The quantum attack Bitcoin has spent years processing as tomorrow’s problem just got a little less theoretical.
Quantum security startup Project Eleven said it awarded its 1 bitcoin Q-Day award to independent researcher Giancarlo Lelli on Friday after he cracked a 15-bit elliptic curve key on publicly available quantum hardware, deriving a private encryption key from its public counterpart.
The bounty is worth about $78,000 in current prices. It is said to be the largest public demonstration of the class of attack that could one day threaten bitcoin, ether (ETH) and most major blockchains.
Project Eleven Awards 1 BTC Q-Day Prize for the largest quantum attack on elliptic curve cryptography to date
Researchers crack 15-bit ECC key on publicly available quantum hardware in a 512x jump from the previous public demonstration.
Today Project Eleven awarded Q-Day…
— Project Eleven (@projecteleven) April 24, 2026
Elliptic curve cryptography is the math that lets a crypto wallet prove it controls money without revealing its private key. A public key may be visible to everyone, but deriving the corresponding private key is supposed to be impossible in practice.
Quantum computers running Shor’s algorithm, a quantum technique first proposed in 1994, challenge this assumption by attacking the underlying logic that secures these signatures.
Lelli’s result does not mean that bitcoin is close to being cracked. Bitcoin uses 256-bit elliptic curve security. A 15-bit key has a search range of 32,767 possibilities, small by comparison. The award was designed to measure whether quantum attacks on real cryptography-based products are moving from white papers to public hardware experiments.
The previous public break was a 6-bit demonstration by Steve Tippeconnic in September 2025 using IBM’s 133-qubit quantum computer. Lelli’s 15-bit result expanded that by a factor of 512 in seven months.
A bit is the smallest unit of information in a regular computer, a qubit is the corresponding quantum calculation.
Read more: A simple explanation of what quantum computing actually is and why it’s scary for bitcoin
Theoretical resource estimates have fallen even faster. A Google Research paper last month put the cost of a full 256-bit attack at under 500,000 physical qubits, down from earlier estimates in the millions.
“The resource requirements for this type of attack keep falling, and the barrier to running it in practice keeps falling with them,” said Project Eleven CEO Alex Pruden.
Pruden noted that the winning entry came from an independent researcher working on cloud-accessible hardware, not a national lab or a private quantum chip.
The concern is greatest for wallets whose public keys are already visible on the chain. Project Eleven estimates that about 6.9 million bitcoins sit at such addresses, about a third of the total supply, including Satoshi Nakamoto’s estimated 1 million bitcoins untouched since the network’s earliest years. Any quantum computer capable of breaking 256-bit ECC could work through these wallets at will.
Bitcoin developers have proposed migration paths, including BIP-360, a Bitcoin improvement proposal that would add quantum-safe address types. Ethereum, Tron, StarkWare and Ripple have each released post-quantum transition plans.
Fifteen bits is not 256 bits, but is the latest in a rapidly heating up point of interest for bitcoin developers and the wider community.
