An independent Italian cryptography researcher has won a 1 Bitcoin prize after becoming the first person to publicly break a 15-bit elliptic curve private key using a cloud-accessible quantum computer. Giancarlo Lelli, operating without institutional funding or national laboratory support, submitted his result to Project Eleven, a security research organization running the "Q-Day Prize," on Friday, April 24, 2026. The company confirmed the win and paid out the 1 BTC reward, valued at approximately $68,000. The result represents a 512-fold increase in search-space complexity over the previous public record, a 6-bit break achieved by engineer Steve Tippeconnic in September 2025. For broader context on the quantum computing threat landscape, see the ObjectWire Technology hub.
The Attack | 27 Qubits, Shor's Algorithm, 45 Minutes on Cloud Hardware
Lelli used a cloud-accessible quantum device with approximately 70 physical qubits, of which roughly 27 were active in the computation, and an optimized variant of Shor's algorithm designed to minimize qubit overhead during the modular arithmetic phase of elliptic curve discrete logarithm solving. The full computation ran in approximately 45 minutes, producing the 15-bit private key from its public counterpart with verified correctness.
The attack targeted Elliptic Curve Cryptography (ECC), the mathematical foundation underlying Bitcoin, Ethereum, and most modern blockchain address schemes. A 15-bit key has a search space of 32,767 possible values. Bitcoin uses 256-bit keys, which have a search space of approximately 1.15 x 10^77 possibilities, an astronomical gap by any measure. But the significance of Lelli's result lies not in the key size itself, it lies in demonstrating that high-level quantum attacks against ECC are now executable by individuals renting time on commercial cloud quantum platforms, without access to proprietary research hardware.
Why the Gap Is Shrinking | Google's 1,200-Qubit Paper and the Engineering Shift
Project Eleven CEO Alex Pruden acknowledged that the distance between 15 and 256 bits remains "enormous," but framed the trajectory as an engineering problem rather than a fundamental physics barrier. Three developments have accelerated that framing in recent months.
First: algorithmic efficiency gains. A March 2026 white paper published by Google Quantum AI suggested that a full 256-bit ECC break could theoretically be achieved with fewer than 1,200 logical qubits, a reduction of roughly 20 times compared to estimates published just three months earlier. That single paper shifted the goalposts on the quantum threat timeline more than any hardware announcement in years.
Second: public accessibility. Lelli's win establishes that competitive quantum cryptanalysis no longer requires a billion-dollar national program. Cloud quantum platforms, including devices from IBM, Google, and IonQ, are available to any researcher with a credit card. The barrier is now algorithmic skill and optimization, not hardware access.
Third: the "harvest now, decrypt later" window. Approximately 6.9 million Bitcoin sit in legacy P2PK (Pay-to-Public-Key) or reused address formats where the full public key is already exposed on-chain. These coins are passively harvestable today and become decryptable the moment sufficient quantum hardware exists. Most estimates place that threshold between 2028 and 2032 if current hardware scaling trajectories hold. For related coverage on the crypto policy and regulatory environment, see the ObjectWire Crypto hub.
Bitcoin's Response | BIP-360 and BIP-361 Fast-Tracked for Quantum-Resistant Addresses
The Bitcoin developer community has been aware of the theoretical quantum threat for years, but Lelli's practical demonstration accelerated the timeline on two specific protocol improvement proposals. BIP-360 and BIP-361 propose new output types that would allow users to voluntarily migrate their funds to addresses secured by lattice-based cryptography, specifically the CRYSTALS-Dilithium signature scheme standardized by NIST in 2024, which is currently believed to be resistant to both classical and quantum computational attacks, including Shor's algorithm.
Migration would not be automatic or mandatory under either proposal. Users holding funds in vulnerable legacy address formats would need to actively move their coins to the new output types before quantum hardware reaches the 256-bit threshold. The practical challenge is that a significant fraction of the 6.9 million Bitcoin in P2PK addresses belong to early miners who may be deceased, have lost access to their keys, or are operating under pseudonyms with no reachable identity.
Ethereum, which uses the same ECC curve (secp256k1) as Bitcoin, faces an identical exposure profile. The Ethereum Foundation has published a separate post-quantum roadmap but has not committed to a specific activation timeline. For related reporting on technology infrastructure risks intersecting with the financial sector, see ObjectWire's coverage of the helium crisis and semiconductor supply chain vulnerability.
Lelli's 1 BTC prize arrived at a moment when the question of "when" quantum breaks Bitcoin is shifting from theoretical to logistical. The answer is no longer defined by whether it is physically possible, but by how long it takes the engineering to close the remaining gap.