Daily Crypto News & Musings

Quantum Attack Wins 1 BTC Bounty, Raising Real Bitcoin Security Concerns

24 April 2026 Daily Feed Tags: , , ,
Quantum Attack Wins 1 BTC Bounty, Raising Real Bitcoin Security Concerns
LTB

Italian researcher Giancarlo Lelli has landed a 1 BTC bounty after demonstrating the largest known quantum attack on elliptic curve cryptography (ECC) so far, a result that pushes the quantum threat to Bitcoin from abstract worry to something that deserves real engineering attention.

  • 1 BTC bounty awarded to Giancarlo Lelli on April 24
  • Shor’s algorithm used on cloud-accessible quantum hardware
  • Private key recovered from public key over a 32,767-value search gap
  • Bitcoin, Ethereum, and more than $2.5 trillion in ECC-based assets potentially exposed
  • Bitcoin and Ethereum developers already exploring post-quantum cryptography

Project Eleven awarded the prize as part of its quantum-security challenge, and the headline result is hard to ignore: Lelli used a variant of Shor’s algorithm to derive a private key from a public key across a 32,767-value search gap. That is not the same thing as cracking Bitcoin’s full 256-bit security, and anyone claiming otherwise is either confused or trying to sell you something. Still, it is a real demonstration that the gap between “theoretical” and “practical” is narrowing.

“Today… Giancarlo Lelli, an Italian researcher, was awarded a one-Bitcoin prize…”

What makes this more than a nerd trophy is the hardware story. The attack reportedly ran on cloud-accessible hardware with no special equipment, no institutional funding, and “nothing illegal.” In plain English: this was not a secret government lab flexing its muscles. It was a researcher using publicly available quantum access to prove a point. That’s a lot more sobering than another hand-wavy “quantum might matter someday” presentation.

ECC is the math that helps Bitcoin prove ownership without revealing the private key itself. The private key is what controls the coins. The public key is the piece that can be shared to verify signatures. Today, that system is based on a math problem called the Elliptic Curve Discrete Logarithm Problem (ECDLP), which is easy enough to use in practice but brutally hard for classical computers to reverse at Bitcoin’s security level.

That is where quantum computing changes the game. Shor’s algorithm is a quantum method that could, in theory, solve certain cryptographic problems much faster than normal computers can. It is the reason Bitcoin security researchers keep their eyes glued to quantum progress instead of pretending it’s science fiction with a nicer haircut. If the algorithm scales far enough on a fault-tolerant machine, ECC stops being a fortress and becomes a very expensive speed bump.

“This type of attack could not only threaten Bitcoin but also Ethereum…”

That part matters. Bitcoin is the obvious target in most people’s minds, but it is not alone. Ethereum and a long list of other systems rely on ECC in one form or another. The report says more than $2.5 trillion in digital assets could be exposed through ECC-based systems. That figure should be treated as a broad risk estimate, not a clean countdown timer, but the direction is clear: the blast radius would not stop at one chain.

Project Eleven’s bounty program was originally set up to break 1- to 25-bit elliptic curve keys by April. That sounds laughably small compared with Bitcoin’s real-world security, and it is. But it also serves as a useful benchmark for progress. The prior public milestone referenced was a 6-bit demonstration by Steve Tippeconnic in September 2025 using IBM’s 133-qubit quantum computer. Lelli’s work is described as a major step beyond that, with the report saying the capability expanded by 512x in seven months.

To be clear: that does not mean Bitcoin is broken today. It means the runway is getting shorter faster than many people expected. A demo against a tiny key size is not the same thing as attacking Bitcoin’s 256-bit key security, and the jump from one to the other is still enormous. Quantum hardware still faces major problems around noise, error correction, and scale. But dismissing every new result as “just a toy demo” is lazy. Toy demos have a nasty habit of becoming real headaches.

“What Lelli’s success signifies is a practical side to the theoretical findings.”

That line gets to the point. The threat has been discussed for years in academic circles, but practical demonstrations are what turn theory into planning. And planning is becoming harder to avoid as the estimates around required quantum resources keep shifting downward. A cited Google April 2026 whitepaper reportedly lowered the number needed for a full 256-bit attack to around 500,000 physical qubits. Another paper from Caltech and Oratomic reportedly suggested the number could be as low as 10,000 qubits in a neutral-atom architecture.

Those figures are still huge. “Physical qubits” are not the same thing as neat, perfect logical qubits; the hardware overhead for useful computation is brutal. But the fact that estimates can swing from half a million down to ten thousand tells you something important: nobody has this fully nailed down yet, and the margin for complacency is shrinking. If you are waiting for perfect certainty before preparing, you may be waiting until the safe is already cracked.

