The quantum attack Bitcoin has spent years dealing with, as tomorrow’s problem has become a little less theoretical.
Quantum security startup Project Eleven says it has awarded its 1 bitcoin The Q-Day Prize was awarded to independent researcher Giancarlo Lelli on Friday after he cracked a 15-bit elliptic curve key on publicly available quantum hardware, thereby deriving a private encryption key from its public counterpart.
The bounty is worth around $78,000 at current prices. It would be the largest public demonstration of the attack class that could one day threaten bitcoin, ether (ETH), and most major blockchains.
Project Eleven awards 1 BTC Q-Day prize for largest quantum attack on elliptic curve cryptography to date
A researcher breaks the 15-bit ECC key on publicly available quantum hardware in a 512-fold jump from the previous public demonstration.
Project Eleven today awarded Q-Day…
– Project Eleven (@projecteleven) April 24, 2026
Elliptic curve cryptography is the calculation that allows a crypto wallet to prove that it controls funds without revealing its private key. A public key may be visible to everyone, but in practice, deriving the corresponding private key is supposed to be impossible.
Quantum computers running Shor’s algorithm, a quantum technique first proposed in 1994, challenge this assumption by attacking the underlying logic that secures these signatures.
Lelli’s result does not mean that Bitcoin is about to be hacked. Bitcoin uses 256-bit elliptic curve security. A 15-bit key has a search space of 32,767 possibilities, which is tiny in comparison. The award was designed to measure whether quantum attacks against real crypto-based products move from white papers to public hardware experiments.
The previous public break was a 6-bit demonstration performed by Steve Tippeconnic in September 2025 using IBM’s 133-qubit quantum computer. Lelli’s 15-bit result multiplied that result 512 times in seven months.
A bit is the smallest unit of information in an ordinary computer, a qubit is the quantum computing equivalent.
Read more: A simple explanation of what quantum computing really is and why it’s terrifying for Bitcoin
Theoretical resource estimates fell even faster. A Google research paper published last month estimates the cost of a full 256-bit attack at less than 500,000 physical qubits, down from previous estimates of several million.
“The resource requirements for this type of attack continue to decline, and the barriers to putting them into practice are decreasing with them,” said Alex Pruden, CEO of Project Eleven.
Pruden noted that the winning submission came from an independent researcher working on cloud-accessible hardware, not a national lab or private quantum chip.
The concern is greatest for wallets whose public keys are already visible on the chain. Project Eleven estimates that about 6.9 million bitcoins are located at these addresses, or about a third of the total supply, including the one million bitcoins Satoshi Nakamoto estimated have been untouched since the network’s early years. Any quantum computer capable of breaking 256-bit ECC could use these wallets at leisure.
Bitcoin developers have proposed migration paths, including BIP-360, a proposed Bitcoin enhancement that would add quantum-secure address types. Ethereum, Tron, StarkWare, and Ripple have each released post-quantum transition plans.
Fifteen bits does not equal 256 bits, but is the latest burgeoning point of interest for Bitcoin developers and the wider community.
