Written by: Arkham
Translated by: Wenser, Odaily
Editor's Note: In the current volatile and downward cryptocurrency market, the on-chain data platform Arkham recently published a long article revealing a hacking incident that can be considered the "largest BTC theft in history," involving the well-known BTC mining pool LuBian. The platform once controlled 6% of the total computing power of the Bitcoin network but was hacked in December 2020, losing over 127,000 BTC, currently valued at approximately $14.5 billion. Odaily will organize this hacking event that has been sealed for nearly 5 years for readers' reference.
Largest BTC Theft in History: Over 127,000 BTC, Currently Worth $14.5 Billion
Recently, the on-chain data platform Arkham disclosed that the "largest BTC theft in history" has surfaced—involving the LuBian mining pool.
According to information, the mining pool's main mining equipment was deployed in China and Iran. Based on on-chain data analysis, in December 2020, 127,426 BTC were stolen from the LuBian mining pool, with the assets valued at $3.5 billion at the time and now worth approximately $14.5 billion. As of the time of writing, neither LuBian nor the hacker in this theft case has publicly acknowledged the cyber attack.
On-chain Data Analysis Diagram
Details of the "LuBian BTC Theft Case" are as follows:
In 2020, as one of the world's largest BTC mining pools, LuBian officially began operations, with reports suggesting it was established and managed by Chinese miners as a private pool. According to Glassnode data, the pool started mining in March 2020; BTC.com shows that the Lubian pool first produced a block in April 2020. By May 2020, it almost controlled 6% of the total computing power of the Bitcoin network. However, after block 672,636 on February 28, 2021, the pool's mining activities ceased.
LuBian Mining Pool Ranking Once Placed in Top 10
Monthly Blocks Mined by Lubian.com
On December 28, 2020, the LuBian mining pool was first hacked, with over 90% of its bitcoins stolen.
On December 29, 2020, approximately $6 million worth of Bitcoin and USDT were stolen again from an active address on the Bitcoin Omni layer belonging to Lubian.
On December 31, 2020, LuBian transferred the remaining funds to other wallets.
On-chain Message from LuBian to the Hacker
From the screenshots, it can be seen that all hacker addresses received an OP_RETURN on-chain message from LuBian, pleading with the hacker to return the stolen funds.
According to on-chain information, LuBian sent these messages through 1,516 transactions, spending 1.4 BTC, which indicates that these on-chain messages were not forged by other hackers through brute-force private key cracking (Odaily note: after all, few would send so many messages and incur such high costs for on-chain communication unless desperate).
Current information suggests that the LuBian mining pool may have used an algorithm vulnerable to brute-force attacks for generating its private keys, which became the exploit used by the hacker.
On-chain information shows that LuBian mining pool-related addresses still hold 11,886 BTC, currently valued at $1.36 billion.
LuBian Address Asset Information
On the other hand, on-chain information indicates that the hacker in the LuBian theft still holds the stolen BTC, with their last on-chain activity being a wallet consolidation in July 2024.
LuBian Hacker Address Asset Information
At the time, the stolen assets from LuBian were worth $3.5 billion, making it the largest hacking security incident in history.
Due to the continuous rise in Bitcoin prices since 2020, the 127,400 BTC stolen from LuBian is currently worth around $14.5 billion. These assets have made the LuBian hacker the 13th largest Bitcoin holder on the Arkham platform, even surpassing the hacker from the Mt. Gox theft.
Additionally, according to an article on the Compass Minging website, the LuBian mining pool seems to have been rebranded as Roadside Mining. Between May 2020 and February 2021, the LuBian mining pool appeared to be operating at full speed, with an average monthly block mining volume of 174. During its mining in the past year, it accumulated over 16,200 BTC, which at the price peak in April 2021 was worth over $1 billion.
Now, the once-top mining pool has stopped operating, leaving behind this 5-year-old "largest BTC theft in history," evoking sighs of emotion.
