Share
Project Eleven announced on April 24 that it has awarded its Q-Day Prize, a one Bitcoin bounty currently worth approximately $78,000, to independent researcher Giancarlo Lelli for breaking a 15-bit elliptic curve key on a publicly accessible quantum computer.
The result is the largest public demonstration to date of the attack class that threatens Bitcoin, Ethereum, and over $2.5 trillion in ECC-secured digital assets.
Project Eleven Awards 1 BTC Q-Day Prize for Largest Quantum Attack on Elliptic Curve Cryptography to Date
Researcher breaks 15-bit ECC key on publicly accessible quantum hardware in a 512x jump from the previous public demonstration.
Project Eleven today awarded the Q-Day…
— Project Eleven (@projecteleven) April 24, 2026
Lelli derived a private key from its public key across a search space of 32,767 using a variant of Shor’s algorithm. Shor’s targets the Elliptic Curve Discrete Logarithm Problem, the math underlying digital signature schemes securing Bitcoin, Ethereum, and most major blockchains.
The previous public benchmark was a 6-bit elliptic curve break by Steve Tippeconnic in September 2025, executed on IBM’s 133-qubit quantum computer. Lelli’s 15-bit result extends it by a factor of 512 in seven months.
The pace matters more than the absolute numbers. ECC attacks moving from theory to practice on cloud-accessible hardware in under a year is the meaningful trend, not the gap between 15 bits and Bitcoin’s 256-bit security standard.
Lelli’s submission came from an independent researcher, not a national lab or a private quantum chip. The democratization of the attack vector is the part most likely to accelerate the post-quantum migration debate.
The practical demonstration arrives alongside sharp reductions in the theoretical resource requirements for a full 256-bit attack. Google Research’s April 2026 whitepaper put the cost below 500,000 physical qubits, down from earlier estimates measured in the millions. A subsequent paper from Caltech and Oratomic pushed the figure down to 10,000 qubits in a neutral-atom architecture.
Grayscale Research's analysis of the @Google Quantum AI paper suggests breakthroughs may come in sudden leaps, not gradual steps. That means preparation can’t be delayed.
The good news:
• Post-quantum cryptography already exists
• Some chains like $SOL and $XRP Ledger are… pic.twitter.com/r5vtnnWCJj— Grayscale (@Grayscale) April 6, 2026
‘The resource requirements for this type of attack keep dropping, and the barrier to running it in practice is dropping with them,’ said Alex Pruden, CEO of Project Eleven. ‘The winning submission came from an independent researcher working on cloud-accessible hardware. No national lab, no private chip. It shows that tangible progress is possible and underscores the urgency of migrating to post-quantum cryptography sooner rather than later. Google just committed to being quantum-secure by 2029. The window to get ahead of this is closing.’
The exposure profile has not changed since the Coinbase Advisory Board’s April 21 paper, but the urgency framing has. Project Eleven estimates roughly 6.9 million Bitcoin, about one-third of the total supply, sit in addresses where public keys are visible on-chain. That includes any wallet that has made an outbound transaction (the act of spending reveals the public key), as well as early P2PK addresses, including Satoshi Nakamoto’s estimated 1 million BTC, untouched since the network’s earliest years.
Today we've published the first position paper from the Coinbase Independent Advisory Board on Quantum Computing and Blockchain, a group of leading researchers from Stanford, UT Austin, the Ethereum Foundation, and beyond.
The short version: your crypto is safe today. But a…
— Philip Martin (@SecurityGuyPhil) April 21, 2026
A sufficiently powerful quantum computer could derive private keys for any of those wallets at leisure. Wallets protected behind hash functions remain safer until a transaction is made.
Bitcoin’s developer community has responded with a two-BIP stack. BIP-360 introduces a quantum-resistant output type, P2MR, for newly created coins. BIP-361, submitted on April 14 by Jameson Lopp and five co-authors, handles the existing exposed supply through a three-phase soft fork that would eventually freeze unmigrated funds with ZK-proof recovery. Lopp’s framing is adversarial: coins stolen by a quantum computer would devalue every other Bitcoin.
Ethereum, Tron, StarkWare, and Ripple have each published plans for a post-quantum transition. Ethereum’s roadmap is the most developed, with PQ research integrated into the Hegotá upgrade targeting H2 2026.
The Lelli result has not produced consensus on urgency. Bernstein research recently characterized quantum computing as a medium- to long-term upgrade cycle rather than an immediate risk, arguing that 256-bit attacks remain years away. NVK’s framing captures the middle ground: ‘The quantum threat to Bitcoin is real but distant. The most dangerous thing isn’t quantum computers, it’s complacency disguised as either panic or dismissal.’
— nvk 🌞 (@nvk) April 6, 2026
The structural counter to the urgency case: 15 bits is still 241 bits short of Bitcoin’s 256-bit standard, and the scaling challenge is non-linear. Each additional bit requires roughly an exponential increase in the number of qubits and gate fidelity. The gap closes faster than the linear progression of public benchmarks suggests, but not as fast as the 512 times figure implies.
Project Eleven says its next challenge will focus on the intersection of frontier AI models and quantum cryptanalysis. The implication: AI-accelerated optimization of quantum algorithms could further compress the timeline. The Q-Day Prize was paid in Bitcoin. The asset most exposed to the eventual breakthrough is the same asset that funds the research, bringing it closer.
Share
preferred on
