The gap between theory and practice in quantum attacks on cryptocurrency just narrowed by a factor of 512.
Quantum security startup Project Eleven awarded its Q-Day Prize – a full bitcoin, worth roughly $78,000 at current prices – to independent researcher Giancarlo Lelli on Friday. Lelli derived a private elliptic curve cryptography key from its public counterpart using a 15-bit key on cloud-accessible quantum hardware.
That makes it the largest public demonstration of the exact attack class that, at sufficient scale, could threaten every major blockchain from Bitcoin to Ethereum.
What Happened and Why It Matters
Elliptic curve cryptography (ECC) is the mathematical foundation that lets a crypto wallet prove ownership of funds without revealing the private key. Public keys sit in the open. Deriving the corresponding private key from a public key should be computationally impossible for classical machines.
Quantum computers running Shor’s algorithm – first proposed in 1994 – challenge that assumption by exploiting quantum parallelism to attack the underlying mathematical structure protecting those signatures.
Lelli’s achievement sits at 15 bits, which means a search field of 32,767 possibilities. Bitcoin uses 256-bit elliptic curve security. Nobody is claiming 15 bits threatens anyone’s holdings today. The significance is in the trajectory.
In September 2025, researcher Steve Tippeconnic broke a 6-bit key on IBM’s 133-qubit machine. Lelli expanded that by 512 times in about seven months. And crucially, he did it on publicly accessible hardware – no national laboratory, no private quantum chip.
The Resource Estimates Keep Shrinking
A Google Research paper published in March 2026 put the estimated cost of breaking a full 256-bit elliptic curve key below 500,000 physical qubits. Earlier estimates placed that figure in the millions. The direction of travel is consistent and accelerating.
“The resource requirements for this type of attack keep dropping, and the barrier to running it in practice is dropping with them,” Project Eleven CEO Alex Pruden said in a statement accompanying the award.
The startup estimates roughly 6.9 million bitcoin sit in addresses whose public keys are already exposed on-chain – about one-third of total circulating supply. That haul includes the estimated 1 million BTC attributed to Satoshi Nakamoto, untouched since Bitcoin’s earliest blocks. Any quantum machine capable of breaking 256-bit ECC could target those wallets without any time constraint.
What Crypto Projects Are Doing About It
The threat hasn’t gone unnoticed by developers. Bitcoin Improvement Proposal 360 (BIP-360) outlines a migration path toward quantum-resistant address types. If adopted, it would let users move their coins to addresses secured by cryptographic algorithms designed to withstand quantum attacks.
Ethereum, Tron, StarkWare, and Ripple have each published their own post-quantum transition plans in recent months. The question is less whether the industry will migrate and more whether it will migrate in time – and whether holders of legacy addresses will bother moving coins before the threat becomes practical.
A Growing Timeline of Demonstrations
The progression of public ECC breaks tells its own story:
- 2001: First theoretical application of Shor’s algorithm to a trivial factoring problem
- 2019: Google’s “quantum supremacy” claim with a 53-qubit processor on a non-cryptographic task
- September 2025: 6-bit ECC key broken on IBM quantum hardware
- April 2026: 15-bit ECC key broken on public cloud quantum hardware
Each step has closed the gap between laboratory curiosity and field-grade threat. The speed of progression has caused some cryptographers to revise their timelines from “decades” to “within the next 10 to 15 years.”
Context for Bitcoin Holders
For the average bitcoin holder using a modern wallet, the risk remains distant. Funds stored in addresses that have never spent a transaction – meaning the public key hasn’t been broadcast – are protected by an additional layer of hashing that quantum computers don’t efficiently attack.
The exposure is concentrated in older address formats, reused addresses, and certain institutional custody setups where public keys are visible on-chain.
Still, the Q-Day Prize serves its intended purpose: tracking how quickly quantum attacks on real cryptographic primitives move from theory papers to something anyone with a credit card and cloud access can attempt.
FAQ
Can quantum computers steal my Bitcoin today?
No. The 15-bit key broken in this demonstration is astronomically smaller than Bitcoin’s 256-bit keys. Current quantum hardware lacks the qubit count and error correction needed to attack real-world cryptocurrency wallets. The significance is in the rate of progress, not the current capability.
What is BIP-360?
BIP-360 is a Bitcoin Improvement Proposal that would introduce quantum-safe address types to Bitcoin. It provides a migration path for users to move coins into addresses protected by post-quantum cryptographic algorithms, which are designed to resist attacks from both classical and quantum computers.
How many Bitcoin are at risk from future quantum attacks?
Project Eleven estimates approximately 6.9 million BTC – about one-third of total supply – sit in addresses where the public key is already visible on-chain. These would be the first targets if a quantum computer achieved sufficient capability.
Sources: CoinDesk, Cointelegraph, Project Eleven announcement
