Glassnode says Bitcoin quantum risk covers 1.92M BTC: Exposure Explained

This article is for informational purposes only. Always verify information independently before making any decisions.

According to Glassnode‘s on-chain analytics, 1.92 million BTC—just under 10% of all Bitcoin ever issued—sits at structural quantum risk because the public keys for these coins are already exposed on the blockchain. The remaining 13.99 million BTC, or roughly 69.8%, remains protected, as its public keys have never appeared on-chain. This division means any future quantum breakthrough would put nearly one-third of the Bitcoin supply at immediate, targetable risk unless holders take additional precautions. So quantum safety is no longer a hypothetical discussion among developers; it’s now a recognized operational and structural issue for billions in digital assets.

Glassnode: Address Type Splits Bitcoin’s Quantum Exposure

Per Glassnode’s full audit of address types as of May 2026, the quantum-exposed Bitcoin supply falls into two buckets: structural and operational risk. The first group, totaling 1.92 million BTC—representing 9.6% of total issued supply—sits in legacy pay-to-public-key (P2PK) addresses, which reveal the public key by their very format.

The 1.92 million BTC locked in these legacy formats represents a permanent, unmoving risk surface. That’s because operational exposure—covering 4.12 million BTC, according to Glassnode—creates a persistent, static risk environment each time coins are moved or spent. Each spend broadcasts the public key on-chain, leaving residual funds traceable and vulnerable. Exchange-controlled addresses alone account for roughly 1.63 million BTC, attributed to routine address reuse and batched transactions.

Structural Risk: How Early Bitcoin Design Shapes Today’s Threat

Bitcoin’s structure assigns private keys, public keys, and addresses in a predictable, one-way mathematical sequence using ECDSA cryptography. Classical computers cannot reverse the process from public key to private key. But legacy P2PK addresses—created until around 2010—embed exposed public keys as a feature of the protocol, not a flaw. At the time, the risk remained abstract; few considered attackers would ever have enough computational power to mount a targeted assault against old addresses. The 2010 cutoff is approximate. Roughly 1.92 million BTC remains parked in this outdated address class in 2026, representing a permanent, unmoving risk surface unless holders intervene.

Operational risk, by contrast, is governed as much by habit as by technology. Each Bitcoin address reveals its public key only when funds depart that address. As soon as coins are spent, the once-private public key goes on-chain for all future observers. If addresses are reused—even by accident—or if coins stay behind after partial spending, public-key exposure quickly compounds. This class of operationally exposed addresses has grown largest through routine activity, not just poor hygiene. Modern security practices urge users to never reuse addresses and to migrate all balances to formats like P2WPKH (SegWit) or P2TR (Taproot), in which the public key only appears during a spend. Still, with 4.12 million BTC in addresses where public keys are already visible, user behavior drives future risk containment.

$BTC stabilises as momentum and on-chain activity improve, while derivatives stay cautious. Selling pressure eases but capital flows remain fragile, signalling a tentative recovery backdrop.

Read more in this week’s Market Pulse👇https://t.co/s6wwxSvwvL pic.twitter.com/I1bKUy0bV0

— glassnode (@glassnode) March 2, 2026

Why These bitcoins Are at Risk: Public-Key Exposure in Detail

If quantum computers gain sufficient power to reverse ECDSA, every exposed public key is a live vulnerability. The 6.04 million BTC behind visible keys—combining 1.92 million in structurally exposed formats and 4.12 million in operationally exposed addresses—would be the earliest casualties in a post-quantum world.

The 1.63 million BTC clustered at exchanges represents the highest concentration of exposed funds.

Individual user actions determine risk exposure as public-key visibility is a function of address history and spending. Coins held in unused SegWit or Taproot addresses are better protected since their public keys never hit the blockchain until spent. Glassnode’s data confirms that 69.8% of Bitcoin supply—about 13.99 million BTC at last count—remains in this hidden-key category.

