On April 24, Italian researcher Giancarlo Lelli won a reward of 1 Bitcoin for successfully completing the largest quantum attack ever carried out. Lelli performed this action using standalone and cloud-based hardware, demonstrating how vulnerable elliptic curve cryptography (ECC) keys can be to quantum computers. Experts define this development as a critical turning point that shows that serious security risks may be at the door not only for Bitcoin but also for other large ecosystems such as Ethereum.
Quantum computers and ECC security
Elliptic curve cryptography creates the mathematical infrastructure that keeps the private keys of cryptocurrency wallets safe. In recent years, there have been frequent discussions that quantum computers threaten this system. Until now, this risk was considered a “remote possibility”; However, the latest success has shown that the concept is no longer just in theory.
Using a special version of Shor’s algorithm, Lelli targeted the elliptic curve discrete logarithm problem and was able to obtain the private key from the public key over a very wide search range of 32,767. This method enabled the mathematical formulas that provide Bitcoin’s basic security model to be accessed in a practical way.
“The most striking aspect of the project is that the hardware and methods used consist of platforms that can be accessed by everyone. The fact that no institutional support or special equipment is required for the research further increases the potential risk.”
Lelli’s work was done under the Project Eleven bounty program, on cloud-based hardware, and through completely legal methods. Last year, this program promised rewards to those who could crack passwords between 1 and 25 bits, and its goal was reached in April.
Rapidly increasing momentum in quantum threat
The highest-level attack in the past was to crack a 6-bit key with IBM’s 133-qubit quantum computer by Steve Tippeconnic in 2025. Lelli’s success marked a significant leap, increasing this figure by 512 times in just seven months.
There are also rapid developments on the theoretical side. The technical report published by Google in April 2026 reduced the number of quantum-enabled qubits required to crack the 256-bit keys that form the basis of Bitcoin from several million to 500,000. Moreover, a subsequent study by Caltech and Oratomic revealed that this number could be reduced to as low as 10,000 with a neutral atom-based architecture.
This rapid progress shows that practical applications and theoretical predictions on both the software and hardware sides are converging. Although reaching the 256-bit level is still quite challenging, the gap appears to be closing.
Which users are at risk?
The biggest risk affects wallet addresses whose public keys are publicly visible on the blockchain. Analysis shows that approximately 6.9 million Bitcoins have been held in such addresses to date, including approximately 1 million of Satoshi Nakamoto’s Bitcoins lying dormant.
Bitcoin software developers are taking solution steps against future quantum attacks. While the proposed BIP-360 proposal introduces a new quantum-resistant transaction format, BIP-361 aims to phase out old methods and freeze tokens that do not switch to the new format.
To counter similar risks, Ethereum has established a dedicated security team to detect and remove potential vulnerabilities. All these steps reveal the seriousness of the evolving threat perception. However, while some experts believe the current situation is exaggerated, Lelli’s success shows that vulnerabilities are growing faster than thought.
