I thought this From Yuval Adam on X was interesting:

Project Eleven just awarded 1 BTC for "the largest quantum attack on ECC to date", a 17-bit elliptic curve key recovered on IBM Quantum hardware. I replaced the quantum computer with /dev/urandom. It still recovers the key.

A 17-bit key is trivial classically, a laptop cracks it in microseconds. That's not the point. The claim is that a quantum computer did it, using Shor

For Shor to actually be working, the quantum computer's output has to be different from random. It's supposed to produce peaks in a specific distribution that encode the secret key. Pure noise shouldn't work.

I forked the winning repo, removed the calls to IBM quantum, and replace it with random bytes from /dev/urandom. Everything else was kept exactly the same.

I ran the author's own CLI unmodified against every challenge he claimed to have solved.

Every recovered key is byte-identical to what the author reports from IBM hardware.

Why does this happen? The author's pipeline accepts any(j, k, r)triple whose d_cand = (r − j)·k⁻¹ mod n passes d·G == Q. With enough random guesses, one always will.

From the original README "When shots >> n, random noise alone can recover d with high probability."

Yes. And every small-bit run has shots/n between 1.9× and 1,170×.

The flagship 17-bit run used 20,000 shots against n = 65,173. Theoretical chance that uniform random recovers the key: 1 - (1 − 1/n)^S ≈ 26%. Empirical: 2 of 5 attempts = 40%. The QPU got 1 of 1, which is a ~p=0.26 coin flip.

The QPU contributed nothing. Its output is statistically indistinguishable from noise for the purposes of this pipeline. Replacing it with entropy bytes gives the same answers.

The brief itself admits it: "At 17-bit, the estimated circuit fidelity is 0.995^111,816 ≈ 10⁻²⁴⁴. Every shot produces a unique bitstring ... The output appears indistinguishable from uniform noise - yet the correct key is recovered." Yeah, because the "recovery" is a classical verifier, not a quantum computation.

This is not progress on quantum cryptanalysis. It's a classical brute-force search with an expensive random number generator bolted on.

https://github.com/GiancarloLelli/quantum/pull/1

Here is the Project Eleven press release:

NEW YORK, April 24, 2026 /PRNewswire/ -- Project Eleven today awarded the Q-Day Prize, a one Bitcoin bounty, to Giancarlo Lelli for breaking a 15-bit elliptic curve key on a publicly accessible quantum computer. The result is the largest public demonstration to date of the attack class that threatens Bitcoin, Ethereum, and over $2.5 trillion in ECC-secured digital assets.

"The resource requirements for this type of attack keep dropping, and the barrier to running it in practice is dropping with them," said Alex Pruden, CEO of Project Eleven. "The winning submission came from an independent researcher working on cloud-accessible hardware. No national lab, no private chip. It shows that tangible progress is possible and highlights the urgency to migrate to post-quantum cryptography sooner rather than later. Google just committed to being quantum-secure by 2029. The window to get ahead of this is closing."

Lelli derived a private key from its public key across a search space of 32,767 using a variant of Shor's algorithm. Shor's targets the Elliptic Curve Discrete Logarithm Problem (ECDLP), the math underlying the digital signature schemes securing Bitcoin, Ethereum, and most blockchains.

Quantum attacks on ECC have moved from theory to practice over the last seven months. Steve Tippeconnic's 6-bit demonstration in September 2025 was the first public break on quantum hardware. Lelli's 15-bit result extends it by a factor of 512.

Theoretical resource estimates for a full 256-bit attack, the scale Bitcoin operates at, have fallen sharply over the same period. Google's April 2026 whitepaper put the requirement at under 500,000 physical qubits. A subsequent paper from Caltech and Oratomic brought that figure as low as 10,000 qubits in a neutral-atom architecture.

Lelli's result is the practical counterpart to those optimizations. The distance from 15 bits to 256 bits is large, but the gap is increasingly viewed as an engineering problem and not a fundamental physics problem.

Roughly 6.9 million Bitcoin sit in wallets whose public keys are visible on-chain, exposing them to quantum attack. All blockchains using ECC share similar risks with vulnerable assets.

Project Eleven is developing its next challenge, focused on the intersection of frontier AI models and quantum cryptanalysis.

At the bottom, it notes that

Alex Pruden is available for interview

Which he ought to be considering they just spent $78k on marketing.

Hooray for independent researchers!

6bit last year to 15bit now....hmmmm

How long would it take to break that same 15-bit EC key using a typical desktop computer?

https://twiiit.com/stevetipp/status/1962935033414746420