The hack went unnoticed for years. Neither LuBian nor the attacker disclosed the breach. Arkham's investigation and revelation mark the first public acknowledgment. Their data shows that over 90% of LuBian's BTC was depleted in a short time.
On-chain data shows that the first major breach occurred on December 28, 2020. The next day, another 6 million dollars in Bitcoin had disappeared.
The value of the stolen Bitcoin amounted to 3.5 billion dollars at that time. At the current price of Bitcoin, the stolen BTC is worth over 14.5 billion dollars.
After the Bitcoin hack, LuBian tried to contact the thief through Bitcoin's OP_RETURN function. They sent 1.4 BTC in 1516 messages, requesting the hacker to return the funds and offering a reward.
According to Arkham's investigation, the main cause of the exploit was the generation of weak private keys. LuBian's algorithms were likely vulnerable to brute-force attacks.
One of the reports that analyzed the Bitcoin hack at Lubian attributed it to an issue with the company's Trust Wallet code. This code is based on 32-bit entropy and has been the target of attacks in the past. This method had already been applied in previous cases of thousands of hacked wallets.
Despite the breach, LuBian managed to preserve 11,886 BTC, currently valued at approximately 1.35 billion dollars. However, the stolen funds place him as the thirteenth largest holder of BTC tracked by Arkham, even ahead of the infamous Mt. Gox hacker.
Before the latest revelation about the Bitcoin hack at Lubian, the exploit at Bybit was the largest. The cryptocurrency platform lost over $1.4 billion in ETH at the hands of malicious actors.
Arkham's data visualization shows how the stolen Bitcoin moved between hundreds of wallets. The magnitude and secrecy of the breach have shocked the crypto community.
LuBian was one of the largest mining pools of 2020, operating from China and Iran. At that time, it controlled nearly 6% of the Bitcoin network's hash rate.
