A recent investigation by onchain analytics firm Arkham Intelligence suggests that a major Bitcoin heist—possibly the largest ever—took place in late 2020, targeting a little-known Chinese mining pool called LuBian.
In a detailed thread shared on X on August 2, Arkham revealed that 127,426 BTC, worth approximately $3.5 billion at the time, was stolen from LuBian in December 2020. This cyberattack had gone unreported until now, with neither the mining pool nor the alleged perpetrator making any public statements about the breach.
A Silent Breach with Massive Implications
LuBian rose rapidly in 2020 to become one of the top mining pools globally, reportedly contributing around 6% of the Bitcoin network’s hash rate by May of that year. If Arkham’s findings are confirmed, the size of the loss would surpass the Mt. Gox and Bitfinex hacks in terms of value at the time of theft. Arkham’s data shows that on December 28, 2020, LuBian lost over 90% of its BTC holdings in a single exploit. Two days later, an additional $6 million in Bitcoin and USDT was siphoned off from a related wallet linked to the Bitcoin Omni protocol. By December 31, LuBian had reportedly transferred its remaining 11,886 BTC to separate recovery wallets in an attempt to secure what was left.
.read-more {background-color: #343a40 !important;}
READ MORE:
Bitcoin Profit Supply Drops to 91%—Swissblock Flags Critical Support Range
Blockchain Clues and a Direct Plea to the Hacker
A striking aspect of Arkham’s report is its focus on the OP_RETURN messages found within the Bitcoin blockchain—transactions that allow the embedding of metadata. The analysis uncovered that LuBian spent 1.4 BTC across more than 1,500 micro-transactions trying to reach out to the hacker, pleading for the return of the stolen assets. Arkham believes this strongly suggests that the messages were legitimate and sent by the rightful wallet owner.
What Went Wrong?
According to Arkham, the breach may have stemmed from a vulnerability in LuBian’s key generation algorithm, potentially exposing private keys to brute-force attacks. While the exact nature of the exploit remains speculative, Arkham’s evidence points to serious flaws in wallet security practices. Interestingly, the stolen BTC has remained mostly inactive since the incident. The last notable movement was a wallet consolidation observed in July 2024, hinting that the attacker might still be holding onto the funds.
Kosta Gushterov
Kosta has been working in the crypto industry for over 4 years. He strives to present different perspectives on a given topic and enjoys the sector for its transparency and dynamism. In his work, he focuses on balanced coverage of events and developments in the crypto space, providing information to his readers from a neutral perspective.
