Bitcoin Theft in 2020 Exposed in 2025
In December 2020, one of the top ten Bitcoin mining pools globally—LuBian—suddenly "disappeared" from the internet. At that time, its hash rate accounted for nearly 6% of the entire network, but in two transactions, it withdrew over 127,000 BTC from its own wallet, equivalent to about $3.5 billion at the time.
The mining pool made no statements and did not issue any alerts to the public. For five years, this fund quietly "slept" on the blockchain, unnoticed, and the theft was almost completely covered up.
It wasn't until August 2025 that blockchain analysis company Arkham Intelligence restored the shocking truth behind this incident that occurred at the end of 2020 through in-depth on-chain data tracking.
How LuBian Mining Pool Concealed the Theft
According to Arkham's on-chain analysis, over 90% of LuBian's holdings were withdrawn in a single transaction on the same day, followed by a small amount of funds flowing out from wallets associated with the Omni Layer protocol. About 12,000 BTC remained in the original address, which LuBian then transferred to a newly created "recovery wallet," after which the mining pool completely ceased public operations.
With the skyrocketing price of Bitcoin, this stolen Bitcoin is now worth over $14.5 billion. Surprisingly, all funds never passed through mixing services or exchanges, leaving a very "clean" on-chain footprint, which is why it went unnoticed for so long.
The Rise and Fall of LuBian Mining Pool
LuBian rapidly rose in 2020, at one point occupying a spot among the top ten mining pools globally. Its network covered mainland China and parts of Iran, yet it always operated discreetly—its name "LuBian" (meaning "roadside" in Chinese) reflects its low-profile style.
In early 2021, the mining pool suddenly "went offline" after several months of block production, sparking speculation in the industry about tightening Chinese regulations and energy consumption limits, but no one suspected theft. It wasn't until Arkham revealed the truth that people realized it was due to the compromise of its internal private key system, leading LuBian to choose to remain silent after losing billions in miner earnings and reserves, effectively exiting the scene.
Arkham's Investigation and Technical Discoveries
Arkham Intelligence gradually restored the timeline of events through blockchain tracking, message embedding analysis, and private key generation forensics:
Large On-Chain Transfers
At the end of December 2020, two large BTC transactions were sent from LuBian-associated addresses, with the recipients being wallets that had never been active before, and no funds moved in or out thereafter.OPRETURN Ransom Microtransactions
Days after the theft, LuBian sent over 1,500 microtransactions to the hacker's address, each accompanied by OPRETURN formatted ransom messages, implying requests like "please return the funds" and "white hat cooperation reward." For this, approximately 1.4 BTC was paid in transaction fees, but no response was ever received.Address Clustering and Behavioral Differentiation
Arkham utilized address clustering technology to separate the mining pool's regular earnings addresses from the hacker's newly created fund aggregation addresses, thereby confirming the flow of funds and locking in the stolen stagnant balance.Fatal Vulnerability of Insufficient Private Key Entropy
The investigation also found that LuBian's wallet generated private keys using only 32 bits of entropy, with a random space of about 4 billion possibilities, far below modern cryptographic standards. Attackers could use moderate computing power to offline brute-force the private keys, and once successfully located, could quietly transfer away massive assets.
The Largest Cryptocurrency Theft Exceeding Mt. Gox
The value of this theft has surpassed the 2014 Mt. Gox incident (approximately 850,000 BTC, of which about 200,000 were recovered) and the 119,000 BTC stolen from Bitfinex in 2016. Subsequent events such as the 2021 Poly Network ($610 million), the 2022 Ronin Bridge ($625 million), and the FTX collapse ($400 million) cannot compare.
In February 2025, Bybit experienced a theft of $1.5 billion in assets, which was once referred to as the largest in history. However, Arkham's on-chain data confirmed that the balance of the LuBian hacker's wallet has exceeded the Mt. Gox-related clusters, ranking as the thirteenth largest Bitcoin holder globally.
Even more rare is the fact that this batch of funds has remained untouched to this day. Its "highly clean" on-chain status allowed the theft case to remain hidden for nearly five years. Had it not been for Arkham's revelation, it might have remained unnoticed.
免责声明:本文章仅代表作者个人观点,不代表本平台的立场和观点。本文章仅供信息分享,不构成对任何人的任何投资建议。用户与作者之间的任何争议,与本平台无关。如网页中刊载的文章或图片涉及侵权,请提供相关的权利证明和身份证明发送邮件到support@aicoin.com,本平台相关工作人员将会进行核查。
