Independent researcher Giancarlo Lelli has broken a 15-bit elliptic curve cryptographic key on publicly accessible quantum hardware, earning a 1 BTC reward from post-quantum security startup Project Eleven. Project Eleven described it as the largest public quantum attack demonstration on elliptic curve cryptography to date.
The result is a 512-fold jump from the previous public benchmark. Engineer Steve Tippeconnic broke a 6-bit key in September 2025 using IBM’s 133-qubit quantum computer. Lelli’s 15-bit figure blew past that in seven months.
What Lelli Actually Did
Lelli used a roughly 70-qubit publicly available quantum device to run a variant of Shor’s algorithm. He derived a private key from its corresponding public key across a search space of 32,767 possible values. The attack targeted the Elliptic Curve Discrete Logarithm Problem, the mathematical foundation securing wallets on Bitcoin, Ethereum, and most major blockchains.
Project Eleven CEO Alex Pruden said the submission came from an independent researcher on cloud-accessible hardware, not a national lab or private quantum chip.
“The resource requirements for this type of attack keep dropping, and the barrier to running it in practice is dropping with them,” Pruden said. “The winning submission came from an independent researcher working on cloud-accessible hardware. No national lab, no private chip.”
Bitcoin still runs on 256-bit elliptic curve cryptography. That is a very long distance from 15 bits. But the gap is shrinking faster than many anticipated.
The 6.9 Million BTC Problem
According to Wu Blockchain on X, industry estimates now put the physical qubit requirement for a full 256-bit ECC break at roughly 500,000, down sharply from earlier projections in the millions. That figure comes from a Google Research paper published in April 2026. A separate Caltech and Oratomic paper brought the estimate even lower, to around 10,000 qubits in a neutral-atom architecture.
Project Eleven estimates approximately 6.9 million Bitcoin sit in addresses with exposed public keys. That is roughly one-third of total supply. Satoshi Nakamoto’s estimated 1 million BTC, untouched since Bitcoin’s earliest days, falls in that group.
Any machine capable of running Shor’s algorithm at 256-bit scale could work through those wallets. No warning. No public signal. Bitcoin developers have proposed BIP-360, a migration path that would add quantum-resistant address types to the network. BIP-361 would phase out older signature schemes. Both are under active discussion.
Ethereum, StarkWare, and Ripple each published post-quantum transition plans. The Ethereum Foundation formed a dedicated post-quantum security team.
TRON Moves First on Mainnet
The broader blockchain space is moving. But one network set a hard date.
Justin Sun, founder of TRON, pointed directly to the quantum threat on X. In a post on X, Sun said TRON will launch a quantum-resistant network on testnet in Q2 2026 and on the mainnet in Q3 2026, calling it the world’s first quantum-resistant network. He tied the upgrade explicitly to AI development, noting that quantum computing’s decryption capability is the core risk that comes with accelerating AI adoption.
“As the founder of a major cryptocurrency, we should, while focusing on the benefits of AI applications, pay close attention to the risks brought by AI development, with quantum computing’s decryption being the most core key,” Sun wrote, adding that TRON users’ funds would remain secure in the AI era.
That timeline matters. While Bitcoin’s BIP-360 is still a proposal, TRON’s rollout has a concrete quarter attached to it. For holders on that network, the migration is not theoretical.
The Lelli result sharpened that urgency. Italian researcher Lelli told Decrypt he joined Project Eleven’s competition out of passion for technology and a desire to challenge himself. He said the result should be read as proof that technology is moving forward, not as a cause for panic. His exact framing: watch it, do not ignore it.
Project Eleven’s Pruden echoed that tone but made clear the direction of travel.
“We’re still far, objectively, from the point at which you could actually break Bitcoin,” Pruden told Decrypt. “But how long will it take to close that gap, and will we know the closer we get? I don’t know that we will.”
Skeptics Push Back Hard
Not everyone treated the result as a milestone. Coinkite founder Rodolfo Novak called Project Eleven’s framing “theater” on X. His argument: the private key in the demonstration was classically solved before the quantum circuit ran, meaning the system was told the answer rather than finding it. Researcher Yuval Adam confirmed the outcome by swapping Lelli’s IBM backend with Linux’s classical random number generator and recovering the same key.
Bitcoin developer Jonas Schnelli analyzed the circuit and found the IBM hardware produced outputs statistically indistinguishable from random noise, suggesting no real quantum advantage at this scale. Community Notes on Project Eleven’s announcement post reflected the same critique.
Project Eleven acknowledged the limitation. Pruden said NISQ-era experiments routinely depend on classical assistance. He still argued the result counts as incremental, reproducible progress on accessible hardware. The company, backed by Coinbase Ventures and Castle Island Ventures, sells post-quantum cryptography tools and created the Q-Day Prize to encourage public benchmarking.
Blockstream CEO Adam Back said at Paris Blockchain Week in April that preparation should begin now even if the actual threat is decades away. Bernstein described the quantum computing risk as a medium to long-term upgrade cycle, not an immediate danger, and put the Bitcoin community’s preparation window at three to five years.
Fifteen bits is not 256. But seven months ago it was six.
