Redazione RHC : 4 August 2025 11:29
In December 2020, the Chinese mining pool LuBian, which at the time occupied nearly 6% of the total Bitcoin network capacity, was the victim of an attack whose full extent has only now been revealed.
The Arkham Intelligence team discovered that 127,426 BTC were withdrawn from the pool’s wallets: at the time, the amount was $3.5 billion, while its value is now estimated at $14.5 billion. This makes the incident the largest cryptocurrency theft in history, even before the infamous Mt. Gox hack.
There have been no official statements from LuBian or the attackers in the past four years. Only by analyzing data from the Arkham blockchain was it possible to paint a picture of what was happening for the first time. According to their research, on December 28, 2020, over 90% of all assets disappeared from the pool addresses at once. The next day, December 29, another Bitcoin and USDT worth approximately $6 million were stolen from another LuBian wallet using the Bitcoin Omni Layer protocol.
The final step in evacuating the surviving funds was taken on December 31, when the remaining coins were transferred to special reserve addresses. These transactions were accompanied by an unusual message: the pool sent a series of commands to the attacker’s addresses with data in OP_RETURN, a hidden field in Bitcoin transactions. In these messages, LuBian apparently addressed the attacker directly with a demand for the return of the assets. To send these messages, the pool team spent 1.4 BTC and executed 1,516 separate transactions. This step indicates that only the real owner retained access to the funds, and not a fake third-party participant who managed to obtain the private keys.
The analysis points to a possible root cause of the disaster: the generation of private keys using a vulnerable algorithm. This could have opened the door to a brute-force attack, allowing an attacker to gain access to the underlying wallets without hacking the infrastructure or resorting to social engineering.
However, approximately 11,886 BTC were saved, worth over $1.35 billion today, and are still under LuBian’s control. The hackers’ addresses appear to contain the stolen assets in a largely unaltered state. The last recorded activity dates back to July 2024 and represents a consolidation of funds, likely to improve anonymity or prepare for future moves.
According to Arkham, the attacker is now one of the largest Bitcoin holders: 13th in terms of assets, even ahead of infamous Mt. Gox. Against the backdrop of the rapidly rising price of BTC, the scale of what happened seems even more astonishing: the extent of the damage has quadrupled, while the attack itself remained undetected for almost five years. A suspiciously long period, especially considering the scale and openness of the blockchain.
The largest cryptocurrency hack in history, hidden from the public for so long, has once again raised questions about vulnerabilities even among major players. The problem of weak key generation algorithms, seemingly solved in the past, has led to multi-billion dollar losses and demonstrated that even giants can be vulnerable.
Redazione