Key Takeaways:
- Project Eleven awarded researcher Giancarlo Lelli 1 BTC ($78,000) for cracking a 15-bit ECC key on IBM quantum hardware on April 24.
- Bitcoin developers showed Lelli’s result replicates with random noise, signaling zero quantum advantage over classical methods.
- The gap from 15 bits to Bitcoin’s 256-bit secp256k1 remains a 2^241 engineering chasm, leaving BTC security intact for now.
Project Eleven Hands Giancarlo Lelli 1 Btc for 15-Bit ECC Quantum Break, but Software Developers Call It Noise
Project Eleven described the feat as a 512-fold increase in search-space complexity over a prior 6-bit ECC break completed by engineer Steve Tippeconnic on IBM hardware in September 2025. CEO Alex Pruden framed the achievement as evidence that quantum attacks on ECC no longer require national labs or proprietary hardware.
The prize, valued at roughly $78,000 at the time of award, was designed to offer reproducible public measurements of quantum attacks on ECC for key sizes between 1 and 25 bits. Lelli’s submission, including full code and execution logs, is publicly available on Github.
Lelli implemented a two-register variant of Shor’s algorithm on IBM Quantum cloud hardware, targeting elliptic curves of the form used in Bitcoin’s secp256k1 standard. The circuit ran across multiple IBM Heron r2 processors, including ibm_torino and ibm_fez, and relied on techniques designed for noisy intermediate-scale quantum devices.
Bitcoin developers and cryptographers moved quickly to dismiss the result, contending that the quantum hardware added no meaningful value to the outcome. Project Eleven’s X post announcing the milestone now carries a Community Notes fact check, stating that the approach used to recover the 15-bit ECC key depends on classical verification of outputs indistinguishable from random noise, effectively amounting to classical guessing.
Former Bitcoin Core maintainer Jonas Schnelli analyzed Lelli’s submission and found that the IBM circuit, running roughly 98,000 gates at approximately 99.5% per-gate fidelity, produced outputs statistically indistinguishable from random coin flips.
Schnelli reproduced the full key recovery in about 20 lines of Python using pure random bits, with no quantum hardware involved. His conclusion was direct: the quantum computer added no detectable signal over classical randomness.
Coinkite founder, Rodolfo Novak, insisted Project Eleven is misleading the public, calling its quantum claims “theater.” On X he argued “the private key is classically solved before the quantum circuit even runs” and that the system “isn’t finding anything — it’s being told the answer,” adding the results rely on “a classical verify filter.” Novak concluded that while “the quantum threat to Bitcoin is real but distant,” today’s demos are “classical computations wearing quantum costumes.”
Researcher Yuval Adam confirmed the finding independently by swapping Lelli’s IBM quantum backend for /dev/urandom, Linux’s classical random number generator, and recovering the target key identically. The 15-bit curve carries a search space of only 32,767 possible private keys, small enough that a classical verifier checking candidates against the public key finds a match through near-random sampling at high probability.
Bitcoin proponent Jimmy Song described the quantum computer as performing the same function as /dev/urandom. The X account TFTC noted in a widely read thread that every public Shor’s algorithm demonstration on ECC to date relies on classical pre-computation that effectively encodes the answer into the circuit before quantum hardware runs.
Critics also pointed to a conflict of interest in the prize structure. Project Eleven, backed by Coinbase Ventures, Castle Island Ventures, Variant, and Balaji Srinivasan, created the prize, judged submissions through three independent physicists, awarded the bounty, and then issued press releases warning that approximately 6.9 million BTC held in wallets with exposed public keys faced potential long-term risk. The company sells post-quantum cryptography tools.
Project Eleven Founder Addresses the Criticism
Pruden acknowledged in a follow-up thread that the result was not Q-Day and that NISQ-era experiments routinely depend on classical assistance. He argued the demo still represented incremental, reproducible progress on accessible public hardware and that migration planning for post-quantum cryptography remains a reasonable long-term priority. The Project Eleven executive added:
“Bottom line: This is incremental progress in a noisy, early field — not Q-Day. It highlights why we track resource reductions and why post-quantum migration planning matters for long-term security. Skepticism is healthy; moving goalposts isn’t. Happy to discuss the technical details or share the repo/judges’ feedback.”
The gap between Lelli’s result and any practical threat to Bitcoin is substantial. Bitcoin’s secp256k1 curve operates at 256-bit security. The distance from 15 bits to 256 bits represents a factor of 2 to the power of 241 in computational difficulty. Even optimistic recent research, including a Google paper published in April 2026, estimates that breaking 256-bit ECC would require fewer than 500,000 physical qubits, a threshold that current quantum hardware falls far short of.
The episode illustrates a tension that has persisted across quantum computing coverage: incremental hardware milestones generate headlines, but the distance between toy-scale demonstrations and production cryptographic systems remains an engineering gap without a near-term solution. Bitcoin’s security model depends on that gap, and developers say it remains intact.
