The crypto ecosystem has witnessed a pivotal security development: Project Eleven, known for its work in quantum-secure solutions, announced that it successfully broke a simplified version of the encryption method underpinning Bitcoin and other major digital assets using a quantum computer. In this demonstration, a 15-bit elliptic curve encryption key was cracked. While Bitcoin actually operates on a far more advanced and robust 256-bit secp256k1 algorithm, the experiment sends a clear signal that such cryptographic barriers might eventually be breached in practice.
Is Project Eleven’s experiment a symbolic milestone?
Project Eleven explained that independent researcher Giancarlo Lelli achieved this result using public cloud-based quantum hardware, as part of the “Q-Day Prize” competition which offered one Bitcoin as a reward. Under the leadership of Alex Pruden, the company emphasized that this attack represents the largest publicly recorded quantum elliptic curve hack to date. For reference, previous attempts had only managed to break 6 bits, making the recent breakthrough a leap of 512-fold in scale.
Pruden highlighted that the resources required for such attacks are dropping rapidly and that cloud access now allows independent researchers to conduct similar experiments.
While the Bitcoin system’s encryption was not directly broken, this experiment demonstrates that quantum attacks can move off the whiteboard and onto real hardware, according to Pruden.
Though this advance does not directly imperil financial security today, it does amplify concerns that digital asset encryption could face novel risks in the coming years.
Core risk: Digital signatures and public keys
In Bitcoin and most blockchain networks, the main cryptographic threat stems from signature systems rather than mining operations. Ownership is proven through digital signatures, and if an attacker can derive a private key from a public key, they could spend the related funds. While this is virtually impossible for classic computers, a sufficiently powerful quantum computer running Shor’s algorithm could, in theory, overcome this barrier.
Security research suggests that unused Bitcoin addresses—those with unrevealed public keys—are currently more protected. In contrast, older or repeatedly used addresses are increasingly vulnerable to potential future quantum attacks.
According to the Coinbase Quantum Advisory Council, about 6.9 million BTC sit in addresses with exposed public keys. At a Bitcoin price of roughly $77,500, these holdings represent a total value exceeding $530 billion.
These figures should be read as a risk map for potential security gaps; while there is no imminent threat, risk is not equally distributed across the network, the council’s report warns.
Experts agree that today’s quantum computers are not yet powerful enough to threaten Bitcoin directly, but the precise points of risk within the network are now measurable and a subject of serious debate.
Google, NIST, and the industry response
Project Eleven’s announcement closely followed new warnings from Google’s Quantum AI team. In a paper published in March, Google stressed that future quantum computers could require far fewer resources than previously assumed to break Bitcoin-type 256-bit elliptic curve encryption. The company estimated that a device with 500,000 physical qubits could, in theory, make such an attack possible—well beyond current technology but enough to prompt a much more tangible discussion within the sector.
Meanwhile, the US National Institute of Standards and Technology (NIST) marked another major milestone with the release of its first post-quantum encryption standards, finalized in 2024. Developers and large institutions have now begun planning for a transitional period expected to last years.
Governance and protocol updates: The greatest challenge
Several new signature algorithms and address formats are under review to make Bitcoin and similar systems resistant to quantum attacks. The most complex aspect of this transition lies in reaching broad consensus within the network. Bitcoin’s conservative approach to upgrades guards against risky changes but can also delay urgent security improvements.
The real challenge will be addressing dormant and lost coins. It remains unclear whether all network participants will at some point need to migrate their addresses or keys to more secure formats, or if further protocol measures will be introduced. Even blockchains like Ethereum, which can enact governance decisions more swiftly, still face similar technical risks.
