On August 2, 2025, blockchain analytics firm Arkham Intelligence revealed that Chinese mining pool LuBian suffered what appears to be the largest Bitcoin heist in history, with 127,426 BTC stolen in December 2020—worth approximately $3.5 billion at the time and now valued at $14.5 billion.
LuBian, which controlled nearly 6 percent of the Bitcoin network’s total hash-rate as of May 2020, never publicly disclosed the breach, and the stolen funds have remained dormant aside from a consolidation in July 2024.
The attackers exploited a vulnerability in LuBian’s private key generation algorithm—suspected to be weak against brute-force attacks—to derive keys and transfer 127,426 BTC out of the pool’s custody.
With this volume, the heist eclipsed previous records such as the Mt. Gox incident (25,000 BTC) and the $1.5 billion ByBit exploit in February 2025.
The day following the initial breach—December 29, 2020—Arkham identified an additional theft of approximately $6 million in BTC and USDT from a LuBian address on the Bitcoin Omni layer.
In total, LuBian lost and never recovered more than 90 percent of its held assets before taking emergency steps to salvage remaining funds.
Bitcoin Hack
In the immediate aftermath, LuBian’s operators rotated the residual 11,886 BTC—then worth hundreds of millions—into designated recovery wallets by December 31, 2020.
To signal legitimacy and plea for restitution, the pool sent 1,516 OP_RETURN messages embedded in small transactions directed at the hacker’s addresses, expending 1.4 BTC in fees in hopes of initiating contact.
One message read: “To the whitehat who is saving our asset, you can contact us through discuss the return of asset and your reward”.
These repeated on-chain communications underscored the genuine nature of the recovery attempt.
According to Arkham’s on-chain investigation, the exploit occurred on December 28, 2020, when threat actors drained over 90 percent of LuBian’s BTC reserves in a single transaction.
Despite these efforts, neither LuBian nor the hacker ever publicly acknowledged the incident, and the remaining stolen coins have stayed largely untouched, making the hacker’s wallet the 13th largest BTC holder at present.
Implications for Crypto Security
Arkham’s findings expose critical weaknesses in key-generation practices within early mining infrastructure.
This unprecedented theft serves as a stark reminder of the evolving threat landscape in cryptocurrency and the paramount importance of rigorous key management, proactive security audits, and transparent incident reporting across the industry.
The apparent use of a flawed random number generator or algorithm permitted brute-force attacks capable of compromising high-value custodial addresses.
This breach highlights the necessity for mining operations and custodial services to adopt industry-standard key derivatives and entropy sources to prevent similar exploits.
Moreover, the LuBian hack illustrates that significant security incidents may remain undetected for years, particularly when victims opt for discreet exit strategies over public disclosure.
As of August 2025, the stolen 127,426 BTC remain frozen in web-tracked addresses since a July 2024 consolidation, reaffirming the persistent challenge of asset recovery once private keys are compromised.
Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant Updates.
.webp?w=356&resize=356,220&ssl=1 "Microsoft Teams Blocking Users from Accessing Embedded Office Documents")