Historical Context, Protocol Evolution, and the Quantum Timeline

Why This Quantum Exposure Matters for All Bitcoin Holders

never reuse addresses and move holdings to SegWit or Taproot formats, where the public key is not visible until spent. Glassnode’s latest network forensics show 6.04 million BTC now sits at some quantum risk, incorporating both operational and structural exposures. So the best practice is to use only new addresses for each transaction and promptly migrate away from legacy types. Owners of coins at unused addresses are currently sheltered; those who spend from addresses or reuse old ones see their holdings join the list of potential early targets once a quantum attack becomes feasible.

Exchanges retain 1.63 million BTC in operationally exposed addresses—hot wallets managed for speed and efficiency. Often sending and receiving funds in bulk, with public keys broadcast each time a coin is sent. Centralized exchanges and custodial services could sharply reduce the network’s collective quantum risk by rotating addresses regularly, adopting non-reuse policies, and migrating holdings to advanced formats.

Summary: Key Facts on Bitcoin’s Quantum Vulnerability

• Structural risk:1.92 million BTC stored in legacy, at-rest, public-key-exposed addresses, per Glassnode’s May 2026 data audit. These are likely dormant, early, or lost wallets that cannot be moved without the private key.
• Operational risk:4.12 million BTC in standard addresses where the public key was exposed through spending or address reuse. This share is actionable—moving funds to modern formats closes the vulnerability going forward.
• Exchange exposure:1.63 million BTC controlled by exchanges in addresses with re-exposed public keys. Key rotation and address non-reuse by institutional actors are the top mitigation levers available today.
• Best practices for holders:Always generate a new address for each inbound transaction, move coins out of legacy formats, and migrate to SegWit (bech32) or Taproot as technical capability allows.
• Post-quantum security challenge:Protocol-wide transition to quantum-resistant signatures would require consensus for a network-wide fork and could take many years to finalize.

Frequently Asked Questions about Bitcoin and Quantum Risk

• How much Bitcoin is at quantum risk?According to Glassnode, 1.92 million BTC suffers structural exposure, while an additional 4.12 million BTC is operationally exposed. That means more than 6 million BTC—over 30% of issued supply—faces quantum vulnerability if quantum hardware outpaces current encryption.
• Why are some addresses “exposed”?An address is exposed if its public key has ever appeared on the blockchain—whether by design (P2PK legacy format) or because funds were previously spent from the address. Modern formats only reveal the public key at spend, so unused addresses are currently safe.
• Are all bitcoins equally threatened?No. Only coins in addresses with already visible public keys (structural or operational) face immediate risk from quantum attacks. Coins in never-used SegWit or Taproot addresses face no practical risk until spent.
• When could quantum computers break Bitcoin?The world’s most advanced quantum computers have fewer than 10,000 qubits, while an attack on ECDSA would require millions of stable, error-corrected qubits. But because cryptographic transition and migration take years, users shouldn’t delay enacting best practices.
• Can operationally exposed coins be protected?Yes. Holders can move coins from addresses with already revealed public keys to new addresses—preferably SegWit or Taproot formats—resetting their protection status until the next spend. In contrast, structurally exposed coins usually remain immovable, as most are presumed lost or dormant.
• What actions should private holders take now?Don’t reuse addresses under any circumstances, migrate holdings out of legacy formats, store funds in SegWit or Taproot addresses, and keep coins in cold storage unless spending is necessary. Limiting spends further reduces risk.
• What about exchanges and custody providers?Institutions should avoid address reuse and rotate public keys after each transaction, migrating holdings to advanced address types where possible. According to Glassnode, 1.63 million BTC at exchanges faces elevated risk as of May 2026.
• Will Bitcoin adopt quantum-resistant cryptography soon?Procedural upgrades require a coordinated network-wide fork, either soft or hard, and broad community consensus. These efforts remain years away, so individual migration remains the primary defense in the interim.
• Where can I monitor Bitcoin quantum risk developments?Regular updates and detailed forensic analyses appear at Crypto.news, Bitcoinworld.co.in, and contact editorial teams at these outlets for ongoing coverage and in-depth network monitoring. Staying informed is critical as technical capabilities and recommended practices evolve.