Related Articles
The quantum attack Bitcoin has spent years treating as tomorrow’s problem just got a little less theoretical.
When independent researcher Giancarlo Lelli broke a 15-bit (incidentally accessible) curve key on publicly available quantum hardware, the private encryption key from its public counterpart was obtained Friday by Quantum security startup Project Eleven, which awarded its 1 bitcoin Q-Day Prize to independent researchers.
The prize is around $78,000 at the price of this bounty – according to current prices, and it’s worth about $800,000. According to the statement, it is “the biggest demonstration of the attack class that could one day threaten bitcoin, ether (ETH) and most major blockchains.”
Project Eleven Awards 1 BTC Q-Day Prize for Largest Quantum Attack on Elliptic Curve Cryptography to Date
Researcher breaks 15-bit ECC key on publicly accessible quantum hardware in a 512x jump from the previous public demonstration.
Project Eleven today awarded the Q-Day…
Project Eleven (@projecteleven) April 24, 2026
Elliptic curve cryptography is the math that allows a crypto wallet to prove it controls funds without showing its private key. While a public key can be visible to everyone, deriving the private key that is associated with it is supposed to be impossible in real life.
The problem is that assumption was challenged by attack on the underlying logic which secures those signatures, and this has been challenging since 1994 when it comes to quantum computers running Shor’s algorithm, a quantum technique first proposed in 1994.
Despite Lelli’s result, it does not mean bitcoin is close to being cracked. 256-bit (512–1) security for Bitcoin’s elliptic curve is used in the encryption of its . The search space for a 15-bit key is 32,767 possible possibilities (little by comparison) and it has. It was aimed at measuring whether the quantum attacks on real cryptography-based products are moving from white papers into public hardware experiments.
In September 2025, Steve Tippeconnic demonstrated a 6-bit public break with IBM’s 133-qubit quantum computer. Lelli’s 15-bit result increased that by 512 in seven months.
A bit is the smallest unit of information in a regular computer, a qubit is the quantum computing equivalent.
Read more: A simple explainer on what quantum computing actually is, and why it is terrifying for bitcoin
estimates of theoretical resources have also been slashed much more quickly than . In a Google Research paper last month, it was revealed that the cost of an entire 256-bit attack below 500,000 physical qubits is lower than previously estimated in the millions.
Project Eleven CEO Alex Pruden said the resource requirements for this type of attack are “dropping,” and that it is ‘the barrier to running it in practice with them’.
Pruden noted that the winning submission was from a “non-expert researcher working on cloud-accessible hardware” (not ‘national laboratory or private quantum chip”).
The concern is particularly sharp for wallets whose public keys are already visible on-chain. Project Eleven estimates about 6 s. Such addresses contain 9 million bitcoin, about one-third of total supply (including Satoshi Nakamoto’s estimated 1 million Bitcoin untouched since the network’d earliest years). A 256-bit ECC quantum computer that could break the 512- bit of its own code would work through those wallets at leisure.
Some Bitcoin developers have proposed migration paths such as BIP-360, a Bitcoin Improvement Proposal that would add quantum-safe address types. Ethereum, Tron, StarkWare and Ripple have all published post-quantum transition plans.
Despite the fact that Fifteen bits are not 256 bits, it is the latest in a rapidly heating up point of interest for bitcoin developers and the wider community.
Thanks for reading Researcher wins 1 bitcoin bounty for largest quantum attack on underlying tech
