Quantum Breakthrough Cracks Tiny Bitcoin Key—But Real Threat Remains Far Off

Quantum Computer Cracks 15-Bit Key, But Bitcoin’s Security Holds Firm

On April 24, 2025, Project Eleven awarded its Q-Day Prize to Giancarlo Lelli, a researcher who successfully derived a 15-bit elliptic curve private key from its public key using publicly accessible quantum hardware. The achievement marks the largest public demonstration to date of an attack class that could one day threaten Bitcoin, Ethereum, and other systems secured by elliptic curve cryptography.

The prize included one Bitcoin, delivered in an ironic twist: a researcher won Bitcoin by breaking a miniature version of the very math that protects it. A 15-bit key is exponentially weaker than Bitcoin’s 256-bit elliptic curve, and no publicly known quantum computer can compromise real Bitcoin wallets today.

What Lelli Actually Demonstrated

Lelli employed a variant of Shor’s algorithm, a quantum method targeting the elliptic-curve discrete logarithm problem (ECDLP)—the mathematical foundation of Bitcoin’s signature scheme. His attack recovered a private key from a public key across a search space of 32,767 possible values.

The Q-Day Prize competition challenged entrants to break the largest possible ECC key on a quantum computer, with strict rules prohibiting classical shortcuts or hybrid approaches. Lelli’s 15-bit result surpassed the previous record—a 6-bit key demonstrated by Steve Tippeconnic in September 2025—by a factor of 512x, according to Project Eleven.

The winning quantum system reportedly used ~70 qubits, as reported by Decrypt. An independent review panel, including researchers from the University of Wisconsin-Madison and qBraid, validated the submission, Project Eleven stated.

Why This Result Matters—And Why It Doesn’t

What the article supports:

• A quantum computer broke a 15-bit ECC key: Giancarlo Lelli derived a 15-bit elliptic curve private key from its public key using publicly accessible quantum hardware, turning a theoretical quantum threat into a concrete public demonstration.
• Bitcoin itself was not hacked: The article explicitly states no publicly known quantum computer can break real Bitcoin wallets today, maintaining credibility and avoiding overstatement.
• The attack method is the same family relevant to Bitcoin: Lelli used a variant of Shor’s algorithm targeting ECDLP, which underpins Bitcoin’s signature scheme, connecting the toy demo to real cryptographic risks without claiming equivalence.
• The demo was conducted under constrained rules: The Q-Day Prize required entrants to break the largest possible ECC key on a quantum computer with no classical shortcuts or hybrid tricks, reinforcing the result’s significance as a quantum benchmark.
• The result is larger than prior public ECC demonstrations: Project Eleven described Lelli’s 15-bit achievement as a 512x improvement over Tippeconnic’s 6-bit September 2025 demonstration, showing the public frontier of quantum attacks is advancing.

Why the hype is exaggerated:

A 15-bit key is a toy lock picked with the same methods that could one day threaten a vault. The locksmiths have improved, and the vault—Bitcoin’s 256-bit security—holds for now.

While Google recently cut its ECDLP-256 resource estimates and set a 2029 migration deadline, the timeline reflects long-term preparation, not imminent danger. The gap between a 15-bit demo and a 256-bit attack remains vast, with no known quantum computer capable of bridging it today.

Key Takeaways

• Progress, not panic: Lelli’s work advances quantum attack demonstrations but does not threaten real-world Bitcoin security.
• Long-term vigilance: Systems like Bitcoin rely on elliptic curve cryptography, which quantum computers could theoretically break in the future—hence ongoing research and migration planning.
• Public validation: The Q-Day Prize and independent review add credibility to the result, distinguishing it from speculative claims.