Project Eleven: Quantum ‘Q-Day’ Could Expose 6.9M Bitcoin

Project Eleven on April 24 released an analysis warning that Q-Day-the point when quantum computers can break Bitcoin’s public-key cryptography-could arrive as early as 2030, potentially exposing about 6.9 million bitcoins whose public keys are visible on the blockchain.

The estimate draws on recent experiments and academic work showing faster progress in quantum attacks on elliptic curve cryptography. In a controlled experiment, a researcher used quantum hardware to derive a private key from a public key at a small scale; Project Eleven described the result as the largest public demonstration of that attack class.

Project Eleven and related researchers calculate roughly 6.9 million BTC could be exposed under certain conditions. Public keys become visible on-chain when addresses are used to spend funds. Wallets that reuse addresses or reveal public keys when spending are therefore more exposed if quantum attacks reach practical scale.

Project Eleven framed the analysis as a risk scenario rather than a precise forecast. The timing depends on how quickly quantum hardware improves and on the resources required to run a full-scale attack. The company noted recent work has lowered estimates of the resources needed for such attacks.

Security researchers use Mosca’s inequality to place the findings in context. The framework compares the time needed to migrate systems to quantum-resistant cryptography against the time until quantum attacks become viable, minus how long data must remain secure. Standards bodies already treat a post-quantum transition as a multi-year effort.

The prospect of Q-Day has intensified debate over proposed protocol changes such as BIP-361, which would move Bitcoin signatures to quantum-resistant schemes. Supporters of early migration point to Bitcoin’s long upgrade timelines and the need for broad consensus. Critics argue current quantum machines remain far from breaking production 256-bit keys and urge caution in interpreting small-scale demonstrations.

Bitcoin uses the Elliptic Curve Digital Signature Algorithm (ECDSA), which relies on the difficulty of the elliptic curve discrete logarithm problem. Quantum algorithms such as Shor’s algorithm can solve that problem more efficiently than classical methods. Recent demonstrations targeted far smaller keys than those used in production, but researchers say the results illustrate a path toward lower qubit counts and reduced error rates for larger attacks.

Project Eleven said its figures are intended to spur planning and coordination across the ecosystem. On April 24, Project Eleven Chief Executive Alex Pruden stated, ‘The resource requirements for this type of attack keep dropping, and the barrier to running it in practice is dropping with them.’