Written by: Arkham
Translated by: Wenser, Odaily Planet Daily
Editor's note: As the cryptocurrency market is in a downward trend, on-chain data platform Arkham released a lengthy article yesterday exposing a hacking incident that can be considered the 'largest BTC theft in history,' involving the well-known BTC mining pool LuBian. This platform once controlled 6% of the total Bitcoin network hash power but suffered the theft of over 127,000 BTC in December 2020, currently valued at approximately 14.5 billion USD. Odaily Planet Daily will compile this nearly 5-year-old hacking incident for reader reference.
The largest BTC theft in history: over 127,000 BTC, currently valued at 14.5 billion USD
Recently, on-chain data platform Arkham disclosed that the 'largest BTC theft in history' has surfaced—the platform involved is the LuBian mining pool.
It is understood that the mining pool mainly deployed mining equipment in China and Iran. According to on-chain data analysis, in December 2020, 127,426 BTC were stolen from the LuBian mining pool, valued at 3.5 billion USD at that time and now worth approximately 14.5 billion USD. As of the time of writing, neither LuBian nor the hackers involved in this theft have publicly acknowledged the cyber attack.
On-chain data analysis chart
'LuBian BTC theft case' details are as follows:
In 2020, as one of the largest BTC mining pools in the world, LuBian officially began operations. Reports indicate that the pool was founded and managed by Chinese miners and is a private pool. According to Glassnode data, this pool started mining in March 2020; BTC.com shows that the Lubian pool first produced blocks in April 2020. By May 2020, it had nearly controlled 6% of the total Bitcoin network hash power. However, after block 672,636 on February 28, 2021, the mining activities of this pool came to an end.
LuBian mining pool once ranked in the top 10 of the industry
Number of blocks mined monthly by Lubian.com
On December 28, 2020, the LuBian mining pool was first attacked by hackers, with over 90% of the Bitcoin in the pool stolen.
On December 29, 2020, approximately 6 million USD worth of Bitcoin and USDT were stolen again from an active address belonging to Lubian on the Bitcoin Omni layer.
On December 31, 2020, LuBian transferred the remaining funds to other wallets.
On-chain message sent by LuBian to the hacker
According to the screenshot, all hacker addresses received OP_RETURN on-chain messages from LuBian, pleading with hackers to return the stolen funds.
According to on-chain information, LuBian sent these messages through 1,516 transactions, costing 1.4 BTC. This phenomenon indicates that these on-chain messages were not fabricated by other hackers through brute force cracking of private keys (note from Odaily Planet Daily: after all, very few people would send so many messages and incur such high costs for on-chain communication, unless compelled).
Current information shows that the LuBian mining pool may have used an algorithm that is susceptible to brute force attacks to generate its private keys, which became a vulnerability exploited by hackers.
On-chain information shows that LuBian mining pool related addresses still hold 11,886 BTC, currently valued at 1.36 billion USD.
LuBian address asset information
On the other hand, on-chain information shows that the hacker in the LuBian theft case still holds the stolen BTC, with their last on-chain activity being a wallet consolidation that took place in July 2024.
LuBian hacker address asset information
At that time, the value of the stolen assets from LuBian reached 3.5 billion USD, making it the largest hacker theft security incident in history.
Due to the continuous rise in Bitcoin prices since 2020, the 127,400 BTC stolen from LuBian is currently valued at approximately 14.5 billion USD. This asset made the LuBian hacker the 13th largest individual holding Bitcoin in Arkham's statistical data, even surpassing the hackers from the Mt. Gox theft case.
Additionally, according to information from an article on the Compass Mining website, the LuBian mining pool is suspected of having rebranded as Roadside Mining. Between May 2020 and February 2021, the LuBian mining pool's mining operations seemed to be in full swing, averaging a block mining volume of 174 per month. In nearly a year of mining, it accumulated over 16,200 BTC, which were worth over 1 billion USD at the price peak in April 2021.
And now, the once leading mining pool has ceased operations, leaving behind this 5-year-old history of the 'largest BTC theft in history,' making people sigh with emotion.
