Independent researcher Giancarlo Lelli broke a 15-bit ECC key on public quantum hardware, claiming a 1 BTC bounty and posting the largest public quantum attack demonstration to date. ECC is the elliptic-curve cryptography underpinning $BTC addresses and most modern public-key infrastructure.
Why it matters
The 15-bit crack itself is not a Bitcoin threat — production wallets use 256-bit ECC, orders of magnitude harder. The signal is in the trajectory: independent estimates cited in the research put breaking 256-bit ECC at roughly 500,000 qubits, a threshold current hardware is nowhere near. Roadmap projections from IBM, Google, and IonQ target fault-tolerant machines in the hundreds-of-thousands to millions of qubits over the next decade.
Market impact
Roughly 6.9 million BTC sit in legacy address types — including early P2PK outputs and reused P2PKH addresses — whose public keys are exposed on-chain. A future quantum adversary with sufficient scale could derive private keys for those UTXOs, making the post-quantum migration a multi-year protocol effort with no clean off-ramp for dormant coins. Watch NIST's post-quantum signature standards timeline and any Bitcoin Improvement Proposal drafts as the real catalyst for market repricing.
Frequently asked questions
-
Did a quantum computer just break Bitcoin?
No. Researcher Giancarlo Lelli broke a 15-bit ECC key on public quantum hardware, but production Bitcoin wallets use 256-bit ECC — orders of magnitude harder. Current estimates put breaking 256-bit ECC at roughly 500,000 qubits, a threshold today's hardware is nowhere near.
-
How many bitcoins are exposed to a future quantum attack?
Roughly 6.9 million BTC sit in legacy address types — early P2PK outputs and reused P2PKH addresses — whose public keys are already exposed on-chain. Those UTXOs could become vulnerable to a sufficiently scaled quantum adversary capable of deriving private keys from public keys.
-
How many qubits would it take to break 256-bit ECC?
Independent estimates cited in the research put the threshold at roughly 500,000 qubits. Current quantum hardware is orders of magnitude below that, though IBM, Google, and IonQ roadmaps target fault-tolerant machines in the hundreds-of-thousands to millions of qubits over the next decade.
-
What is the post-quantum migration plan for Bitcoin?
There is no finalized plan yet. The migration would require a Bitcoin Improvement Proposal to introduce post-quantum signature schemes and a multi-year transition for users to move coins from legacy address types to quantum-resistant ones. Watch NIST's post-quantum signature standards timeline and any BIP drafts for…
-
Why is the 15-bit demo significant if 256-bit is the real target?
The 15-bit crack is not a Bitcoin threat in itself, but it is the largest public quantum attack demonstration to date. The significance is in proving the trajectory is real and in reframing a theoretical risk as a measured engineering problem with a roughly 500,000-qubit target.
WuBlockchain