聚币群

On December 29, 2020, a major hacking incident occurred at the LuBian mining pool, resulting in the theft of a total of 127272.06953176 bitcoins (worth about $3.5 billion at the time, now valued at $15 billion) by attackers. The holder of this massive amount of bitcoins is Chen Zhi, chairman of the Cambodian Prince Group. After the hacking incident, Chen Zhi and his Prince Group issued multiple messages on the blockchain in early 2021 and July 2022, calling out to the hackers, hoping that they would return the stolen bitcoins and were willing to pay a ransom, but received no response. Strangely, after this massive amount of bitcoins was stolen, it remained dormant in the attackers' controlled bitcoin wallet address for four years, with almost no movement, which clearly does not conform to the usual behavior of hackers eager to cash out for profit, but instead resembles a precision operation orchestrated by a 'nation-state hacker organization.' It wasn't until June 2024 that this batch of stolen bitcoins was transferred to a new bitcoin wallet address, and it has remained untouched since then. On October 14, 2025, the U.S. Department of Justice announced criminal charges against Chen Zhi, claiming the confiscation of 127,000 bitcoins from Chen Zhi and his Prince Group. Various pieces of evidence indicate that the massive bitcoins confiscated by the U.S. government were, in fact, the bitcoins stolen from the LuBian mining pool back in 2020 using technical means by hackers. In other words, the U.S. government may have already stolen the 127,000 bitcoins held by Chen Zhi as early as 2020 through hacking techniques, which represents a classic 'black eats black' incident orchestrated by a nation-state hacker organization. This report analyzes the key technical details of the incident from a technical perspective, focusing on the origins of the stolen bitcoins, reconstructing the complete attack timeline, and assessing the security mechanisms of bitcoin, hoping to provide valuable security insights for the cryptocurrency industry and users. I. Background of the Incident The LuBian mining pool was established in early 2020 and quickly rose to prominence as a bitcoin mining pool, primarily operating in China and Iran. In December 2020, the LuBian mining pool suffered a large-scale hacking attack, resulting in the theft of over 90% of its bitcoin holdings. The total amount stolen was 127272.06953176 BTC, which closely matches the 127271 BTC mentioned in the indictment by the U.S. Department of Justice. The operational model of the LuBian mining pool includes centralized storage and distribution of mining rewards. Bitcoin held in the pool addresses is not stored in regulated centralized exchanges but exists in non-custodial wallets. From a technical perspective, non-custodial wallets (also known as cold wallets or hardware wallets) are considered the ultimate safe haven for crypto assets, as they cannot be frozen by a legal order like exchange accounts; they are more like a bank vault that belongs only to the holder, with the key (private key) solely in the holder's hands. As a cryptocurrency, bitcoin’s on-chain address is used to identify the ownership and flow of bitcoin assets, and controlling the private key of an on-chain address allows complete control over the bitcoins in that address. According to reports from on-chain analysis organizations, the massive bitcoins controlled by the U.S. government and related to Chen Zhi highly overlap with the hacking incident at the LuBian mining pool. On-chain data records show that on December 29, 2020, Beijing time, there was an abnormal transfer from the core bitcoin wallet address of LuBian, with a total transfer amount of 127272.06953176 BTC, which closely matches the 127271 BTC mentioned in the indictment by the U.S. Department of Justice. After this batch of stolen bitcoins was abnormally transferred, it remained dormant until June 2024. Between June 22 and July 23, 2024, this batch of stolen bitcoins was once again transferred to a new on-chain address and has remained untouched since. The well-known blockchain tracking tool platform ARKHAM has marked these final addresses as held by the U.S. government. Currently, the U.S. government has not disclosed how it obtained the private key for Chen Zhi's massive bitcoin on-chain address. Figure 1: Key Activity Timeline II. Attack Link Analysis It is well-known that in the world of blockchain, random numbers are the cornerstone