In the largest undisclosed cryptocurrency theft in history, blockchain analytics company Arkham Intelligence revealed an astonishing theft of 127,426 Bitcoin, worth $14.5 billion today, from the Chinese mining group LuBian. The theft, which occurred in December 2020, went undetected for years while rumors of LuBian's sudden disappearance in early 2021 spread.

However, Arkham's latest findings suggest that this was not a quiet shutdown or a government action - but a serious breach possibly caused by a weak private key algorithm. The attacker has not moved the stolen BTC in over a year, leaving many mysteries, technical flaws, and unanswered questions.

What Has Arkham Intelligence Discovered?

Arkham Intelligence has brought a four-year-old cryptocurrency mystery back into the spotlight. According to this blockchain analytics company, a total of 127,426 BTC - worth about $14.5 billion today - was stolen from the Chinese mining group LuBian in December 2020.

At that time, the value of the stolen Bitcoin was around $3.5 billion, making this the largest known theft in cryptocurrency history by USD value at the time it occurred.

While hacks like Mt. Gox involved more coins (744,000 BTC), the price of Bitcoin at that time meant those losses were worth hundreds of millions, not billions.

Who or What is LuBian?

LuBian is not just a small mining group. Launched in April 2020, just a few months later, it became the sixth largest mining group on the Bitcoin network. On its website, LuBian proudly claims to be the "safest, highest-yield mining group in the world." But then in early 2021, it vanished without a word of explanation.

At that time, many theories were proposed. Perhaps Chinese regulators shut it down. Or maybe it was privatized. But according to Arkham's latest research, the truth may be darker — LuBian did not escape; it was wiped out by a major cyberattack that drained nearly all of its Bitcoin reserves in just a few days.

How Did the Hack Occur?

This is when things get complicated. Arkham believes that the attacker exploited a flaw in LuBian's private key generation algorithm. Simply put, LuBian used an unsafe method to create private keys, possibly using predictable patterns or brute-force attacks.

On December 28, 2020, hackers were said to have stolen over 90% of LuBian's Bitcoin. The very next day, an additional $6 million in BTC and USDT was withdrawn from LuBian's Omni Layer Bitcoin address. This was not just a single intrusion - but an organized and ongoing attack.

What Happened After the Theft?

LuBian did not remain silent. It used Bitcoin's OP_RETURN field — a little-used feature that allows data to be embedded into a transaction — to send a direct message to the hackers. The content of the message resembled a digital ransom note, calling the attacker a potential white hat hacker and offering a reward if the stolen assets were returned.

Here is a part of the content that LuBian wrote:
"To the white hat hackers saving our assets, you can reach out to us... to discuss the return of the assets and your rewards."

But so far, no information has been returned. Interestingly, no stolen BTC has been moved since July 2024, suggesting the attacker is either extremely patient, extremely cautious, or simply unable to move this money without detection.

LuBian did not lose everything. About 11,886 BTC - now worth $1.35 billion - were secured and still remain in their known cryptocurrency wallets. That is still a massive cryptocurrency asset, but it pales in comparison to the amount stolen.

This incident is a wake-up call for the mining ecosystem. It shows that even large and successful mining groups can collapse overnight if they neglect best key management practices. Unlike smart contract hacks or scams, this attack targeted the core of cryptocurrency security: private key generation.

That's really rare. And really scary.

Will the Stolen BTC Ever Be Recovered?

This is unlikely. These coins have not been laundered or mixed — so far — but their massive volume makes them dangerous. Moving even a tiny fraction of the 127,426 BTC would immediately attract attention from every major exchange, law enforcement agency, and blockchain analyst in the world.

Hackers may try to wait until blockchain monitoring becomes less effective, but with platforms like Arkham and Chainalysis becoming increasingly sophisticated, that opportunity will grow slimmer.

What's Next?

Arkham's report has reignited interest in the case. If law enforcement was previously unaware of the hack, they are now surely informed. And if the attacker moves the BTC, it will trigger real-time alerts across the entire cryptocurrency intelligence community.

In the meantime, the lesson is very clear: cryptocurrency security is not just about protecting against phishing emails or smart contract bugs — but also starts from the basics like controlling private keys. A flawed algorithm can cause billions in damages.