Blockchain forensics, legal filings, and geopolitical rivalries converge in one of the most complex digital asset controversies to date.
China’s National Computer Virus Emergency Response Center (CVERC) has ignited a digital storm with its latest technical report, alleging that the United States either orchestrated or later absorbed the 2020 theft of roughly 127,000 Bitcoin, worth about $13 billion today, from the Chinese LuBian mining pool. The report claims that the stolen coins, long dormant for nearly four years, began moving in mid-2024 to wallets later tagged by blockchain analytics firm Arkham as controlled by the U.S. government.
The allegation blurs the already thin line between cyber-forensics and statecraft in the era of digital assets. At the heart of this case is a chain of evidence both transparent and contested. U.S. prosecutors have confirmed filing a civil forfeiture complaint covering approximately 127,271 BTC, asserting that the assets are already in government custody.
According to the complaint, the funds are linked to alleged fraud and money laundering operations involving Chen Zhi and Prince Group, a Cambodian conglomerate with a controversial history of financial irregularities. The Justice Department maintains that the seized assets were criminal proceeds, not victims of state-sponsored hacking. Yet, the on-chain record paints a complex picture.
Independent blockchain researchers, including teams from TRM Labs, Elliptic, Arkham, and Blockscope, trace the 2020 LuBian drain to weak-key wallets generated with low entropy, a flaw that made them vulnerable to brute-force attacks. These wallets, created with insufficient randomness during key generation, drastically reduced the possible combinations for private keys. In technical terms, vulnerabilities documented in CVE-2023-39910 and further analyzed in the MilkSad study show how certain wallet libraries inadvertently produced predictable keys.

Blockchain forensics reveal that on December 28–29, 2020, hundreds of addresses associated with LuBian were simultaneously emptied. The funds then remained untouched until July 2024, when coordinated transfers began consolidating the BTC into clusters matching addresses later cited in U.S. court filings. This continuity of movement, dormancy, then consolidation, suggests the coins never left a narrow chain of custody, though who held the keys during those years remains the central mystery.
The geopolitical fallout has been swift. Beijing’s narrative frames LuBian as a victim of a sophisticated Western cyber operation, asserting that the pattern of transfers and the eventual U.S. control point to state-level involvement. Washington, by contrast, presents the seizure as a lawful act of asset recovery tied to criminal investigations. Both accounts lean on verifiable blockchain evidence, but interpret it through vastly different lenses.
Beyond the technical and legal specifics lies a broader question: how do we define digital sovereignty in a borderless financial system? When billions in cryptocurrency can change hands through brute-force code exploits, jurisdictional claims become blurred. The case underscores a new reality where national security, financial regulation, and cryptographic design intersect.
For now, the forensic record favors a weak-key exploitation theory over state-sponsored hacking. But the unanswered question, who originally controlled the private keys in 2020, remains pivotal. Until that is resolved, the LuBian case will continue to straddle the uneasy frontier between cybercrime, justice, and geopolitics.