On April 24, Italian researcher Giancarlo Lelli successfully completed the largest quantum attack ever attempted, earning a prize of 1 Bitcoin. Lelli demonstrated the vulnerability of elliptic curve cryptography (ECC) when exposed to quantum computing power, using independent, cloud-based hardware. Industry experts view this event as a critical milestone, highlighting that major ecosystems like Bitcoin and Ethereum may now face urgent security risks.
Quantum computers and ECC security
Elliptic curve cryptography forms the mathematical backbone that keeps the private keys of crypto wallets secure. For years, debate has swirled about the threat posed by quantum computers, though the risk was generally considered distant. However, Lelli’s achievement shows that these concerns are now moving beyond theory to practical reality.
By leveraging a special variant of Shor’s algorithm, Lelli targeted the elliptic curve discrete logarithm problem, extracting a private key from a public key within a search space as vast as 32,767. This breakthrough makes it possible to practically solve the very equations that underpin Bitcoin’s security model.
“What stands out about this project is that the hardware and methods were accessible to everyone. The lack of support from institutions or need for specialized equipment makes the potential risk even greater,” explained the researchers.
Lelli’s work was completed through the Project Eleven reward program, using entirely legal cloud hardware. The initiative promised rewards to those who could break keys ranging from 1 to 25 bits, a target that was reached in April with this success.
Accelerating pace of the quantum threat
Previously, the most advanced quantum-based attack was in 2025, when Steve Tippeconnic used IBM’s 133-qubit machine to break a 6-bit key. Lelli’s triumph marks a massive leap—achieving a 512-fold increase in key complexity in just seven months.
Theory is catching up as well. In April 2026, Google published a technical report indicating that only 500,000 quantum qubits (down from millions) would suffice to break Bitcoin’s 256-bit keys. Further analysis by Caltech and Oratomic suggests that a neutral atom-based architecture could shrink this number to just 10,000 qubits.
Such rapid advances indicate that the gap between theoretical predictions and practical applications is narrowing swiftly, and while breaching 256-bit security remains a high hurdle, it is now more conceivable than ever before.
Which users are most at risk?
The gravest risk targets wallet addresses whose public keys are visible on the blockchain. Analysts estimate that such addresses currently hold around 6.9 million Bitcoin, including nearly 1 million coins believed to belong to Satoshi Nakamoto that remain untouched.
To counter expected quantum attacks, Bitcoin developers are already advancing solutions. The proposed BIP-360 introduces a new quantum-resistant transaction format, while BIP-361 aims to gradually phase out older methods, freezing tokens that do not transition to the secure format.
Ethereum has also responded, assembling a dedicated security team to identify and eliminate possible vulnerabilities. These measures reflect the seriousness with which the evolving quantum threat is now regarded. Some experts argue the reaction may be overblown; however, Lelli’s demonstration suggests that security gaps are expanding faster than previously assumed.
