A quantum attack that Bitcoin has long treated as a distant threat has just moved closer to reality. Quantum security startup Project Eleven awarded its Q-Day prize of one bitcoin to independent researcher Giancarlo Lelli on Friday. Lelli cracked a 15-bit elliptic curve key using publicly available quantum hardware. It derived a private encryption key from its public counterpart. The bounty is worth around $78,000 at current prices. It is described as the largest public demonstration of this class of attack, which could one day threaten Bitcoin, Ether and most major blockchains.
Understanding the attack method
Elliptic curve cryptography is the calculation that allows a crypto wallet to prove that it controls funds without revealing its private key. A public key may be visible to everyone, but in practice, deriving the corresponding private key is supposed to be impossible. Quantum computers running Shor’s algorithm, a quantum technique first proposed in 1994, challenge this assumption by attacking the underlying logic that secures these signatures.
Lelli’s result does not mean that Bitcoin is about to be cracked. Bitcoin uses 256-bit elliptic curve security. A 15-bit key has a search space of 32,767 possibilities, which is tiny in comparison. The award was designed to measure whether quantum attacks against real crypto-based products move from white papers to public hardware experiments.
The previous public break was a 6-bit demonstration performed by Steve Tippeconnic in September 2025 using IBM’s 133-qubit quantum computer. Lelli’s 15-bit result multiplied that result 512 times in seven months. A bit is the smallest unit of information in an ordinary computer, while a qubit is the quantum computing equivalent.
Declining resource requirements
Theoretical resource estimates fell even faster. A Google research paper published last month estimates the cost of a full 256-bit attack at less than 500,000 physical qubits, down from previous estimates of several million. Alex Pruden, CEO of Project Eleven, said: “The resource requirements for this type of attack continue to decrease, and the obstacles to executing it in practice decrease with them. » He noted that the winning submission came from an independent researcher working on cloud-accessible hardware, not from a national lab or private quantum chip.
The concern is greatest for wallets whose public keys are already visible on the chain. Project Eleven estimates that about 6.9 million bitcoins are located at these addresses, or about a third of the total supply, including the one million bitcoins Satoshi Nakamoto estimated have been untouched since the network’s early years. Any quantum computer capable of breaking 256-bit ECC could use these wallets at leisure.
Bitcoin developers have proposed migration paths, including BIP-360, a proposed Bitcoin enhancement that would add quantum-secure address types. Ethereum, Tron, StarkWare, and Ripple have each released post-quantum transition plans. Fifteen bits doesn’t equate to 256 bits, but it’s the latter point of interest that is quickly gaining interest among Bitcoin developers and the broader community.
