Quantum threat moves off the whiteboard: researcher wins 1 BTC for largest public quantum break yet
A previously theoretical quantum attack on blockchain cryptography just took a concrete step forward. Project Eleven, a quantum-security startup, awarded its 1 BTC Q-Day Prize (about $77,651.40) to independent researcher Giancarlo Lelli after he used publicly accessible quantum hardware to recover a private key from a 15-bit elliptic curve public key.
Why this matters
- Elliptic curve cryptography (ECC) is the backbone of how crypto wallets prove control of funds without exposing private keys. Public keys can be visible on-chain, but deriving the private key from them is supposed to be computationally infeasible.
- Quantum computers can run Shor’s algorithm, which targets the mathematical structure underpinning ECC. If scaled sufficiently, that would let attackers convert public keys into private keys and drain wallets.
- Lelli’s experiment is the largest public demonstration so far of this attack class, and it shows the techniques are moving from theory and lab white papers into cloud-accessible hardware experiments.
What happened
- Lelli broke a 15-bit ECC key, whose search space is just 32,767 possibilities. That’s tiny compared with Bitcoin’s 256-bit ECC protection, but it’s a 512x increase in complexity over the previous public demonstration (a 6-bit break in September 2025 by Steve Tippeconnic on IBM’s 133-qubit machine).
- The Q-Day Prize was explicitly designed to test whether quantum attacks on real cryptography are transitioning to publicly available devices rather than remaining purely theoretical.
How close is bitcoin to being cracked?
- Short answer: not close. Bitcoin uses 256-bit elliptic curve security — vastly larger than 15 bits. Lelli’s result is significant as a public, measurable step, not as proof of imminent collapse.
- Still, theoretical resource estimates are falling. A recent Google Research paper estimated the resources required for a full 256-bit ECC attack could be below 500,000 physical qubits, down from earlier estimates in the millions. “The resource requirements for this type of attack keep dropping, and the barrier to running it in practice is dropping with them,” Project Eleven CEO Alex Pruden said.
- Project Eleven highlighted that Lelli’s work ran on cloud-accessible hardware and was done by an independent researcher, not a well-funded national lab or private quantum company — a detail that underscores how access is widening.
The practical risk today
- The most immediate concern is for addresses whose public keys are already revealed on-chain. Project Eleven estimates roughly 6.9 million bitcoin sit in addresses with visible public keys — about one-third of the supply — including the roughly 1 million BTC tied to Satoshi Nakamoto’s early addresses.
- Any future quantum device able to break full 256-bit ECC could systematically target those wallets.
What the ecosystem is doing
- Bitcoin developers have proposed migration paths such as BIP-360 to add quantum-resistant address types.
- Other major projects — Ethereum, Tron, StarkWare and Ripple — have also published post-quantum transition plans.
Bottom line
Lelli’s 15-bit break isn’t a crisis for Bitcoin today, but it’s a wake-up call: public demonstrations of quantum attacks are advancing, resource estimates for full-scale attacks are declining, and more wallets could become vulnerable if quantum hardware continues to scale. The industry’s migration to quantum-safe cryptography remains a pressing, practical task rather than a distant theoretical worry.
Read more AI-generated news on: undefined/news
