutions and exchanges show mixed exposure levels depending on custody design.

Bitcoin's security model has survived market crashes, exchange collapses, and more than a decade of attacks. But according to fresh analysis from blockchain data platform Glassnode, a different kind of threat may be quietly growing in the background. The firm said nearly 10% of Bitcoin's total supply is now considered structurally vulnerable if quantum computing ever reaches the point where it can break Bitcoin's cryptographic protections. That figure represents about 1.92 million BTC, a massive amount of dormant and active coins that could theoretically become exposed if quantum systems eventually crack elliptic curve cryptography, the mathematical foundation behind Bitcoin wallet security. Glassnode wrote:

" We currently classify 1.92M BTC, or 9.6% of issued supply, as structurally unsafe." Source

This category includes several known Bitcoin output types that reveal public key information by design. That matters because once a public key is visible, a sufficiently advanced quantum computer could theoretically reverse-engineer the corresponding private key and gain spending access. Among the most exposed holdings are early Pay-to-Public-Key (P2PK) outputs, commonly associated with Bitcoin's earliest era, including many wallets believed to belong to Bitcoin creator Satoshi Nakamoto. According to Glassnode, Satoshi's estimated 1.1 million BTC accounts for roughly 5.5% of Bitcoin's vulnerable supply. Another 620,000 BTC tied to other early wallets adds around 3.1%, while roughly 200,000 BTC sits inside Taproot-based structures that also carry structural visibility under certain spending paths. Quantum systems today are nowhere near powerful enough to execute this kind of cryptographic break at scale. But Glassnode's warning is about preparing Bitcoin for a future. The firm said the findings reinforce the need for Bitcoin developers to seriously consider migration paths toward stronger long-term protections. One option already under discussion is BIP-360, which proposes a Pay-to-Merkle-Root output format designed to remove Taproot's quantum-vulnerable key path spend. Glassnode explained:

" The findings underscore the need to implement a quantum-proof path for Bitcoin, such as the adoption of BIP-360's proposed Pay-to-Merkle-Root (P2MR) output type, which seeks to remove Taproot's quantum-vulnerable key path spend, though it does not itself add post-quantum digital signatures."

BIP-360 would reduce exposure by changing the certain outputs reveal keys, but it would not fully replace Bitcoin's underlying signature system with post-quantum cryptography. That conversation is still in its early stages. For now, the report is about awareness. Bitcoin may still have years, possibly decades, before quantum hardware becomes a practical threat. But protocol-level preparation takes time and history has shown that large-scale network upgrades rarely happen quickly.

The Bigger Risk

Glassnode's report makes another important point that structural exposure gets most of the attention, but operational mistakes are already creating a larger risk category. The firm estimates 4.12 million BTC, or 20.6% of total issued supply, is operationally unsafe due to poor wallet practices, repeated address reuse, and weak custody design. Glassnode wrote:

" The exposed supply separates into two categories: structural exposure (1.92M, 9.6%) and operational exposure (4.12M, 20.6%). Also added "Operational exposure is the larger bucket in the Glassnode data. We classify 4.12M BTC, or 20.6% of issued supply, as operationally unsafe. This is 2.1x the structurally unsafe balance. The main insight is that most current at-rest exposure is not simply a legacy script-design problem - it is a key- and address-management problem."

Address reuse remains common among custodians and large holders because it simplifies accounting and infrastructure management. But every repeated public key exposure creates more long-term attack surface. Glassnode's entity-level analysis shows major differences across institutions. Some firms appear heavily exposed. Others have already adopted safer practices.

Source : Glassnode Report

According to the report, 100% of Bitcoin held by Franklin Templeton, WisdomTree, and Robinhood is currently exposed under operational criteria. Revolut shows 99% exposure, while Grayscale sits at 52%. Fidelity appears far more conservative, with just 2% exposure. Among exchanges, exposure levels also vary sharply. Coinbase has roughly 5% exposure, while Binance sits near 85%, and Bitfinex approaches 100% exposure. These differences likely reflect internal wallet rotation standards and key management architecture. Glassnode's recommendation is simple that reduce address reuse, improve custody hygiene, and begin planning migration paths before quantum resilience becomes apparent. That work is operationally complex but entirely possible today.

Bitcoin Still Has Time, But The Clock Has Started

Glassnode estimates 13.99 million BTC, or 69.8% of supply, is currently shielded from known quantum-related exposure pathways. That closely matches earlier analysis from Ark Invest, which estimated about 65% of Bitcoin supply remains secure under current assumptions.

Source: ARK Research

Ark's March research also suggested that breaking Bitcoin's elliptic curve cryptography would require approximately 2,330 logical qubits and tens of millions to billions of quantum gate operations. That level of capability does not yet exist. Current quantum systems remain experimental and noisy, far from the fault-tolerant scale needed for a direct attack on Bitcoin.

Still, the pace of quantum research is accelerating. Governments and major technology firms are investing billions into quantum hardware development. Quantum resilience may eventually become the next major chapter. Glassnode's report lands squarely in that middle ground and It is a reminder that every strong system eventually faces new threats. The strongest systems are usually the ones that prepare before the danger becomes urgent. For Bitcoin, the quantum conversation has officially moved from theory to planning.