Bitcoin 'Q-Day' Draws Nearer as Quantum Researcher Breaks Simplified Key

A researcher has used a publicly accessible quantum computer to crack a vastly simplified version of a Bitcoin-style cryptographic key, marking the largest public demonstration yet of a quantum attack on elliptic curve cryptography.

Project Eleven said Friday it awarded its 1 Bitcoin “Q-Day Prize” bounty—currently worth nearly $78,000—to Italian researcher Giancarlo Lelli for breaking a 15-bit elliptic curve cryptography key using a variant of Shor’s algorithm.

Elliptic curve cryptography underpins the digital signature schemes used by Bitcoin, Ethereum, and many other blockchains. The 15-bit key in this demonstration is far smaller than the 256-bit cryptography securing real Bitcoin wallets, but it’s another step towards the day when quantum computers pose a threat to hundreds of billions of dollars in cryptocurrency.

“We’re still far, objectively, from the point at which you could actually break Bitcoin,” Project Eleven CEO Alex Pruden told Decrypt. “But how long will it take to close that gap, and will we know the closer we get? I don’t know that we will.”

Launched in 2025 and named after the hypothetical date a sufficiently powerful quantum computer could break modern cryptography, the Q-Day Prize was designed to test whether publicly available quantum systems could move beyond one of the field’s most common criticisms: that current machines have only demonstrated trivial calculations, such as factoring the number 21 into 3 and 7. Lelli’s result expanded that capability to a 15-bit elliptic curve problem with 32,767 possible values.

“The news here is that there is progress being made,” Pruden said. “It’s not the case that nothing has happened in quantum, and this is proof of that.”

The winning attack used a machine with about 70 qubits—quantum bits that can exist in multiple states at once, unlike the binary bits used in traditional computers—and ran in minutes once developed, according to Pruden. He said the submission was reviewed by a panel of quantum researchers from academia and industry, including researchers from the University of Wisconsin–Madison and quantum software company qBraid.

The announcement comes as major quantum firms and research institutions publish increasingly aggressive hardware roadmaps and nearer estimates for breaking modern cryptography.

In March, Google publicly set a 2029 deadline to transition its systems to post-quantum cryptography, citing advances in quantum hardware, error correction, and shrinking estimates for breaking current encryption. Google itself is one of the major firms building quantum computers and pushing the technology.

Around the same time, a Google research paper estimated that breaking Bitcoin could require fewer than 500,000 physical qubits, while a separate paper from Caltech and Oratomic estimated that number at 10,000 to 20,000 qubits using a neutral-atom architecture.

“Our own prediction for Q-Day is 2029 in the worst case,” Pruden said. “I think that’s because you really can’t know with certainty how clever people are and how quickly these technological breakthroughs happen.”

When that breakthrough happens, Project Eleven said roughly 6.9 million Bitcoin are sitting in wallets with public keys visible on-chain that could become vulnerable if large-scale quantum computers emerge.

However, not everyone agrees that the threat is imminent. Some researchers and investors say the risk is real but still years away and should be treated as a long-term engineering challenge rather than an existential crisis.

Bitcoin developers are currently weighing multiple proposals to address the threat. BIP-360 would introduce a quantum-resistant transaction format, while BIP-361 would phase out older signature schemes and eventually freeze coins that fail to migrate. Meanwhile, the Ethereum Foundation has formed a post-quantum security team, and co-founder Vitalik Buterin has outlined a roadmap to replace vulnerable parts of Ethereum’s cryptography.

In addition to advances in quantum computing, Pruden also pointed to advances in artificial intelligence, saying that the technology could push that Q-Day timeline closer by improving quantum error correction or helping attackers identify weaker cryptographic targets.

“A key part of quantum computing at scale is error correction,” Pruden said. “AI can help make that process way more efficient.”