Today, April 24, Italian researcher Giancarlo Lelli received one Bitcoin prize after the world’s largest demonstration of the potential quantum attacks that elliptic curve keys can face.
This type of attack could threaten not only Bitcoin, but also Ethereum, leading to the potential loss of more than $2.5 trillion in digital assets protected by Elliptic Curve Cryptography (ECC).
Over the past couple of years, there has been speculation about the security risks posed by elliptic curve cryptography quantum computers. It has often been described as a theoretical and distant problem, but this reality seems much less distant after today’s success.
What Layla actually did
Elliptic curve cryptography is the mathematics behind the ability of crypto wallets to handle a user’s funds without revealing private keys. To hack it, I used Lily Shor’s algorithm Combined with a powerful quantum computer to derive the private key from its public key.
Using a variant of Shor’s algorithm, Lellii was able to extract the private key across a search gap of 32,767 by targeting the elliptic curve discrete logarithm problem (ECDLP). This allowed him to arrive at the mathematical formula that underpins the security systems that secure Bitcoin.
The most notable part of this Achievement It is accessibility itself. The Project Eleven rewards program, launched last year, was set to crack elliptic curve keys ranging from 1 to 25 bits by April this year.
Lelli was able to accomplish this task using cloud-accessible devices, no special equipment, no foundation funding his research, and nothing illegal. He was able to carry out the attack with equipment available to any enthusiastic researcher today.
How quickly will the gap close?
The last recorded public break was a 6-qubit demonstration conducted by Steve Tipiconic in September 2025 using IBM’s 133-qubit quantum computer. However, Lelli’s latest achievement has increased this factor by 512 in just seven months.
Apart from the practical success, the theoretical aspect is also growing rapidly Google in April 2026 A white paper puts the requirements for a full 256-bit attack (at Bitcoin scale) at around 500,000 physical qubits, down from an initial estimate of several million.
Building on the white paper, a subsequent paper from Caltech and Oratomik brought the number down to 10,000 qubits in a neutral atomic structure.
What Lilly’s success means is the practical side of the theoretical results. Proving that the hardware and theoretical aspects are both moving in the right direction. While the jump from 15-bit to 256-bit is still significant, the possibilities seem closer than ever, and it could now only be a matter of time.
Who should worry?
The key users at risk are wallets whose public keys are already on the chain. An estimated 6.9 million bitcoins are stored in such addresses, including an estimated 1 million bitcoins belonging to Satoshi Nakamoto, which have been untouched since the network’s inception.
In response to this potential threat, Bitcoin developers have begun reviewing multiple proposals. Cryptopolitan has I mentioned On some solutions such as Pep-360which looks to provide a quantum-resistant transaction format, while Pep-361 It is looking to phase out legacy systems and freeze tokens that fail to migrate.
In addition, A Ethereum Post-Quantum Security Team It was also formed in an effort to find and replace vulnerable parts of the Ethereum crypto network.
While many are taking the latest developments seriously, a few still believe it’s a fire alarm that people are overreacting to, making Lily’s outcome all the more important. Its success shows how far the attack class has come, showing that it is moving much faster than we expected.
