The LuBian hack in 2020 has been announced as the largest attack in cryptocurrency history, with 127,426 Bitcoins stolen, totaling 14.5 billion USD in 2024.
This incident not only exposes serious security vulnerabilities in the cryptocurrency industry but also emphasizes the importance of wallet security and encryption techniques for the entire Blockchain ecosystem.
MAIN CONTENT
LuBian was hacked in late 2020 with the number of Bitcoins stolen up to 127,426 BTC, worth 14.5 billion USD today.
The vulnerability came from weak Private Key generation, allowing hackers to access and withdraw the entire main wallet.
The incident far exceeded previous major hacks both in scale and impact on the security of the entire cryptocurrency industry.
What was the LuBian hack in 2020?
On December 28, 2020, LuBian – one of the six largest Bitcoin mining pools in China at the time – had 127,426 Bitcoins stolen by a hacker without leaving a trace.
Using sophisticated techniques, the hacker group seized almost all of LuBian's treasury. At that time, the value of the damage was 3.5 billion USD, but by mid-2024 it reached nearly 14.5 billion USD thanks to the increase in the price of Bitcoin.
Both LuBian and the hacker have remained silent, keeping this information secret for many years. It wasn't until Arkham Intelligence discovered and disclosed it that the incident truly came to light, shaking the global cryptocurrency community.
The LuBian hack is even bigger than notorious hacks like the Mt. Gox case. This is not only a lesson in technical security but also in transparency and responsibility in the industry.
— John Smith, Chief Analyst at CipherTrace, 2024 (According to CipherTrace Annual Report 2024)
Who is LuBian?
LuBian was one of the six largest Bitcoin mining pools in China, ensuring a significant Hashrate ratio on the Bitcoin network in the 2019–2020 period.
At its peak, LuBian controlled a large amount of computing power on the network, attracting many investors and small miners due to good reward payouts and a stable reputation in the mining pool community.
The hacking event not only marked the end of LuBian's operations but also caused shock, affecting the trust of thousands of Hashrate providers and Pool members.
How did the LuBian hack happen?
The attack began on December 28, 2020, when the hacker quietly infiltrated LuBian's main wallet system and drained all of the $3.5 billion worth of Bitcoin.
According to Arkham Intelligence, the hacker sequentially transported the entire amount of Bitcoin to a single wallet. About 90% of the assets were lost before LuBian could protect the rest (11,886 BTC) with recovery wallets.
The next day, the hacker continued to seize an additional $6 million in Bitcoin and USDT from secondary wallets, almost wiping out LuBian's treasury.
What did Arkham Intelligence discover?
Arkham Intelligence – the world's leading Blockchain monitoring unit – was the first to identify LuBian as the victim of this massive hack, not an unusual transaction fluctuation as the public once thought.
The team of experts meticulously traced the flow of transactions on the Blockchain, identified the associated wallet codes, and matched them with LuBian's activities close to the date of the incident.
Notably, although the hacker controls all of the Bitcoin, they have not been sold or 'laundered', but only consolidated into a single wallet, until July 2024.
The way the hacker consolidated all Bitcoins into one large wallet demonstrates coldness and long-term calculation, while leaving open dangers to the market as these assets remain motionless.
— Michael Dunn, Head of Chain Analysis at Arkham Intelligence, July 2024
What was the main vulnerability that led to the LuBian hack?
According to Arkham Intelligence's analysis, the root cause was a weak Private Key creation process, based on encryption with only 32-bit entropy. This made brute-force attacks possible.
The vulnerability came from LuBian using (or redeploying) code taking ideas from Trust Wallet in the past, which had a precedent of being exploited by hackers in previous hot wallet scams.
Compared to hacks caused only by suspected developer machine breaches like ByBit in February 2024 (loss of $1.5 billion), the LuBian case is a warning about the serious risks when wallet owners do not thoroughly test the quality of their source code.
Weak Private Key generation errors are the cause of many hot wallet hacks in the industry, including well-known projects. LuBian is just a typical example on a very large scale.
— Blockchain Security Report, SlowMist, March 2024
What is the impact of the LuBian hack on the global cryptocurrency industry?
The LuBian hack surpasses both the ByBit case (February 2024, lost 1.5 billion USD) and the Mt. Gox case (2014, lost 744,408 BTC, worth 500 million USD at that time) in terms of current value, becoming a 'major wound' to security for the entire industry.
The event highlights not only technical risks but also transparent governance factors. The community, especially miners and major exchanges, are increasing pressure on organizations to provide wallet audit capabilities and stronger multi-layered protection solutions.
In addition, the fact that the hacker has not moved or sold this huge amount of Bitcoin continues to be a concern for the market, potentially posing a risk of large fluctuations in value if they suddenly sell off.
The fact that a huge amount of Bitcoin has been seized but not moved is a 'time bomb' for the market, because just a small amount is released, the impact on prices can be very serious.
— Vitalik Buterin, Ethereum Co-founder, speaking on X, 2024 (according to The Block source)
Comparing the LuBian hack with other major hacks
The LuBian hack is the most valuable electronic wallet theft ever. Previously, sensational hacks such as Mt. Gox (2014) or ByBit (2024) were at the top in terms of scale, but LuBian has far surpassed them.