of cryptographic security. Bitcoin uses asymmetric cryptography, and the bitcoin private key is a 256-bit binary random number, with a theoretical cracking count of 2^256, which is nearly impossible. However, if this 256-bit binary private key is not completely randomly generated, for example, if 224 bits are generated with a predetermined pattern and only 32 bits are randomly generated, it greatly reduces the strength of the private key, allowing it to be brute-forced with only 2^32 (about 4.29 billion) attempts. For example, in September 2022, the British cryptocurrency market maker Wintermute was hacked for $160 million due to a similar pseudo-random number vulnerability. In August 2023, an overseas security research team named MilkSad first announced the discovery of a third-party key generation tool that had a pseudo-random number generator (PRNG) vulnerability and successfully applied for a CVE number (CVE-2023-39910). In the research report published by that team, it mentioned a similar vulnerability in the LuBian bitcoin mining pool, where all 25 bitcoin addresses mentioned in the indictment by the U.S. Department of Justice were included in the hacked LuBian bitcoin mining pool address. Figure 2: List of 25 Bitcoin Wallet Addresses in the U.S. Department of Justice Indictment As a non-custodial wallet system, the bitcoin wallet addresses on the LuBian mining pool rely on a custom private key generation algorithm for fund management, which did not adopt the recommended 256-bit binary random number standard, but rather relied on 32-bit binary random numbers, leading to a fatal flaw: a 'pseudo-random generator' Mersenne Twister (MT19937-32) that relies solely on timestamps or weak inputs as seeds, where the randomness of this pseudo-random number generator (PRNG) is equivalent to a 4-byte integer and can be efficiently exhausted in modern computing. Mathematically, the probability of cracking is 1/2^32; for example, assuming the attack script tests 10^6 keys per second, the cracking time would be about 4200 seconds (approximately 1.17 hours). In practice, optimization tools like Hashcat or custom scripts can speed this up further. The attackers exploited this vulnerability to steal the massive bitcoins from the LuBian mining pool. Figure 3: Comparison Table of LuBian Mining Pool and Industry Security Standards Through technical tracing, the complete timeline and related details of the LuBian mining pool hacking incident are as follows: 1. Theft Phase: On December 29, 2020, Beijing time, the incident: Hackers exploited the pseudo-random number vulnerability in the LuBian mining pool bitcoin wallet address private key generation to brute-force over 5,000 weak random wallet addresses (wallet type: P2WPKH-nested-in-P2SH, prefix 3). Within approximately 2 hours, about 127272.06953176 BTC (valued at approximately $3.5 billion at the time) was drained from these wallet addresses, leaving less than 200 BTC. All suspicious transactions shared the same transaction fee, indicating that the attack was executed by an automated batch transfer script. Sender: Group of weak random bitcoin wallet addresses from the LuBian mining pool (controlled by the LuBian mining operation entity, belonging to Chen Zhi's Prince Group); Receiver: Group of bitcoin wallet addresses controlled by the attackers (unpublished addresses); Transfer Path: Weak wallet address group → Attackers' wallet address group; Correlation Analysis: The total amount stolen was 127272.06953176 BTC, which closely matches the 127271 BTC mentioned in the indictment by the U.S. Department of Justice. 2. Dormant Phase: From December 30, 2020, to June 22, 2024, Beijing time, the incident: This batch of bitcoins remained in the attackers' controlled bitcoin wallet addresses for nearly 4 years after being stolen through the pseudo-random number vulnerability, remaining dormant with only a fraction of dust transactions possibly used for testing. Correlation Analysis: This batch of bitcoins remained almost completely untouched until taken over by the U.S. government on June 22, 2024, which clearly does not conform to the usual behavior of hackers eager to cash out for profit, but rather resembles a precise operation orchestrated by a nation-state hacker organization. 