Researcher Wins 1 BTC Bounty for Record Quantum Attack on ECC
Independent researcher Giancarlo Lelli won Project Eleven's 1 BTC Q-Day Prize for cracking a 15-bit elliptic curve key on public quantum hardware, a 512x leap from prior demonstrations. While far from threatening 256-bit Bitcoin keys, the feat signals accelerating quantum progress, raising urgency for post-quantum cryptography in crypto.
Quick Take
Lelli broke a 15-bit ECC key, 512x larger than previous record.
Attack used publicly accessible quantum hardware, not a national lab.
6.9M BTC in exposed public-key addresses face future quantum risk.
Developers propose quantum-safe upgrades; Google targets 2029 migration.
Market Impact Analysis
BearishQuantum computing advances threaten the long-term security of proof-of-work blockchains, potentially undermining trust; however, practical 256-bit breaks are still likely years away.
Speculation Analysis
Key Takeaways
- Independent researcher Giancarlo Lelli broke a 15-bit elliptic curve key using publicly available quantum hardware — a 512x jump from the previous 6-bit record.
- The attack netted a 1 BTC bounty from Project Eleven, proving quantum threats are shifting from theory to real-world experimentation.
- Bitcoin’s 256-bit keys remain out of reach, but 6.9 million BTC sitting in addresses with exposed public keys face a time-bomb risk.
- Google now estimates 500,000 qubits could break a 256-bit key — a sharp drop from earlier estimates, compressing the perceived timeline.
What Happened
Cryptography researcher Giancarlo Lelli claimed a 1 BTC bounty by breaking a 15-bit elliptic curve key on publicly accessible quantum hardware. The award came from Project Eleven’s Q-Day Prize, a challenge designed to test whether quantum attacks can move out of academic theory and onto real machines.
Lelli used Shor’s algorithm to derive a private key from its public counterpart — the exact threat that looms over Bitcoin’s security model. While a 15-bit key is trivially small compared to the 256-bit keys used by Bitcoin, the demonstration represents the largest public quantum attack on elliptic curve cryptography to date. It was a 512-fold increase in key size broken over the previous record, set just seven months ago.
The event signals that quantum computing is no longer a distant scary story but an evolving capability being tested on real cryptography today.
The Numbers
The 15-bit break may sound tiny — the search space is only 32,767 possibilities. But the progress is accelerating at a pace that alarms security experts. In September 2025, a researcher cracked a 6-bit key using IBM’s quantum computer. Lelli’s attack expanded that by a factor of 512 in under a year.
Meanwhile, Google’s researchers recently revised the resource estimate for a full 256-bit attack below 500,000 physical qubits, down from prior forecasts in the millions. That number is still far beyond today’s systems, which barely exceed 1,000 qubits, but the trend line is steepening.
Project Eleven estimates 6.9 million BTC — roughly a third of total supply — sit in addresses whose public keys are visible on-chain, including Satoshi’s estimated 1 million BTC. Those coins would be directly vulnerable if a large-scale quantum computer emerges.
Why It Happened
The Q-Day Prize was specifically designed to spur public experimentation. By dangling a 1 BTC carrot, Project Eleven attracted talent from outside traditional quantum labs. Lelli, an independent researcher, accessed quantum hardware via cloud services — making the barrier to entry surprisingly low.
Underlying this is a broader reality: quantum computing is improving faster than many expected. The theoretical resource requirements for breaking ECC keep dropping, and more researchers have the tools to test them. As Project Eleven CEO Alex Pruden put it, “The resource requirements keep dropping, and the barrier to running it in practice is dropping with them.”
Crypto’s own security model, built on the assumption that private keys can’t be reversed from public keys, is now feeling the early heat of quantum progress.
Broader Impact
This demonstration will force crypto developers to treat post-quantum upgrades as an urgent priority. Proposals for quantum-safe signature schemes are already on the table, but network-wide changes in decentralized systems are notoriously slow.
The fact that 6.9 million BTC, including Satoshi’s coins, are exposed creates a ticking clock. A future quantum attacker could sweep through those addresses, crushing confidence in Bitcoin’s security promise. The event also highlights the divide between blockchains that can upgrade quickly and those locked into static infrastructure.
What to Watch Next
- Quantum-resistant upgrades: Watch for concrete improvement proposals for Bitcoin and Ethereum, with a Google-led push targeting migration by 2029.
- Hardware milestones: Monitor qubit growth and error correction breakthroughs — crossing 1,000 logical qubits would be a red flag.
- Larger key attacks: Expect more researchers to attempt 20‑bit or even 30‑bit breaks using similar public cloud hardware, further compressing timelines.
Always late to trends?
Join for the latest news, insights & more.
Disclaimer: Bytewit is an independent media outlet that delivers news, research, and data.
© 2026 Bytewit. All Rights Reserved. This article is for informational purposes only.
