🕵️‍♂️ Overview of the Heist

Blockchain analytics firm Arkham Intelligence has revealed that in December 2020, the Chinese mining pool LuBian was hacked for 127,426 BTC—equivalent to about **$3.5 billion at the time ** .

With Bitcoin's value today, the stolen funds are now worth roughly **$14.5 billion **, making this the largest known cryptocurrency heist by value .

---

🚨 What Happened

LuBian, which had become the 6th-largest Bitcoin mining pool (with around 6% of the global hash‑rate), vanished in early 2021, never publicly acknowledging the hack .

Arkham traced the first breach to December 28, 2020, when over 90% of LuBian's BTC was siphoned off. A second hack on December 29 added over $6 million in BTC and USDT .

LuBian transferred the remaining 11,886 BTC into recovery wallets by December 31 .

---

🔓 How the Attack Happened

The attackers exploited a critical vulnerability in LuBian’s private key generation, which reportedly used 32-bit entropy—far too weak and susceptible to brute-force attacks. A basic gaming PC could crack it within days .

LuBian even tried to communicate with the hacker using OP_RETURN messages embedded in blockchain transactions—sending 1,516 messages (costing ~1.4 BTC), but received no response .

---

🕳️ Where Are the Funds Now?

Both the stolen BTC and LuBian’s remaining funds have remained dormant since July 2024, following a final wallet consolidation by the hacker .

The hacker now ranks among the top 13 Bitcoin holders globally .

---

🔍 Why It Matters

Although the infamous Mt. Gox hack involved more BTC (850,000 coins), the 2020 LuBian breach surpasses it in financial impact, given the higher value of Bitcoin at that time .

This incident lays bare the vulnerabilities of centralized mining pools, highlighting the vital need for robust private key generation and key management in crypto operations .

It underscores the power of on‑chain analytics in uncovering long-buried cybercrimes, even years after they occurred.

---

📌 Quick Summary Table

Detail Information

Victim LuBian mining pool (China/Iran)

Date of Hack December 28–29, 2020

Amount Stolen 127,426 BTC (~$3.5 B in 2020; now ~$14.5 B)

Key Vulnerability Weak 32-bit entropy in key generation

Remaining BTC 11,886 BTC moved into recovery

Fund Movement No activity since July 2024

Significance Largest crypto-heist by value

---

✅ Takeaways

This revelation is the first public confirmation of the incident.

It serves as a stark reminder of how critical key security is in crypto infrastructure.

The case also shows how long breaches can stay hidden—and how blockchain tracing can eventually expose them.