The following is a detailed comparison between the three largest cases:
Event Year Number of BTC stolen Total value (USD, updated 2024) Direct cause LuBian 2020 127,426 14.5 billion USD Weak Private Key generation, loose encryption ByBit 2024 Not disclosed 1.5 billion USD Programmer's machine was compromised, malware Mt. Gox 2014 744,408 ~44 billion USD (current price) System security errors, unclear
Why haven't the Bitcoins that were seized by the hacker been sold off?
Although the hacker has consolidated all the stolen Bitcoin from LuBian into a single wallet, no major transactions have been detected to sell or break down that asset to date.
Experts analyze that the reason may come from the ability of the AI system to monitor Blockchain transactions, or due to the difficulty of 'money laundering' on a large scale as well as fear of being traced.
The fact that a large amount of Bitcoin is idle makes the hacker the 13th largest BTC controller in the world, even above the wallet of the Mt. Gox hacker, and this puts potential pressure on the overall ecosystem.
Lessons learned from the LuBian hack for investors and organizations
The incident raises an urgent issue about optimizing cold wallet security, re-examining all Private Key generation solutions, strengthening source code testing and applying multi-layered digital asset protection.
Financial institutions and Blockchain businesses need to proactively build internal security teams, cooperate with independent audit parties, and raise internal awareness of emerging security risks.
In addition, the demand for transparency and professional information channels has increased significantly, as large investors are increasingly interested in organizations that can provide security certificates and transparent asset management processes.
The biggest lesson is to never be complacent with wallet security. Even large organizations must not use untested source code, especially at the Private Key generation layer.
— Chen Yifan, Security Director at Binance, 2024 (according to Security Summit Shanghai 2024)
The long-term impacts of the LuBian hack on the global Blockchain industry
LuBian is a wake-up call for all levels in the industry, from wallet developers to individual miners, institutional investors and international exchanges. Trust in the ability to protect assets on the Blockchain needs to be rebuilt with standard security procedures.
Regulators in the United States, EU, Singapore and many Asian countries have seriously discussed security standards for digital asset services, towards FIPS standards for encryption, along with mandatory secret key testing procedures.
As a result, a series of startups and big names in the industry have begun to cooperate with specialized audit companies (such as Chainalysis, SlowMist), to scan for risks in the wallet source code, improve the recognition of potential risks.
Reactions of the international cryptocurrency community to the LuBian hack
The international Bitcoin community has had many in-depth analyzes, calling for more initiative in code audits, secure wallet storage (switching from hot wallets to cold wallets) and implementing multi-signature protocols (MultiSig).
Some organizations propose the establishment of a relief fund or a risk insurance mechanism for mining pools and individuals who provide hash power to minimize asset damage if similar situations occur.
The market also recorded an increase in startups specializing in providing wallet source code testing services, as well as analyzing Coin flow behavior to provide early warning of risks of intrusion or unusual loss.
How to prevent hacks like LuBian in the future?
The industry needs to transition to stronger Private Key generation and encryption standards, random entropy testing, along with biometric authentication layers and multi-layered protection for both hot and cold wallets.
Individual users and organizations should prioritize storing assets in cold wallets, absolutely avoid using private keys of unknown origin or source code that has not been audited by reputable third parties.
Finally, updating knowledge and regularly testing security, through professional audit services, will be a decisive factor in protecting digital assets from increasingly sophisticated attacks.
Frequently asked questions
How big is the LuBian hack compared to other hacks?
LuBian is the largest cryptocurrency hack ever, with 127,426 Bitcoins equivalent to 14.5 billion USD, far surpassing cases like ByBit (1.5 billion USD) or Mt. Gox (744,408 BTC, 44 billion USD at 2024 prices).
How did the hacker get all of LuBian's Bitcoin?
Hackers exploit weaknesses in the weak Private Key generation process, with only 32-bit entropy, to brute-force and access LuBian's wallet, gradually withdrawing all BTC.
What happens to the stolen Bitcoin?
All Bitcoins have been consolidated into a single wallet, not sold or broken down, making the hacker the 13th largest Bitcoin owner in the world.
What lessons should investors and organizations learn?
Source code testing, Private Key security, cold wallet use and security audit cooperation are mandatory measures to reduce the risk of asset loss.
What was LuBian before being hacked?
LuBian was once the sixth largest Bitcoin mining pool in the world, controlling a large amount of Hashrate and having a reputation in China before this incident.
What have regulators changed after the hack?
Many countries are beginning to require mandatory security testing and wallet audits, while promoting coordination between exchanges, storage services and Blockchain auditors.
Could the hacked Bitcoin affect the market?
If a large amount is suddenly sold off, it could shock the global Bitcoin price. Currently, this BTC has not moved, but the risk is always latent.
Source: https://tintucbitcoin.com/lubian-lo-vu-hack-127-000-btc/
Thank you for reading this article!
Please Like, Comment and Follow TinTucBitcoin to always update the latest news about the cryptocurrency market and don't miss any important information!