3. Recovery Attempt Phase: In early 2021 and on July 4 and 26, 2022, the incident: After the bitcoins were stolen and during the dormant period, in early 2021, the LuBian mining pool sent over 1,500 messages (costing about 1.4 BTC in fees) embedded in the blockchain data area via Bitcoin OP_RETURN, pleading with the hackers to return the funds. Example message: “Please return our funds, we'll pay a reward.” On July 4 and 26, 2022, the LuBian mining pool again sent messages via Bitcoin OP_RETURN, example message: “MSG from LB. To the whitehat who is saving our asset, you can contact us through [email protected] to discuss the return of asset and your reward.” Sender: LuBian weak random bitcoin wallet addresses (controlled by the LuBian mining operation entity, belonging to Chen Zhi's Prince Group); Receiver: Group of bitcoin wallet addresses controlled by the attackers; Transfer Path: Weak wallet address group → Attackers' wallet address group; Small transactions embedded OP_RETURN; Correlation Analysis: After the theft incident, these messages confirm that the LuBian mining pool as the sender made multiple attempts to contact 'third-party hackers' to request the return of assets and discuss ransom matters. 4. Activation and Transfer Phase: Between June 22 and July 23, 2024, the incident: The bitcoins in the attackers' controlled wallet address group were activated from their dormant state and transferred to the final bitcoin wallet address. The final wallet address was marked by the well-known U.S. blockchain tracking tool platform ARKHAM as held by the U.S. government. Sender: Group of bitcoin wallet addresses controlled by the attackers; Receiver: New consolidated final wallet address group (unpublished, but confirmed to be controlled by the U.S. government); Transfer Path: Attackers' controlled wallet address group → U.S. government controlled wallet address group; Correlation Analysis: This batch of massively stolen bitcoins, which remained dormant for 4 years with almost no movement, was ultimately controlled by the U.S. government. 5. Announcement of Seizure Phase: On October 14, 2025, U.S. local time: The U.S. Department of Justice issued an announcement, announcing charges against Chen Zhi and 'confiscating' the 127,000 bitcoins he held. At the same time, through the blockchain's public mechanism, all bitcoin transaction records are publicly traceable. Therefore, this report traces the source of the massive bitcoins stolen from the LuBian weak random bitcoin wallet addresses (controlled by the LuBian mining operation entity, possibly belonging to Chen Zhi's Prince Group), with a total number of stolen bitcoins amounting to 127272.06953176, sourced from: independent 'mining' of about 17,800, mining pool salary income of about 2,300, and 107,100 from exchanges and other channels. The preliminary results indicate discrepancies with the U.S. Department of Justice's indictment that all sources came from illegal income. III. Vulnerability Technical Details Analysis 1. Private Key Generation for Bitcoin Wallet Addresses: The core of the LuBian mining pool vulnerability lies in its private key generator using a defect similar to the 'MilkSad' in Libbitcoin Explorer. Specifically, the system uses the Mersenne Twister (MT19937-32) pseudo-random number generator, initialized with only a 32-bit seed, resulting in effective entropy of only 32 bits. This PRNG is not cryptographically secure (non-cryptographic), making it easy to predict and reverse engineer. Attackers can enumerate all possible 32-bit seeds (0 to 2^32-1), generate the corresponding private keys, and check if they match the known wallet address's public key hash. In the bitcoin ecosystem, the usual private key generation process is: random seed → SHA-256 hash → ECDSA private key. The implementation of the LuBian mining pool's basic library may be based on custom code or open-source libraries (like Libbitcoin) but neglected the security of entropy. The similarity to the MilkSad vulnerability lies in that the 'bx seed' command in Libbitcoin Explorer also uses the MT19937-32 random number generator, relying solely on timestamps or weak inputs as seeds, resulting in private keys vulnerable to brute force. In the LuBian attack incident, over 5,000 wallets were affected, indicating that the vulnerability is systemic and may originate from code reuse when generating wallets in bulk. 2. Simulated Attack Process: (1) Identify target wallet addresses (monitor LuBian mining pool activities on-chain); (2) Enumerate 32-bit seeds: for seed in 0 to 4294967295; (3) Generate private key: private_key = SHA256(seed); (4) Derive public key and address: calculate using ECDSA