There has been a significant development in the security focus in the crypto ecosystem. Project Eleven, which operates in the field of quantum security, announced that they managed to solve a simplified example of the encryption method on which Bitcoin and other major digital assets are based, using a quantum computer. In this attempt, a 15-bit elliptic curve encryption key was cracked. Under normal circumstances, Bitcoin is based on the 256-bit secp256k1 algorithm, which is much more advanced and powerful. The experiment does not directly put the crypto ecosystem at risk; but it clearly shows that this field can be broken in practice.
Project Eleven’s experiment: A symbolic step?
Project Eleven stated that the result obtained by independent researcher Giancarlo Lelli within the framework of the “Q-Day Prize” competition, in which he offered one Bitcoin as a prize, was realized on public cloud-based quantum hardware. The company, managed by Alex Pruden, underlined that this attack is the largest public quantum elliptic curve attack ever. Compared to similar attempts in previous years, where only 6 bits could be broken, this success was described as a 512-fold leap in size.
Pruden pointed out that the resources required for the attack are rapidly decreasing and that independent researchers with cloud access can also perform such experiments.
Although the Bitcoin system’s encryption cannot be broken directly, this experiment shows that quantum attacks can go off whiteboards and into real hardware.
This development does not profoundly affect financial security; However, it strengthens the concern that new risks may arise in the encryption of digital assets in the coming years.
Key risk: Digital signatures and public keys
In Bitcoin and many blockchain networks, the real cryptographic risk comes from signature systems rather than mining. Users’ ownership is proven with digital signatures; If an attacker obtains the private key from the public key, they can spend that balance. While this is almost impossible for classical computers, a sufficiently powerful quantum computer and Shor’s algorithm can overcome this obstacle at the theoretical level.
Security research indicates that Bitcoin addresses that have not yet been used, that is, whose public keys are not visible in the chain, are more protected. On the other hand, old addresses or addresses used more than once are in a more vulnerable position in terms of future quantum risks.
According to the Coinbase Quantum Advisory Council report, there are approximately 6.9 million BTC in addresses with public keys disclosed. With Bitcoin’s price around $77,500, the total value in these addresses exceeds $530 billion.
The numbers here should be read as a map of what could be a serious security vulnerability; Although there is no immediate threat for now, the spread of the risk is not evenly distributed.
According to experts, current quantum computers are not powerful enough to directly endanger Bitcoin; However, it is now measurable and debatable at which points of the network risks may arise.
Approach of Google, NIST and the industry
Project Eleven’s announcement comes on the heels of new warnings from Google’s Quantum AI team. The article, published in March, underlined that future quantum computers may need much less resources than before to crack Bitcoin-type 256-bit elliptic curve encryption. Google predicted that such an attack would be theoretically possible with hardware of 500 thousand physical qubits. Although this is far beyond today’s hardware, it has caused the issue to be discussed much more concretely.
Another notable development in the industry was that the US National Institute of Standards and Technology (NIST) completed the first post-quantum encryption standards in 2024. Developers and large institutions have begun planning for this transition period, which will last years.
Technically, many new signature algorithms and address formats are currently being researched to make Bitcoin and similar systems quantum resistant. But the most complex part of this transition is ensuring the collective decision required in the network. While Bitcoin’s conservative update culture prevents rapid but risky changes; It can also spread the necessary security updates over time.
The real challenge is with dormant and lost coins. Will all network players be required to secure their addresses or keys at some point in the future, will additional safeguards be introduced into the protocol; These questions have not yet found clear answers. Although there is a governance ecosystem that can make faster decisions in chains such as Ethereum, technically similar risks remain valid.
