What to know : An independent researcher used publicly accessible quantum hardware to break a 15-bit elliptic curve key, winning Project Eleven’s one bitcoin Q-Day Prize in the largest public demonstration yet of a quantum attack relevant to cryptocurrencies. While the feat is far from threatening bitcoin’s 256-bit elliptic curve security, it shows that practical quantum attacks on real cryptographic systems are progressing rapidly, with resource estimates for a full 256-bit break falling below 500,000 physical qubits. The advance is intensifying concern over the roughly 6.9 million bitcoin in addresses with exposed public keys and is adding urgency to post-quantum migration plans such as Bitcoin’s proposed BIP-360 and similar efforts by Ethereum, Tron, StarkWare and Ripple.
The quantum attack Bitcoin has spent years treating as tomorrow's problem just got a little less theoretical.
Quantum security startup Project Eleven said it awarded its 1 bitcoin Q-Day Prize to independent researcher Giancarlo Lelli on Friday after he broke a 15-bit elliptic curve key on publicly accessible quantum hardware, deriving a private encryption key from its public counterpart.
The bounty is worth roughly $78,000 at current prices. It is said to be the largest public demonstration of the attack class that could one day threaten bitcoin, ether (ETH) and most major blockchains.
Elliptic curve cryptography is the math that lets a crypto wallet prove it controls funds without revealing its private key. A public key can be visible to everyone, but deriving the corresponding private key is supposed to be impossible in practical terms.
Quantum computers running Shor's algorithm, a quantum technique first proposed in 1994, challenge that assumption by attacking the underlying logic that secures those signatures.
Lelli's result does not mean bitcoin is close to being cracked. Bitcoin uses 256-bit elliptic curve security. A 15-bit key has a search space of 32,767 possibilities, tiny by comparison. The prize was designed to measure whether quantum attacks on real cryptography-based products are moving from white papers into public hardware experiments.
The previous public break was a 6-bit demonstration by Steve Tippeconnic in September 2025 using IBM's 133-qubit quantum computer. Lelli's 15-bit result expanded that by a factor of 512 in seven months.
A bit is the smallest unit of information in a regular computer, a qubit is the quantum computing equivalent.
Read more: A simple explainer on what quantum computing actually is, and why it is terrifying for bitcoin
Theoretical resource estimates have dropped even faster. A Google Research paper last month put the cost of a full 256-bit attack below 500,000 physical qubits, down from earlier estimates in the millions.
"The resource requirements for this type of attack keep dropping, and the barrier to running it in practice is dropping with them," Project Eleven CEO Alex Pruden said.
Pruden noted the winning submission came from an independent researcher working on cloud-accessible hardware, not a national laboratory or a private quantum chip.
The concern is sharpest for wallets whose public keys are already visible on-chain. Project Eleven estimates roughly 6.9 million bitcoin sit in such addresses, about one-third of total supply, including Satoshi Nakamoto's estimated 1 million bitcoin untouched since the network's earliest years. Any quantum computer capable of breaking 256-bit ECC could work through those wallets at leisure.
Bitcoin developers have proposed migration paths including BIP-360, a Bitcoin Improvement Proposal that would add quantum-safe address types. Ethereum, Tron, StarkWare, and Ripple have each published post-quantum transition plans.
Fifteen bits is not 256 bits, but is the latest in a rapidly heating up point of interest for bitcoin developers and the broader community.
免责声明:本文章仅代表作者个人观点,不代表本平台的立场和观点。本文章仅供信息分享,不构成对任何人的任何投资建议。用户与作者之间的任何争议,与本平台无关。如网页中刊载的文章或图片涉及侵权,请提供相关的权利证明和身份证明发送邮件到support@aicoin.com,本平台相关工作人员将会进行核查。
