The quantum attack that Bitcoin has spent years treating as if it were tomorrow’s problem has become a little less theoretical.
Quantum security startup Project Eleven said it awarded its 1 bitcoin Q-Day award to independent researcher Giancarlo Lelli on Friday after he cracked a 15-bit elliptic curve key on publicly accessible quantum hardware, deriving a private encryption key from its public counterpart.
The reward is worth approximately $78,000 at current prices. It is said to be the largest public demonstration of the kind of attack that could one day threaten bitcoin, ether (ETH), and most major blockchains.
Project Eleven Awards 1 BTC Q-Day Prize for Largest Quantum Attack on Elliptic Curve Cryptography to Date
A researcher breaks the 15-bit ECC key on publicly available quantum hardware in a 512-fold leap from the previous public demonstration.
Project Eleven received Q-Day today…
– Project Eleven (@projecteleven) April 24, 2026
Elliptic curve cryptography is the math that allows a crypto wallet to prove it controls funds without revealing its private key. A public key may be visible to everyone, but deriving the corresponding private key is supposed to be impossible in practical terms.
Quantum computers running Shor’s algorithm, a quantum technique first proposed in 1994, challenge that assumption by attacking the underlying logic that secures those signatures.
Lelli’s result does not mean that Bitcoin is close to being cracked. Bitcoin uses 256-bit elliptic curve security. A 15-bit key has a search space of 32,767 possibilities, small by comparison. The award was designed to measure whether quantum attacks on real crypto-based products are moving from white papers into public hardware experiments.
The previous public break was a 6-bit demonstration by Steve Tippeconnic in September 2025 using IBM’s 133-qubit quantum computer. Lelli’s 15-bit result expanded that by a factor of 512 in seven months.
A bit is the smallest unit of information in a normal computer, a qubit is the equivalent in quantum computing.
Read more: A simple explanation of what quantum computing really is and why it’s scary for Bitcoin.
Theoretical resource estimates have fallen even faster. A Google Research paper last month put the cost of a full 256-bit attack at less than 500,000 physical qubits, down from previous estimates of millions.
“The resource requirements for this type of attack continue to fall, and the barrier to executing it in practice is falling with them,” said Alex Pruden, CEO of Project Eleven.
Pruden noted that the winning proposal came from an independent researcher working on cloud-accessible hardware, not a national lab or a private quantum chip.
The concern is greatest for wallets whose public keys are already visible on-chain. Project Eleven estimates that approximately 6.9 million bitcoins are held at such addresses, about a third of the total supply, including Satoshi Nakamoto’s estimated 1 million bitcoins intact from the network’s early years. Any quantum computer capable of breaking 256-bit ECC could run those wallets in its spare time.
Bitcoin developers have proposed migration paths including BIP-360, a proposed Bitcoin improvement that would add quantum-safe address types. Ethereum, Tron, StarkWare and Ripple have published post-quantum transition plans.
Fifteen bits are not 256 bits, but they are the latest rapidly increasing point of interest for bitcoin developers and the community at large.
