Project Eleven named independent researcher Giancarlo Lelli as the winner of its one Bitcoin Q-Day Prize after he used publicly accessible quantum hardware to break a 15-bit elliptic curve key, setting a new public benchmark for an attack class that could one day threaten major blockchain networks.
The quantum security firm said Lelli derived a private key from its public key across a search space of 32,767 using a variant of Shor’s algorithm, which targets the Elliptic Curve Discrete Logarithm Problem, the mathematical foundation behind many blockchain signature systems.
Quantum Risk Becomes Harder to Ignore
The result does not mean Bitcoin’s cryptography has been broken at real-world scale. Bitcoin relies on 256-bit elliptic curve security, leaving a wide gap between the latest 15-bit demonstration and the level required to threaten fully secured wallets.
Still, Project Eleven framed the result as evidence that quantum attacks on elliptic curve cryptography are moving beyond theory and into practical experiments on accessible machines.
The company said Lelli’s result represents a 512-fold increase from a 6-bit public demonstration carried out in September 2025.
Alex Pruden, Project Eleven’s chief executive, said the outcome showed that the resource requirements and practical barriers for such attacks continue to decline, adding that the winning submission came from an independent researcher using cloud-accessible hardware rather than a national laboratory or private chip.
Bitcoin Wallet Exposure Remains Key Concern
Elliptic curve cryptography allows crypto users to prove ownership of assets without revealing private keys. The risk from quantum computing is that sufficiently powerful machines running Shor’s algorithm could one day reverse that protection by deriving private keys from public keys.
Project Eleven said about 6.9 million Bitcoin are held in wallets whose public keys are visible on-chain, making them more exposed to future quantum risks than addresses where public keys remain hidden until funds are spent.
The latest demonstration comes as estimates for large-scale quantum attacks continue to fall. Project Eleven cited recent research suggesting that the resources needed for a 256-bit attack could be lower than previously assumed, although such a breakthrough remains far beyond today’s public demonstration.
Post-Quantum Migration Pressure Builds
This incedent adds more pressure on blockchain developers and digital asset platforms to prepare migration paths toward post-quantum cryptography before quantum hardware reaches dangerous levels.
That urgency is already showing across the industry, as Circle, the issuer of the USDC stablecoin, said its Arc blockchain would support post-quantum security features at launch, arguing that institutions cannot afford to wait for a future “Q-Day” before upgrading their cryptographic defences.
The company said the shift would require changes across the full technology stack, including wallets, transaction signatures, validators, hardware security modules, MPC systems, smart contract authorisations and address migration.