So what does this mean for actual Bitcoin users?

The immediate risk is highest for wallets whose public keys are already on-chain. Bitcoin addresses do not always reveal a public key right away, but once a coin is spent or an address is reused, that information can become visible. The report says around 6.9 million BTC may sit in addresses where the public key is already on-chain, including an estimated 1 million BTC linked to Satoshi Nakamoto. That Satoshi figure is, of course, an estimate rather than a confirmed inventory, but it highlights the class of funds that would be first in line for trouble if quantum attacks become practical at scale.

“Major users at risk are wallets whose public keys are already on-chain.”

For ordinary holders, the lesson is basic but important: address reuse is bad hygiene. If you keep recycling the same address, you are helping expose the public key surface area that a future quantum attacker would want. Most users do not need to panic or move funds today, but they should understand that quantum resistance is not some abstract whiteboard concern. It is a future migration problem, and migration problems tend to become expensive when ignored for too long.

That is why Bitcoin developers are already looking at post-quantum options. Two proposals mentioned in the report are BIP-360, a proposed quantum-resistant transaction format, and BIP-361, which would phase out older systems and freeze tokens that fail to migrate. That second idea is where the philosophical knives come out. Some will see it as a necessary safety measure. Others will see it as an unacceptable violation of Bitcoin’s ethos. Both sides have a point. Bitcoin is supposed to be resistant to arbitrary control, but it also cannot just sit there and do nothing if the underlying signature scheme starts looking dated.

There is no clean answer here. A post-quantum upgrade path would likely be messy, political, and full of edge cases. That is the price of running a decentralized system that is supposed to be conservative about changes. Conservatism is a feature until it starts behaving like denial. Then it becomes a liability with a libertarian sticker on it.

Ethereum is also moving. An Ethereum post-quantum security team has been formed, which is a strong sign that the broader crypto stack is taking this risk seriously. That does not magically solve anything, but it does show that serious builders are doing the only sensible thing: preparing before the blast radius gets real.

The bigger problem is not that quantum computers are smashing Bitcoin tomorrow. The bigger problem is that the industry has a long history of underestimating inconvenient security timelines until they become urgent. Scammers are already exploiting quantum fear to push “quantum-proof” nonsense, which usually means overpriced marketing wrapped around weak tech. That kind of grift should be treated with the contempt it deserves. Real post-quantum cryptography is a technical transition, not a miracle product pitch.

The good news is that Bitcoin has time to prepare. The bad news is that time is not infinite, and “we’ll deal with it later” is how people end up dealing with crises in public. The quantum threat to Bitcoin is no longer just a theoretical bedtime story for cryptographers. It is becoming a practical design problem with real consequences for wallet security, protocol upgrades, and long-term self-custody.

What did Giancarlo Lelli achieve?

He won a 1 BTC bounty by demonstrating a quantum attack that derived a private key from a public key using a variant of Shor’s algorithm, extending the public benchmark for ECC attacks.

Why does this matter for Bitcoin?

Bitcoin relies on elliptic curve cryptography for signatures, so a mature quantum attack could eventually expose vulnerable wallets and funds, especially where public keys are already visible on-chain.

Is Bitcoin broken right now?

No. Bitcoin’s 256-bit security is not broken at scale. But the progress shown here is enough to justify serious preparation instead of complacency.

Which funds are most at risk?

Wallets with on-chain public keys are the most exposed, including reused addresses, older address types, and potentially dormant funds that have already revealed their public keys.

What are developers doing about it?

Bitcoin developers are exploring BIP-360 and BIP-361, while Ethereum has formed a post-quantum security team to address similar risks.

Should Bitcoin users panic?

No. Panic is for people who sell the bottom and buy scammy fixes. The smarter move is good key hygiene, avoiding address reuse, and keeping an eye on post-quantum upgrade proposals.

When could quantum computers become a real threat?

Nobody knows for sure. The estimates are highly dependent on assumptions, but the downward trend in resource estimates is exactly why the crypto world cannot afford to sleep on this.

What does post-quantum cryptography mean?

It refers to new cryptographic schemes designed to remain secure even if quantum computers become powerful enough to break ECC and similar systems.

The bottom line is simple: this is not a Bitcoin apocalypse, but it is also not a joke. Quantum computing is making real progress, ECC is the foundation of much of crypto’s security model, and the migration path to quantum resistance will be painful if it is left too late. Bitcoin is still standing. The smart move is to keep it that way before physics decides to stop being polite.

Related Posts