SECP256k1 curve; (5) Match: If the derived address matches the target, use the private key to sign transactions to steal funds; Compared to similar vulnerabilities: This vulnerability is similar to the 32-bit entropy defect of Trust Wallet, which previously led to large-scale bitcoin wallet address cracking; the 'MilkSad' vulnerability in Libbitcoin Explorer also exposed private keys due to low entropy. These cases stem from legacy issues in early codebases that did not adopt the BIP-39 standard (12-24 word seed phrases, providing high entropy). The LuBian mining pool may have used a custom algorithm aimed at simplifying management but neglected security. Defense Gaps: The LuBian mining pool did not implement multi-signature (multisig), hardware wallets, or hierarchical deterministic wallets (HD wallets), all of which could enhance security. On-chain data shows that the attack covered multiple wallets, indicating a systemic vulnerability rather than a single point of failure. 3. On-chain Evidence and Recovery Attempts: OP_RETURN Messages: The LuBian mining pool sent over 1,500 messages through Bitcoin's OP_RETURN function, costing 1.4 BTC, pleading for the attackers to return funds. These messages embedded in the blockchain prove to be genuine owner behavior rather than forgery. Example messages include 'Please return our funds' or similar requests, spread across multiple transactions. 4. Attack Correlation Analysis: The U.S. Department of Justice's criminal indictment against Chen Zhi (case number 1:25-cr-00416) listed 25 bitcoin wallet addresses that held approximately 127,271 BTC, valued at about $15 billion, and have been seized. Through blockchain analysis and examination of official documents, these addresses are highly related to the LuBian mining pool hacking incident: Direct Correlation: Blockchain analysis shows that the 25 addresses in the U.S. Department of Justice's indictment are indeed the final holding addresses of bitcoins stolen in the 2020 attack on the LuBian mining pool. Elliptic's report points out that these bitcoins were 'stolen' from the LuBian mining pool's mining operations in 2020. Arkham Intelligence confirms that the funds seized by the U.S. Department of Justice directly stem from the LuBian mining pool theft incident. Indictment Evidence Correlation: Although the U.S. Department of Justice's indictment does not directly name the 'LuBian hack,' it mentions that the funds originated from 'the stolen attacks on Iranian and Chinese bitcoin mining businesses,' which aligns with the on-chain analysis from Elliptic and Arkham Intelligence. Attack Behavior Correlation: In terms of attack methods, the massive bitcoins from the LuBian mining pool were technically stolen in 2020 and remained dormant for 4 years, with only a fraction of dust transactions occurring during this time, until almost completely untouched until the U.S. government took full control in 2024. This behavior does not conform to the typical nature of hackers eager to cash out for profit, resembling a precision operation orchestrated by a nation-state hacker organization. Analysis suggests that the U.S. government may have already controlled this batch of bitcoins as early as December 2020. IV. Impact and Recommendations The impact of the LuBian mining pool hacking incident in 2020 is profound, leading to the actual dissolution of the mining pool, with losses amounting to over 90% of its total assets at the time, while the current value of the stolen bitcoins has risen to $15 billion, highlighting the amplified risks of price volatility. The LuBian mining pool incident exposed systemic risks in random number generation within the cryptocurrency toolchain. To prevent similar vulnerabilities, the blockchain industry should use cryptographically secure pseudo-random number generators (CSPRNG); implement multi-layer defenses, including multi-signatures (multisig), cold storage, and regular audits, avoiding custom private key generation algorithms; mining pools should integrate real-time on-chain monitoring and anomaly transfer alert systems. Ordinary users, in terms of protection, should avoid using unverified key generation modules from the open-source community. This incident also reminds us that even with the high transparency of blockchain, weak security foundations can still lead to catastrophic consequences. It also reflects the importance of cybersecurity in the future development of the digital economy and digital currency.