Project Eleven flags “Q-Day” risk for Bitcoin as early as 2030, says 6.9 million BTC exposed

A new analysis by Project Eleven warns that “Q-Day,” the hypothetical point when quantum computers can break widely used public-key cryptography, could arrive as early as 2030, potentially putting millions of bitcoins at risk.

The estimate builds on recent demonstrations and academic work showing rapid progress in quantum attacks against elliptic curve cryptography, the mathematical foundation underpinning Bitcoin and other blockchain systems.

Project Eleven and related research suggest roughly 6.9 million BTC may already be exposed under certain conditions, particularly where public keys are visible on-chain.

Nearly 7 million BTC could be exposed on Q-Day

The warning follows a recent milestone in which a researcher derived a private key from a public key using quantum hardware in a controlled experiment. Project Eleven said on April 24 that the result represents “the largest public demonstration to date” of such an attack class, Cryptopolitan reported.

“The resource requirements for this type of attack keep dropping, and the barrier to running it in practice is dropping with them,” Chief Executive Alex Pruden said on April 24.

The experiment targeted ECDSA (Elliptic Curve Digital Signature Algorithm), the cryptographic scheme used by Bitcoin to sign transactions and prove ownership. It relies on the hardness of the elliptic curve discrete logarithm problem, which quantum algorithms such as Shor’s algorithm are designed to solve.

While the demonstration involved a small-scale key far below Bitcoin’s production standards, researchers say it illustrates a trajectory of accelerating capability.

Framing the risk: Mosca’s inequality

The findings are often contextualized using Mosca’s inequality, a framework stating that systems are at risk if the time needed to migrate to quantum-safe cryptography exceeds the time until quantum attacks become viable, minus the time data must remain secure.

Under this framing, even uncertain timelines can imply immediate action if migration timelines are long. Industry guidance from standards bodies already treats post-quantum transition as a multi-year effort, reinforcing concerns about coordination delays.

Project Eleven’s estimates align with broader industry analysis suggesting millions of bitcoin could be vulnerable in a worst-case quantum scenario, particularly those associated with reused addresses or previously revealed public keys.

Separate research cited by Google in March 2026 similarly warned that advances in quantum computing could reduce the resources needed to break Bitcoin’s cryptographic assumptions, potentially enabling private keys to be derived rapidly once exposed.

“The timelines are pushing from both ends. The quantum computers are getting more capable,” Pruden said in comments reported on March 31.

Migration debate and proposed Bitcoin quantum upgrades 

The findings are likely to intensify debate around protocol changes such as BIP-361 — a proposed Bitcoin Improvement Proposal outlining a transition to quantum-resistant signature schemes.

Advocates argue that early migration is essential due to Bitcoin’s decentralized governance, where upgrades require broad consensus and extended implementation periods.

Critics, however, caution that current quantum hardware remains far from breaking real-world 256-bit keys and warn against overinterpreting early-stage experiments.

Despite the warnings, experts remain divided on timing. Some argue that current demonstrations remain far from practical attacks on Bitcoin, noting that the gap between small-scale experiments and full cryptographic breaks is still substantial.

Others point to falling qubit requirements and accelerating research as evidence that preparation windows may be narrowing faster than expected.

Project Eleven said its projections should be viewed as risk-based scenarios rather than precise forecasts, emphasizing the need for early coordination across the ecosystem.