5 hours ago
2
In what could be the largest undisclosed crypto theft in history, blockchain analytics firm Arkham Intelligence has revealed a stunning heist of 127,426 Bitcoin, valued at $14.5 billion today, from Chinese mining pool LuBian. The theft, which took place in December 2020, went unnoticed for years while rumors swirled about LuBian’s sudden disappearance in early 2021. But Arkham’s latest findings suggest it wasn’t a quiet shutdown or government action—it was a catastrophic breach likely caused by a weak private key algorithm. The attacker hasn’t moved the stolen BTC in over a year, leaving behind a trail of mystery, technical failures, and unanswered questions.
What Did Arkham Intelligence Discover?
Arkham Intelligence has brought a four-year-old crypto mystery back into the spotlight. According to the blockchain analytics firm, a total of 127,426 BTC — worth roughly $14.5 billion today — was stolen from Chinese mining pool LuBian in December 2020. At the time, the value of the stolen Bitcoin was around $3.5 billion, making this the largest known single theft in crypto history by USD value at the time of occurrence.
While hacks like Mt. Gox involved more coins (744,000 BTC), Bitcoin’s price back then meant those losses were worth hundreds of millions, not billions.
Who or What Was LuBian?
LuBian wasn’t just another small-time mining pool. It launched in April 2020 and, in a matter of months, became the sixth-largest mining pool on the Bitcoin network. On its website, it boldly called itself “the safest high-yielding mining pool in the world.” But then in early 2021, it disappeared without explanation.
At the time, theories swirled. Maybe Chinese regulators had shut it down. Maybe it went private. But according to Arkham’s latest research, the truth may be darker — LuBian didn’t exit; it was obliterated by a massive breach that drained nearly all its Bitcoin reserves in a matter of days.
How Was the Hack Pulled Off?
Here’s where it gets technical. Arkham believes the attackers exploited a vulnerability in LuBian’s private key generation algorithm. Simply put, LuBian used an insecure method to generate private keys, possibly using patterns that could be guessed or brute-forced.
On December 28, 2020, hackers allegedly stole over 90% of LuBian’s Bitcoin. The very next day, an additional $6 million in BTC and USDT was siphoned off from LuBian's Bitcoin Omni Layer address. This wasn’t just a single breach — it was a sustained, coordinated takedown.
What Happened After the Theft?
LuBian didn’t stay silent. It used Bitcoin's OP_RETURN field — a little-used feature that lets you embed data in transactions — to send messages directly to the hacker. The messages read like digital ransom notes, calling the attacker a potential whitehat and offering a reward if the stolen assets were returned.
Here’s part of what LuBian wrote:
“To the whitehat who is saving our asset, you can contact us...to discuss the return of asset and your reward.”
But so far, nothing’s been returned. Interestingly, none of the stolen BTC has moved since July 2024, suggesting the attacker is either incredibly patient, extremely cautious, or simply unable to move the funds without detection.
LuBian didn’t lose everything. About 11,886 BTC — currently valued at $1.35 billion — was preserved and remains in their known wallets. That’s still a massive chunk of crypto wealth, but it's a far cry from what was stolen.
This case is a wake-up call for the mining ecosystem. It shows that even large, successful pools can crumble overnight if they ignore key management best practices. Unlike smart contract exploits or phishing scams, this hack targeted the core of crypto security: private key generation.
That’s rare. And it’s terrifying.
Will the Stolen BTC Ever Be Recovered?
It’s unlikely. The coins haven’t been laundered or mixed — yet — but their sheer volume makes them radioactive. Moving even a fraction of 127,426 BTC would draw instant attention from every major exchange, law enforcement agency, and blockchain analyst in the world.
The hacker may try to wait until blockchain surveillance becomes less effective, but with platforms like Arkham and Chainalysis getting more advanced, that window keeps closing.
What's Next?
Arkham’s report has already reignited interest in the case. If law enforcement wasn’t fully aware of the hack before, they certainly are now. And if the attacker moves the BTC, it’ll trigger real-time alerts across the crypto intelligence community.
Meanwhile, the lesson is clear: crypto security isn’t just about protecting against phishing emails or smart contract bugs — it starts with the fundamentals like private key hygiene. One flawed algorithm can cost billions.
$Bitcoin, $BTC
English (US) · 