- Flaws in LuBian’s encryption let a hacker steal 127,000 Bitcoins undetected.
- A standard gaming PC and some time were all it took to compromise a crypto platform once hailed as secure.
- Over 5,000 digital wallets were accessed, and billions vanished without raising any alarms.
What began as a quiet entry into a major cryptocurrency mining operation has since become known as the biggest digital currency theft ever recorded.
LuBian, a once-prominent player in the Bitcoin mining sector, experienced the loss of over 127,000 Bitcoins back in 2020.
The security lapse went unnoticed until 2025, when Arkham Intelligence discovered a stunning $14.5 billion worth of stolen digital assets that had remained untouched and hidden for half a decade.
A Major Crypto Theft Comes to Light
This massive theft surpasses even the well-known Mt. Gox situation from the early 2010s. While Mt. Gox involved a greater number of Bitcoins, the significantly lower value of Bitcoin at that time meant a smaller overall financial hit.
In comparison, the LuBian security breach, originally valued around $3.5 billion, has since surged to $14.5 billion because of the increased value of Bitcoin.
Despite the years that have passed, the perpetrator has kept all the stolen funds, showing no signs of any large-scale transfer or spending.
Arkham’s findings suggest that the LuBian incident likely stemmed from a basic flaw in the platform’s security setup.
The generation of private keys reportedly relied on a mere 32 bits of entropy, a dangerously inadequate level by cryptographic standards. This allowed the hacker to perform brute-force attacks using a common gaming computer and plenty of time.
Effectively, major digital assets were protected by something akin to a flimsy lock.
The attacker, who reportedly accessed over 5,000 wallets, exploited this weakness to gain access to and steal nearly all of LuBian’s Bitcoin holdings.
The mining operation itself disappeared from the network in 2021, only a few months after the theft happened.
LuBian had once boasted of being the “most secure high-earning mining pool,” a claim now severely undermined by its devastating failure.
This event draws attention to the broader issue of digital security practices within crypto infrastructure.
Using comprehensive internet security, strong encryption techniques, and advanced firewall defense systems should be essential. Yet, even among leading crypto firms, crucial oversights remain surprisingly common.
The delayed disclosure of the breach until 2025 also raises concerns about other similar security breaches that may have gone undetected.
While the perpetrator has been apprehended, the LuBian situation serves as a sobering reminder of the consequences when digital security is weak.
It also highlights how easily identity theft and systemic weaknesses can combine within the largely unregulated cryptocurrency ecosystem.
Via Toms Hardware