Arkham’s public entity page lists the “Lubian Hacker” and tracks roughly 127,426 BTC attributed to an exploit of Lubian.com, a China-linked mining pool, with the transfers dated to late 2020. Arkham first published its investigation in August, calling it a theft that went undetected for years and now measures in the tens of billions of dollars at current prices.
That clustering is notable because the Milky Sad disclosure—published in 2023—documented a catastrophic flaw in Libbitcoin Explorer (bx): it used a Mersenne Twister pseudo-random number generator for wallet seed creation, producing predictably weak keys. Attackers could reconstruct seeds from limited entropy and drain funds. The issue is cataloged as CVE-2023-39910.
In a post on Tuesday, onchain investigator ZachXBT drew attention to the overlap, writing that addresses listed in the U.S. government’s 127K- BTC matter had previously appeared in a Milky Sad report—and adding, with characteristic caution:
“Likely either someone hacked these for the USG or the USG did themselves.”
Arkham’s August report does not claim government attribution; rather, it reconstructs flows that point to Lubian.com-controlled wallets being emptied in December 2020 and consolidated by an unknown actor. Separately, media coverage has echoed Arkham’s timeline and scale, noting that Lubian’s team never publicly acknowledged the loss even as onchain pleas appeared after the funds moved.
Lubian.com itself still holds 11,886 BTC worth $1.35 billion.
The Milky Sad team’s own write-up describes how bx’s 32-bit entropy made brute-forcing practical, a real-world failure that led to multi-chain thefts and subsequent outreach to law enforcement to limit further damage. In an X post published Tuesday, Arkham explained how U.S. law enforcement tied Lubian to allegedly being funded by profits leveraged from criminal acts.
“The DOJ doesn’t specify how the bitcoin came into U.S. custody, leaving open whether the keys were compromised, surrendered, or if the 2020 ‘hack’ was actually a covert U.S. operation,” Arkham further explained on social media. “The bitcoin was moved one more time, in June-July 2024. The court filing mentions an incident involving ‘one finance personnel’ who had ‘fled with [funds]’ and ‘tried to hide.’ This is possibly related to the July 2024 BTC movements.”
That technical backdrop is what makes the Lubian.com link stand out in the current U.S. forfeiture push: the wallets under scrutiny align with an address set long associated in public research with the weak-key incident.
While separate reporting has tied the 127,271 BTC to broader criminal probes, today’s newsworthiness for crypto circles is the Milky Sad connection itself: Arkham’s “LuBian.com Hacker” labeling is public, and a prominent sleuth like ZachXBT is pointing back to that dataset as the government advances its case. The question of who ultimately controlled the keys at each step remains open.
- What is Milky Sad? A 2023 disclosure showed Libbitcoin Explorer used weak randomness, enabling attackers to reconstruct wallet seeds and steal funds.
- Why is Lubian.com relevant? Arkham attributes a late-2020, 127K- BTC drain to wallets linked to the Lubian.com mining pool, labeled as the “Lubian.com Hacker.”
- What did ZachXBT say? He noted that addresses in the U.S. 127K- BTC action match Milky Sad-referenced wallets and floated competing hypotheses about how the coins were obtained.
- What’s confirmed vs. conjecture? Arkham’s labels and Milky Sad’s technical flaw are documented; who held or moved the keys at each stage has not been publicly established.
免责声明:本文章仅代表作者个人观点,不代表本平台的立场和观点。本文章仅供信息分享,不构成对任何人的任何投资建议。用户与作者之间的任何争议,与本平台无关。如网页中刊载的文章或图片涉及侵权,请提供相关的权利证明和身份证明发送邮件到support@aicoin.com,本平台相关工作人员将会进行核查。
