A previously undisclosed hack has emerged as the largest cryptocurrency theft in history, with Chinese mining pool LuBian losing 127,426 Bitcoin in December 2020. The stolen coins, worth approximately $3.5 billion at the time of the breach, now carry a staggering value of $14.5 billion at current market prices.
Neither LuBian nor the attackers have publicly acknowledged the massive security breach. Blockchain investigator Arkham first brought the scale of this theft to light through their analysis of on-chain data, revealing the extent of what was a carefully concealed operation.
BREAKING: ARKHAM UNCOVERS $3.5B HEIST – THE LARGEST EVER
LuBian was a Chinese mining pool with facilities in China & Iran. Based on analysis of on-chain data, it appears that 127,426 BTC was stolen from LuBian in December 2020, worth $3.5 billion at the time and now worth… pic.twitter.com/PnIOKgMt0i
— Arkham (@arkham) August 2, 2025
The Scale of LuBian’s Operations
During its peak in mid-2020, LuBian operated as one of the major players in Bitcoin mining, controlling nearly 6% of the network’s total computing power by May of that year. The mining pool maintained extensive operations across both China and Iran, positioning itself as a significant force in the global mining landscape.
The attack unfolded over several days in late December 2020. On December 28, hackers successfully drained more than 90% of LuBian’s Bitcoin holdings. The assault continued the following day when approximately $6 million worth of Bitcoin and USDT disappeared from a LuBian address operating on the Omni protocol.
By December 31, LuBian had moved its remaining funds into secured recovery wallets. In a desperate attempt to recover the stolen assets, the mining pool sent embedded OP_RETURN messages to each hacker’s address, pleading for the return of the stolen funds. These appeals cost LuBian 1.4 BTC across 1,516 transactions, suggesting the messages came from legitimate pool operators rather than opportunistic actors.
Technical Vulnerabilities and Current Status
Security experts point to weaknesses in LuBian’s key-generation methodology as the likely entry point for the attack. The mining pool’s algorithm appears to have been vulnerable to brute-force attacks, providing hackers with the opening they needed to execute the theft.
Despite the massive loss, LuBian managed to retain 11,886 BTC, currently valued at roughly $1.35 billion, which remains untouched in their wallets. The stolen funds have also remained largely dormant, with the only significant movement occurring in July 2024 when the hacker consolidated the coins into a single wallet.
Bitcoin’s price appreciation since 2020 has transformed the stolen cache into a $14.5 billion fortune. According to Arkham’s tracking, this positions the unknown perpetrator as the 13th-largest Bitcoin holder globally, surpassing even the Mt. Gox hacker’s holdings. For context, Bitcoin’s creator Satoshi Nakamoto is estimated to control over one million BTC from early mining activities, most of which has never been moved.
This theft surpasses the previous record held by the Bybit exchange hack in February 2025, where attackers made off with $1.5 billion worth of cryptocurrency. In that incident, approximately $1.46 billion in mETH and stETH tokens flowed to four Ethereum addresses, with portions immediately swapped on decentralized exchanges.
On-chain investigator ZachXBT initially spotted the suspicious activity from Bybit, while security firm Cyvers flagged unusual wallet behavior. The exchange claimed the incident resulted from hackers compromising a routine transfer between cold and hot wallets, maintaining that no internal systems were breached. Investigators identified five wallets connected to the attack and recommended that other platforms blacklist these addresses.
Implications for Market Confidence
The revelation of this previously hidden $14.5 billion theft may weaken investor confidence in cryptocurrency security infrastructure and highlight ongoing vulnerabilities in the digital asset ecosystem. Such large-scale breaches typically prompt increased scrutiny from regulators and could influence institutional adoption decisions in the near term.
Leave a comment