127,426 BTC stolen from LuBian in 2020 remained undisclosed until Arkham's 2025 investigation.
The hacker now holds the 13th largest Bitcoin wallet, surpassing the Mt. Gox thief.
Weak private key generation tied to 32-bit entropy enabled the security breach.
A major Bitcoin theft involving 127,426 BTC has now been confirmed by blockchain intelligence firm Arkham. The stolen amount, valued at over $14.5 billion today, was taken from the China-based mining pool LuBian. This breach, which occurred in late 2020, went unreported for years and is now the largest known theft in cryptocurrency history. Arkham’s investigation marks the first time this attack has been publicly documented.
https://twitter.com/arkham/status/1951729790299394113 Silent Breach Remained Hidden for Nearly Five Years
According to Arkham, the theft started on December 28, 2020. Within one day, another $6 million worth of BTC was removed. LuBian did not report the breach at the time. The stolen Bitcoin represented more than 90% of LuBian’s reserves, severely impacting its operations. The mining pool was once a major player, controlling almost 6% of the Bitcoin network hash rate.
https://twitter.com/arkham/status/1951729792388132975
The attacker’s current wallet holdings rank 13th globally in terms of Bitcoin ownership. This places the hacker above the Mt. Gox thief in total BTC held. Despite losing most of its assets, LuBian managed to retain 11,886 BTC, currently worth around $1.35 billion. Arkham’s tracking system followed the stolen funds through hundreds of addresses across the blockchain.
Weak Private Key Generation Led to the Security Failure
Arkham’s analysis found that LuBian’s systems used weak private key generation, making them vulnerable to brute-force attacks. The mining pool’s use of 32-bit entropy, a known vulnerability, likely contributed to the exposure. This flaw had been exploited in past incidents involving wallet breaches linked to similar codebases.
https://twitter.com/arkham/status/1951729798285340956
Following the hack, LuBian used Bitcoin’s OP_RETURN function to send over 1,500 messages to the attacker. These messages included a total of 1.4 BTC and offered a reward in exchange for the return of funds. The thief did not respond, and the funds remain under control of the original attacker.
Surpassing Bybit in Scale and Impact
The LuBian theft now exceeds the $1.4 billion Bybit Ethereum hack, previously considered the largest. Arkham’s visual analysis mapped the flow of stolen Bitcoin across many wallet clusters. This revealed a structured movement pattern designed to avoid detection.
At the time of the breach, LuBian operated across China and Iran and held a significant mining market share. The security flaw that led to the hack had ties to the Trust Wallet codebase, which was previously targeted in similar exploits. The scale and secrecy of the theft have made it a central case in ongoing blockchain investigations.
