Italian Researcher Wins 1 BTC Bounty for 32,767-Bit Quantum Attack on Elliptic Curve Keys

Gate News message, April 24 — Giancarlo Lelli, an Italian researcher, has been awarded one Bitcoin after demonstrating the largest-scale quantum attack on elliptic curve cryptography to date. The breakthrough escalates concerns about quantum threats to Bitcoin, Ethereum, and other assets secured by elliptic curve cryptography (ECC), potentially affecting over $2.5 trillion in digital assets.

Lelli used a variant of Shor's algorithm on cloud-accessible quantum hardware to derive private keys from public keys by targeting the Elliptic Curve Discrete Logarithm Problem (ECDLP). His achievement expanded the attack range from 6 bits (demonstrated by Steve Tippeconnic in September 2025) to 32,767 bits in just seven months—a 512-fold increase. Notably, Lelli accomplished this without special equipment, institutional funding, or illegal methods, using only hardware available to motivated researchers.

The theoretical threat timeline has also accelerated. Google's April 2026 whitepaper estimated that a full 256-bit attack on Bitcoin would require approximately 500,000 physical qubits, down from earlier estimates of several million. A subsequent paper from Caltech and Oratomic reduced this further to as few as 10,000 qubits using neutral-atom architecture. Approximately 6.9 million Bitcoins are stored in addresses where public keys are already on-chain, including Satoshi Nakamoto's estimated 1 million BTC, making them potentially vulnerable to such attacks.

In response, Bitcoin developers are reviewing quantum-resistant proposals including BIP-360 (introducing quantum-resistant transaction formats) and BIP-361 (phasing out older systems and freezing non-migrated tokens). Ethereum has also established a post-quantum security team to identify and replace vulnerable components. Lelli's success demonstrates that the practical threat is advancing faster than previously predicted.