- In 2020, 127,426 BTC—then worth about $3.5 billion—were stolen from the LuBian mining pool.
- At current prices, the value of the stolen bitcoins is approximately $14.5 billion.
- According to Arkham, the theft was made possible by a vulnerability in LuBian's private key generation process.
The analytics company Arkham Intelligence said it has discovered the largest Bitcoin theft in history. According to experts, in 2020, the Chinese mining pool LuBian had 127,426 BTC stolen. At that time, the value was about $3.5 billion; at the current exchange rate, the stolen assets are worth over $14.5 billion.
According to Arkham, the attack occurred on December 28, 2020. The hacker withdrew over 90% of the pool’s assets before LuBian could transfer the remaining 11,886 BTC to backup wallets. Despite the scale of the incident, neither the pool nor the attackers disclosed information about the theft; details have only now come to light.
At the time, LuBian was one of the six largest Bitcoin mining pools. On its website, it called itself “the safest high-yield pool in the world.” In February 2021, however, the project suddenly disappeared, which was attributed at the time to government intervention or a transition to closed operations. Arkham now claims the theft was the true reason.
The company notes that LuBian used a private key generation algorithm that was vulnerable to brute-force attacks. This vulnerability may have been the primary vector for the hack. To try to contact the hacker, the pool sent 1,516 messages via the OP_RETURN field, spending about 1.4 BTC in the process.
“One message read, ‘To the white hat hacker who is saving our assets. Contact us to discuss a return and your reward.’” However, there was no response.
According to reports, the stolen bitcoins remain untouched, which has led some to believe the hacker may have been caught or is concerned that moving the funds will trigger investigations.
The LuBian theft was larger than other high-profile attacks and set a new record in the industry. Previously, the largest hack was considered to be the raid on the Bybit exchange, in which the platform lost $1.5 billion.
Arkham emphasizes that the LuBian case is a reminder of the need for strict security measures in the crypto industry. The company recommends using only reliable random number generators when creating private keys and employing multi-layered security to store digital assets.
