On April 24, 2026, Project Eleven awarded 1 Bitcoin to Italian researcher Giancarlo Lelli for breaking a 15-bit elliptic curve cryptography key on a publicly accessible quantum computer. This is the largest such demonstration ever conducted in the open. Real Bitcoin wallets rely on 256-bit keys, so the direct threat remains distant. But the progress is no longer purely theoretical.
What Is the Q-Day Prize and Why Did Project Eleven Launch It?
Project Eleven researches quantum risks for blockchain networks. In 2025, the company launched the Q-Day Prize, offering 1 BTC to whoever could break the largest elliptic curve cryptography key on publicly available quantum hardware. The name refers to the hypothetical Q-Day, the moment when quantum machines become capable of breaking the encryption that secures billions of dollars in crypto wallets worldwide.
Until 2026, public quantum computers had only demonstrated trivial calculations, such as factoring the number 21 into 3 and 7. Critics argued these machines would never reach the level needed for real attacks on cryptography. The Q-Day Prize aimed to produce a measurable public benchmark and challenge that skepticism. Lelli did exactly that, expanding the previous public record by 512 times.
The contest is part of a broader research program. Project Eleven publishes analysis on quantum threats to blockchains and advises organizations on strategies for transitioning to post-quantum cryptography. The 1 BTC reward was worth nearly $78,000 at the time of payment.
How Did Lelli Conduct the Attack and What Is Shor's Algorithm?
Lelli used a variant of Shor's algorithm on a quantum computer with approximately 70 qubits. Unlike classical bits, qubits can exist in multiple states at the same time through the phenomenon of superposition. This property gives quantum machines a decisive advantage when solving the discrete logarithm problem, which is the mathematical foundation of elliptic curve encryption.
The target key was 15 bits in size, representing 32,767 possible values. Once the algorithm was configured, the actual attack completed in minutes. The result was verified by an independent panel that included researchers from the University of Wisconsin-Madison and quantum software company qBraid. This was a real attack on real publicly accessible hardware, not a simulation.
- Shor's algorithm computes discrete logarithms and factors large numbers far faster than any classical algorithm
- Elliptic curve cryptography (ECC) secures digital signatures in Bitcoin, Ethereum, and most modern blockchains
- 70 qubits were enough for a 15-bit key, while breaking a real Bitcoin key would require between 10,000 and 500,000 physical qubits depending on the architecture
- Independent review rules out questions about the validity of the methodology
How Real Is This Risk for Bitcoin Right Now?
Bitcoin uses 256-bit keys on the secp256k1 curve. The gap between 15 and 256 bits is expressed in numbers that are hard to even write down: the number of possible values in a 256-bit key exceeds the number of atoms in the observable universe. Google estimates the minimum threshold for attacking a real Bitcoin key at around 500,000 physical qubits. Researchers at Caltech and Oratomic offer a more optimistic figure of 10,000 to 20,000 qubits using a neutral-atom architecture.
Project Eleven CEO Alex Pruden is candid: "we're still far, objectively, from the point at which you could actually break Bitcoin." But he also says the pace of progress is hard to predict, and major players in the field are publishing increasingly aggressive hardware roadmaps. Current public quantum machines range from tens to thousands of qubits, but error rates are still too high for complex attacks.
Cryptographers and developers continue to debate the actual timeline. One camp argues that 2029 is premature and that quantum scaling faces serious technical barriers. The other points out that transitioning to quantum-resistant cryptography will itself take years, so the work needs to start now.
When Could Q-Day Actually Arrive?
Project Eleven puts the worst-case scenario at 2029. This aligns with Google's projection: in March 2026, Google set an internal deadline to complete its own transition to post-quantum cryptography by the same year. Pruden says AI is speeding up the process, improving quantum error correction and helping identify weaker cryptographic targets.
About 6.9 million Bitcoin sit in wallets with public keys visible on-chain. These coins are the first candidates for attack if quantum computers reach the required capability. Early network wallets, including coins from the very first blocks, fall into this category.
Beyond hardware progress, Pruden points to artificial intelligence as a separate accelerant. AI models are already helping develop more efficient quantum error-correction algorithms. If that work continues to advance, the actual qubit count needed to attack Bitcoin could turn out to be much lower than current estimates suggest.
What Are Bitcoin and Ethereum Developers Already Doing?
The Bitcoin community is considering two separate BIPs. BIP-360 introduces a transaction format that is resistant to quantum attacks. BIP-361 calls for gradually phasing out older signature schemes and potentially freezing coins belonging to holders who do not migrate to new addresses before a set deadline. Debate around these proposals began in 2025 and is still ongoing.
The Ethereum Foundation has assembled a dedicated post-quantum security team. Ethereum co-founder Vitalik Buterin has outlined a roadmap for replacing vulnerable cryptographic components across the network. Both projects accept that the transition will take years, which is why preparations are starting now rather than waiting for the threat to become an operational reality.
Comments
Your email address will not be published. Required fields are marked *