Original author: Arkham
Translated by | Odaily Planet Daily
Translator | Wenser
Editor's note: Amid a downward trend in the cryptocurrency market, the on-chain data platform Arkham published a lengthy article yesterday revealing a hacker incident that can be called the 'largest BTC theft in history,' involving the well-known BTC mining pool LuBian. The platform once controlled 6% of the total computing power resources of the Bitcoin network, but in December 2020, over 127,000 BTC were stolen, currently valued at approximately $14.5 billion. Odaily Planet Daily will organize this long-buried hacker incident that has remained hidden for nearly 5 years for readers' reference.
The largest BTC theft in history: over 127,000 BTC, currently valued at $14.5 billion
Recently, the on-chain data platform Arkham revealed that the 'largest BTC theft in history' has come to light— the platform involved is LuBian mining pool.
It is understood that the mining pool mainly deployed its mining equipment in China and Iran. According to on-chain data analysis, in December 2020, 127,426 BTC were stolen from LuBian mining pool, valued at $3.5 billion at that time, now worth about $14.5 billion. As of the time of publication, neither LuBian nor the hackers involved in this theft have publicly acknowledged the hacking attack.
On-chain data analysis chart
Details of the 'LuBian BTC theft case' are as follows:
In 2020, as one of the world's largest BTC mining pools, LuBian officially began operations. Reports indicate that the mining pool was founded and managed by Chinese miners and is a private mining pool. According to Glassnode data, the mining pool started mining in March 2020; BTC.com shows that the Lubian mining pool produced its first block in April 2020. By May 2020, it nearly controlled 6% of the total computing power resources of the Bitcoin network. However, after block 672,636 on February 28, 2021, the mining activities of this pool ceased.
LuBian's mining pool once ranked in the top 10 of the industry
The number of blocks mined monthly by Lubian.com
On December 28, 2020, LuBian mining pool was first attacked by hackers, with over 90% of the Bitcoin in the pool being stolen.
On December 29, 2020, approximately $6 million worth of Bitcoin and USDT were stolen again from an active address on the Bitcoin Omni layer belonging to Lubian.
On December 31, 2020, LuBian transferred the remaining funds to other wallets.
LuBian's on-chain message to the hacker
According to screenshots, all hacker addresses received OP_RETURN on-chain messages from LuBian, pleading with the hackers to return the stolen funds.
According to on-chain information, LuBian sent these messages through 1,516 transactions, spending 1.4 BTC to do so. This phenomenon indicates that these on-chain messages are not fabrications made by other hackers through brute-force cracking of private keys (Odaily Planet Daily notes: after all, few people would send so many messages and incur such high costs for on-chain communication unless absolutely necessary).
Current information indicates that LuBian mining pool may have used an algorithm that is vulnerable to brute-force attacks to generate its private keys, which became a point of exploitation for hackers.
On-chain information shows that addresses related to LuBian mining pool still hold 11,886 BTC, currently valued at $1.36 billion.
LuBian address asset information
On the other hand, on-chain information shows that the hackers involved in the LuBian theft still hold the stolen BTC, with their last on-chain activity being a wallet consolidation in July 2024.
LuBian hacker address asset information
At that time, the stolen assets of LuBian amounted to $3.5 billion, making it the largest hacking security incident in history.
Due to the continuous rise in Bitcoin prices since 2020, the 127,400 BTC stolen from LuBian is currently valued at approximately $14.5 billion. This asset has made the LuBian hacker the 13th largest individual holder of Bitcoin in Arkham's platform statistics, even surpassing the hacker from the Mt. Gox theft case that year.
Additionally, according to information from an article on the Compass Mining website, LuBian mining pool is suspected to have rebranded to Roadside Mining. Between May 2020 and February 2021, LuBian's mining operations seemed to be in full swing, with an average monthly block mining volume of 174. In the past year, it accumulated over 16,200 BTC, which, at the price peak in April 2021, was worth over $1 billion.
And now, the once-leading mining pool has ceased operations, leaving behind the history of this 'largest BTC theft in history' that has remained buried for 5 years, evoking a sense of regret.
