Italian researcher wins 1 BTC for cracking 15-bit ECC key

Giancarlo Lelli, an Italian researcher, was awarded one Bitcoin on April 24 after recovering a 15-bit elliptic-curve private key using cloud-accessible quantum hardware and a variant of Shor’s algorithm. The test targeted the elliptic curve discrete logarithm problem, the mathematical task that secures most cryptocurrency wallets.

The demonstration was part of Project Eleven’s bounty program, which offered prizes for breaking elliptic-curve keys in the 1-to-25-bit range. Lelli carried out the attack on publicly available quantum resources without institutional funding or nonpublic equipment. Project organizers awarded the one-Bitcoin prize after he derived the private key from its public key across a search gap of 32,767.

The result follows a 6-bit public break completed in September 2025 on a 133-qubit quantum machine. A 15-bit recovery increases the effective search gap by a factor of 512 compared with that earlier demonstration, a span of roughly seven months between public milestones.

Theoretical work has adjusted hardware estimates for a full-scale 256-bit attack. A Google whitepaper published in April 2026 put the physical-qubit requirement at about 500,000, down from earlier estimates in the millions. A later paper from Caltech and Oratomic suggested a requirement near 10,000 qubits using a neutral-atom architecture.

Most modern cryptocurrency wallets use elliptic curve cryptography. If an attacker solves the discrete logarithm for a public key, they can compute the corresponding private key and transfer funds. Addresses that have revealed their public key on the blockchain are exposed; an estimated 6.9 million bitcoins sit in such addresses, including roughly 1 million bitcoins attributed to the wallet controlled by the network’s creator.

Developers are reviewing technical responses. Proposed Bitcoin changes under consideration include a new transaction format designed to resist quantum attacks and approaches to phase out older address types. Ethereum has formed a post-quantum security team to identify vulnerable components and propose replacements. Short-term operational measures include avoiding reuse of addresses that reveal public keys and moving funds from keys already exposed on chain. Longer-term protocol changes would require design work, testing, coordination among developers and node operators, and widespread adoption by wallets and custodians.

Project Eleven presented the bounty as a public test of defenses and a way to produce verifiable demonstrations. Following the demonstration, developers and infrastructure operators are assessing which keys are exposed, accelerating work on post-quantum proposals, and planning migration steps for large holders and service providers.