The quantum attack Bitcoin has spent years treating as tomorrow’s problem just got a little less theoretical.
Quantum security startup Project Eleven said it awarded its 1 bitcoin Q-Day Prize to independent researcher Giancarlo Lelli on Friday after he broke a 15-bit elliptic curve key on publicly accessible quantum hardware, deriving a private encryption key from its public counterpart.
The bounty is worth roughly $78,000 at current prices. It is said to be the largest public demonstration of the attack class that could one day threaten bitcoin, ether (ETH) and most major blockchains.
Project Eleven Awards 1 BTC Q-Day Prize for Largest Quantum Attack on Elliptic Curve Cryptography to Date
Researcher breaks 15-bit ECC key on publicly accessible quantum hardware in a 512x jump from the previous public demonstration.
Project Eleven today awarded the Q-Day…
— Project Eleven (@projecteleven) April 24, 2026
Elliptic curve cryptography is the math that lets a crypto wallet prove it controls funds without revealing its private key. A public key can be visible to everyone, but deriving the corresponding private key is supposed to be impossible in practical terms.
Quantum computers running Shor’s algorithm, a quantum technique first proposed in 1994, challenge that assumption by attacking the underlying logic that secures those signatures.
Lelli’s result does not mean bitcoin is close to being cracked. Bitcoin uses 256-bit elliptic curve security. A 15-bit key has a search space of 32,767 possibilities, tiny by comparison. The prize was designed to measure whether quantum attacks on real cryptography-based products are moving from white papers into public hardware experiments.
The previous public break was a 6-bit demonstration by Steve Tippeconnic in September 2025 using IBM’s 133-qubit quantum computer. Lelli’s 15-bit result expanded that by a factor of 512 in seven months.
A bit is the smallest unit of information in a regular computer, a qubit is the quantum computing equivalent.
Read more: A simple explainer on what quantum computing actually is, and why it is terrifying for bitcoin
Theoretical resource estimates have dropped even faster. A Google Research paper last month put the cost of a full 256-bit attack below 500,000 physical qubits, down from earlier estimates in the millions.
“The resource requirements for this type of attack keep dropping, and the barrier to running it in practice is dropping with them,” Project Eleven CEO Alex Pruden said.
Pruden noted the winning submission came from an independent researcher working on cloud-accessible hardware, not a national laboratory or a private quantum chip.
The concern is sharpest for wallets whose public keys are already visible on-chain. Project Eleven estimates roughly 6.9 million bitcoin sit in such addresses, about one-third of total supply, including Satoshi Nakamoto’s estimated 1 million bitcoin untouched since the network’s earliest years. Any quantum computer capable of breaking 256-bit ECC could work through those wallets at leisure.
Bitcoin developers have proposed migration paths including BIP-360, a Bitcoin Improvement Proposal that would add quantum-safe address types. Ethereum, Tron, StarkWare, and Ripple have each published post-quantum transition plans.
Fifteen bits is not 256 bits, but is the latest in a rapidly heating up point of interest for bitcoin developers and the broader community.
