Project Eleven paid a quantum prize for a random number generator

Project Eleven, the quantum cybersecurity startup backed by Coinbase Ventures, Balaji Srinivasan, Castle Island Ventures, and Variant, awarded a one bitcoin (BTC) prize last week to a researcher who claimed to have broken a 15-bit elliptic curve key on IBM Quantum hardware.

However, despite a Project Eleven press release framing it as the largest public quantum attack on the cryptography securing “Bitcoin, Ethereum, and over $2.5 trillion in Elliptic Curve Cryptography-secured digital assets,” several independent reviewers managed to replicate the feat using non-quantum, classical computing tactics like random number generation.

Indeed, within hours of the news, independent Bitcoin developers reproduced the supposed breakthrough on home computers.

Using no quantum computing, they showed that the prize winner basically repurposed a fancy random number generator.

Replicating a quantum prize win with home hardware

Researcher Yuval Adam ran one of the replication experiments using the public code of prize winner Giancarlo Lelli, a specialist whose GitHub repository hosts the winning submission.

However, Adam swapped Lelli’s IBM Quantum backend for a far more basic random number source, Linux kernel’s /dev/urandom.

Adam mostly left the rest of the setup alone, then opened a pull request against Lelli’s repository, documenting the outcome.

Finally, Adam asserted that random data from a non-quantum laptop provided a classical computer as much brute force energy as Lelli’s “IBM Quantum” backend for the goal of recovering a cryptographic private key from a public key.

He posted the summary on X: “I replaced the quantum computer with /dev/urandom. It still recovers the key.”

In the end, Linux’s urandom helped a regular computer recover the key in an comparable number of attempts to the supposed quantum backend.

Classical computations wearing quantum costumes

Former Bitcoin Core maintainer Jonas Schnelli claimed to have reproduced the prize-winning pipeline in roughly 20 lines of Python without any quantum hardware. 

Schnelli summarized, “The quantum computer contributed nothing (noise)! The answer was recovered by a classical checker sifting random noise.”

Coldcard founder NVK read the source code and reached the same verdict, calling the demonstrations “classical computations wearing quantum costumes.” 

Lelli’s own README conceded the point in plain text: “When shots >> n, random noise alone can recover d with high probability.”

Project Eleven’s three-judge panel awarded the BTC anyway.

Read more: The internet is laughing at El Salvador’s ‘quantum-safe’ bitcoin

A Community Note and a venture round

Project Eleven’s announcement on X now carries a Community Note fact-check, arguing that the recovery method works even when the quantum output is replaced with random data and a classical computer, providing no quantum advantage over classical computing.

Ark Labs engineer Alex Bergeron was blunter, saying, “TLDR; zero accountability. We shopped a parlor trick around to media publications because our goal isn’t really to help Bitcoin, it’s to raise another round.”

The potential conflict of interest is hard to overlook. Project Eleven, founded by Stanford graduate Alex Pruden, closed a $20 million Series A in January at a $120 million valuation.

The company sells post-quantum migration tooling. It designed the Q-Day Prize, picked the judges, awarded the bounty, and issued the press release warning that 6.9 million BTC sit in wallets exposed to quantum attack.

After reading numerous social media complaints, Pruden later conceded on X that the demonstration represented “incremental progress in a noisy, early field,” while complaining that critics somehow “moving goalposts” were the real problem.

His own press release had described the supposed breakthrough as the largest public demonstration of an attack threatening trillions of dollars.

As Protos has previously documented, fears about quantum breakthroughs are ramping up due to accelerating post-quantum deadlines from Cloudflare, Google, and IBM.

Newly accelerated deadlines cluster around the year 2029 to the very early 2030s. Unfortunately, Project Eleven’s prize money rewarded publicity over cybersecurity progress toward meeting these deadlines.

Undeterred, the company is now developing its next contest.

Got a tip? Send us an email securely via Protos Leaks. For more informed news, follow us on X, Bluesky, and Google News, or subscribe to our YouTube channel.