Over 30% of Bitcoin’s circulating supply sits in wallets with exposed public keys, primarily held by cryptocurrency exchanges, according to Glassnode analysis published May 21, 2026. The 6.04 million Bitcoin at risk represents a measurable quantum computing vulnerability, even as cryptographic threats remain years away. The data reveals a sharp decline in custody standards since 2018, when operationally safe Bitcoin holdings stood at 55% of the network.
How Exchange Wallets Expose Bitcoin to Quantum Risk
Bitcoin’s security model requires public keys to remain hidden until a transaction is signed. Once funds move, the public key is permanently published to the blockchain. Exchanges compound this vulnerability through operational negligence: address reuse, partial spending without proper change rotation, and continued deposits to retired wallets. Glassnode categorizes 4.12 million Bitcoin as operational risk from poor wallet management alone. The remaining 1.66 million Bitcoin in exposed addresses is held directly by exchanges including Binance, Coinbase, Bitfinex, Crypto.com, and Gemini. Binance holds 85% of its labeled Bitcoin in exposed addresses, representing approximately $34 billion of the $40 billion it holds on-chain.
Exchange Custody Standards Diverge Sharply From Traditional Finance
Custody standards vary dramatically across platforms. Binance shows 85% exposure, while Coinbase maintains only 5% and Fidelity just 2%. Grayscale, which operates a major Bitcoin ETF, has 50% exposure. Bitfinex, Crypto.com, Gemini, WisdomTree, Robinhood, and Revolut each show 100% exposure. By contrast, government wallets in the United States, United Kingdom, and El Salvador maintain safety rates exceeding 99%. The disparity underscores how cryptocurrency custodians have adopted weaker security practices than traditional finance institutions despite holding billions in customer assets.
Protocol Fixes Require Years of Coordination
Quantum computers capable of breaking Bitcoin’s elliptic curve encryption remain years away from deployment at scale. However, a protocol-level migration to post-quantum signatures would unfold over several years and demand unprecedented network coordination. Exchanges can immediately reduce risk through operational hygiene without waiting for protocol changes. Address rotation, change output management, and elimination of wallet reuse require no consensus upgrade. The gap between available remediation and actual implementation reflects custody negligence rather than technical constraint, raising questions about whether major exchanges will act before quantum hardware poses a genuine threat.
What Comes Next for Bitcoin Security
Glassnode’s data forces a reckoning: cryptocurrency’s largest custodians hold 30% of Bitcoin’s supply in cryptographically vulnerable positions. Neither Binance nor other major exchanges have publicly announced quantum security roadmaps. The metric reveals not a protocol failure but an operational one. If quantum computers advance faster than expected, Bitcoin’s real vulnerability lies not in its mathematics but in how exchanges manage keys. Protocol developers have time to build defenses. Exchanges do not.
