Glassnode published a new on-chain study on May 21, 2026 estimating that 9.81% of circulating Bitcoin sits in addresses whose public keys are already visible on-chain, leaving them open to a future quantum attack that can derive private keys from public ones. The same report flags spot ETF holdings from Franklin Templeton, WisdomTree, and Robinhood as 100% concentrated in those vulnerable address formats. CoinMarketCap surfaced the data on its news feed.
BTC trades at $77,144 as of May 21, down 0.4% on the day and 3.0% on the week. The Crypto Fear and Greed Index reads 29, in Fear territory. Neither the spot market nor sentiment moved on the Glassnode disclosure, but the timing matters: it landed on the same morning that the Wall Street Journal reported the Trump administration is awarding $2 billion in grants to nine quantum-computing firms including IBM, with the federal government taking equity stakes in each deal.
The 9.81% number, broken down
Glassnode's classification looks at four address types it considers structurally unsafe: Pay-to-Public-Key (P2PK), reused Pay-to-Public-Key-Hash (P2PKH), reused Pay-to-Witness-Public-Key-Hash (P2WPKH), and any address whose public key has been broadcast in a spending transaction. Once a public key is on-chain, a sufficiently large quantum computer running Shor's algorithm could in principle reverse it to the private key.
The largest single bucket is P2PK, the format Satoshi used for most coins mined before 2010. Those coins have not moved in 15+ years and are widely assumed to belong to Satoshi or to early miners who lost their keys. They sit in the same statistical bucket as live institutional holdings under Glassnode's methodology, which is why the topline number reads so high.
The ETF exposure
The institutional finding is the more actionable one. Glassnode flags the spot Bitcoin ETFs run by Franklin Templeton (EZBC), WisdomTree (BTCW), and Robinhood as holding 100% of their reserves in vulnerable address types. The reason is operational, not philosophical: custodians for those products rely on public-key address formats that get exposed each time the trust rebalances or moves coins between cold and warm storage. Every spend reveals the underlying public key.
By contrast, BlackRock's IBIT and Fidelity's FBTC use custodial setups where most reserves sit in addresses that have never spent, so their public keys remain hashed and quantum-resistant under current cryptography. Glassnode lists those two as having materially lower exposure ratios, though it does not publish a single percentage for either.
Quantum timeline is still uncertain
No working quantum computer can break secp256k1, the elliptic curve Bitcoin uses, today. Public estimates from cryptographers cited in the report put the threshold at roughly 13 million physical qubits, or about a million logical qubits with error correction. Current systems from IBM, Google, and IonQ run in the low thousands of physical qubits. The gap is still measured in orders of magnitude, not years.
What changed this week is the policy backdrop. The $2 billion Trump grant program, structured with government equity stakes in each firm, is the largest single federal commitment to quantum hardware to date. It signals that Washington views quantum as a strategic compute layer alongside AI, and it puts a public timeline pressure on the field that did not exist 12 months ago.
Bitcoin Core developers have discussed post-quantum migration paths for years. Proposals include a soft fork to add lattice-based or hash-based signature schemes alongside ECDSA, with a long sunset window for holders to move coins to the new address format. None of those proposals are close to deployment, and any migration would require holders of the 9.81% to actively move funds, which is impossible for lost or abandoned coins.
Implications for custody and cards
Self-custody users with reused addresses fall into the same vulnerable bucket as the named ETFs. Best practice has long been to use a fresh address for every receive and to keep significant balances in addresses that have never spent. Most modern wallets do this automatically with hierarchical deterministic key derivation.
For self-custody crypto card users, the practical risk is low in the short term but worth monitoring. Hardware wallets from Ledger and providers running non-custodial spend designs like Gnosis Pay and MetaMask Card already rotate addresses by default. The exposure question sits with custodial ETF wrappers and exchange hot wallets that reuse spend addresses operationally.
Overview
Glassnode estimates 9.81% of Bitcoin's supply sits in address formats vulnerable to a future quantum attack, with named spot ETFs from Franklin Templeton, WisdomTree, and Robinhood flagged as 100% exposed. No quantum computer can execute the attack today, but a $2B federal grant program announced the same week puts new policy weight behind the hardware timeline. The market did not react: BTC trades at $77,144 with Fear and Greed at 29.
