crypto for all
Join
A
A

LuBian Bitcoin Heist Revealed: $14.5B in BTC Stolen From Chinese Mining Pool

11h05 ▪ 3 min read ▪ by Gijs O.
Getting informed Bitcoin (BTC)

Blockchain intelligence firm Arkham has disclosed that 127,426 BTC, worth nearly $14.5 billion today, was quietly stolen from Chinese mining pool LuBian in late 2020. The heist, which had remained hidden from the public for almost four years, now ranks among the largest crypto thefts in history by current valuation.

Illustration of a hooded hacker holding stolen Bitcoin next to a laptop, surrounded by various crypto tokens, symbolizing a digital heist.

In Brief

  • Arkham Intelligence revealed that 127,426 BTC were stolen from Chinese mining pool LuBian in December 2020, making it one of the largest crypto thefts ever by value.
  • The attacker may have exploited a flaw in LuBian’s private key generation algorithm, allowing for a brute-force breach.
  • Despite the magnitude, the hack remained unknown until now. None of the stolen BTC has moved since July 2024, and LuBian has tried contacting the hacker via OP_RETURN messages.

Mysterious disappearance explained

LuBian emerged in April 2020, branding itself as “the safest high-yielding mining pool in the world.” Within months, it became the sixth-largest Bitcoin mining pool globally. But by February 2021, the platform vanished without warning. While many speculated that Chinese government pressure or an internal pivot had triggered the shutdown, Arkham’s findings point to a far more dramatic cause: a catastrophic hack.

According to Arkham, LuBian was first compromised on December 28, 2020, when over 90% of its Bitcoin holdings were drained. The next day, an additional $6 million in BTC and USDT was stolen from a LuBian wallet on Bitcoin’s Omni layer. At the time, the entire haul was worth about $3.5 billion, still more than any other single theft to date.

BTCUSDT chart by TradingView

How the exploit may have happened

Arkham researchers believe the attacker exploited a vulnerability in the algorithm LuBian used to generate private keys, making them susceptible to brute-force attacks. The analytics platform wrote:

It appears that LuBian was using an algorithm to generate its private keys that was susceptible to brute-force attacks.

Despite the theft, LuBian managed to preserve 11,886 BTC, currently worth about $1.35 billion, which it still controls.

What’s more surprising: the attacker has not moved any of the stolen Bitcoin since July 2024, suggesting either fear of being tracked or plans for a more covert liquidation strategy.

Start your crypto adventure safely with Kraken This link uses an affiliate program.

A plea through the blockchain

LuBian reached out directly to the attacker via Bitcoin’s OP_RETURN field, a method that embeds small messages into blockchain transactions. In two messages, the company appealed:

To the whitehat who is saving our asset, you can contact us… to discuss the return of asset and your reward.

This implies LuBian initially hoped the attacker may have been an ethical hacker willing to negotiate. So far, there’s been no public indication of any returned funds.

Maximize your Cointribune experience with our "Read to Earn" program! For every article you read, earn points and access exclusive rewards. Sign up now and start earning benefits.



Join the program
A
A
Gijs O. avatar
Gijs O.

I've been passionate about crypto for nearly a decade, ever since I was young and first became curious about investing. That early spark led me to years of research, writing, and exploring the future of decentralized tech.

DISCLAIMER

The views, thoughts, and opinions expressed in this article belong solely to the author, and should not be taken as investment advice. Do your own research before taking any investment decisions.