A digital currency wallet linked to a relatively obscure Chinese cryptocurrency mining operation may have suffered what researchers are calling the biggest Bitcoin theft ever observed, according to analysis provided by Arkham Intelligence.
In a detailed report published on X (formerly Twitter) on August 2nd, the blockchain analytics firm stated it had uncovered evidence suggesting that a massive 127,426 BTC – valued at $3.5 billion at the time – was illicitly taken from the LuBian Mining Pool in late December of 2020. Neither LuBian nor the individual or group suspected of perpetrating the digital heist has publicly acknowledged the incident. Arkham claims to be the first organization to report this potential security breach.
In 2020, LuBian was reportedly a major player in Bitcoin mining, allegedly controlling nearly 6% of the total Bitcoin network’s computing power as of May of that year. If confirmed, the scale of the potential theft would dwarf even infamous incidents like the Mt. Gox and Bitfinex compromises, based on the monetary value at the time of the respective losses.
Arkham’s data analysis shows that on December 28, 2020, over 90% of LuBian’s Bitcoin holdings were moved out of the wallet. Two days later, another unauthorized transfer occurred, involving approximately $6 million worth of BTC and USDT, which was traced back to a LuBian address operating on the Bitcoin Omni layer. The mining operation then apparently transferred its remaining 11,886 BTC – then worth hundreds of millions of dollars – into designated recovery wallets by December 31, 2020.
An interesting component of Arkham’s findings centers around the presence of OP_RETURN messages – specialized transactions designed to permit the embedding of data into the Bitcoin blockchain – that were sent from LuBian to the suspected hacker. Arkham’s researchers indicate the mining pool spent 1.4 BTC across over 1,500 individual transactions in an attempt to communicate with the digital thief, imploring them to return the stolen funds. This action strongly suggests the messages were authentic and sent by the legitimate owner of the compromised wallet.
Arkham speculates that the underlying vulnerability may have originated from LuBian’s employment of a flawed private key generation process, which potentially made the wallet susceptible to brute-force attacks. The stolen Bitcoin has, for the most part, remained untouched, with the most recent significant activity being a wallet consolidation conducted in July of 2024.
Given the dramatic increase in Bitcoin’s price since 2020, the current estimated value of the stolen cryptocurrency is roughly $14.5 billion. This valuation places the wallet associated with the alleged LuBian hacker as the 13th-largest Bitcoin holder tracked by Arkham – surpassing even the holdings tied to the Mt. Gox breach.
Currently, both the suspected hacker and the LuBian operation are believed to retain control over their respective Bitcoin holdings. Arkham has released wallet trackers for both entities, but no further information regarding the identities of the individuals or organizations involved has been disclosed.