A recent investigation by blockchain analytics firm Arkham Intelligence has brought to light what it calls the largest cryptocurrency theft in history, an incident that occurred in late 2020 but was never publicly reported. According to Arkham, a little-known Chinese mining pool called LuBian was the victim of a sophisticated hack that resulted in the loss of 127,426 BTC, worth an estimated $3.5 billion at the time. Despite the massive scale of the theft, both the LuBian team and the alleged hacker have remained silent on the matter for five years. This unprecedented breach, if confirmed, would surpass the value of other infamous crypto heists like those from Mt. Gox and Bitfinex.
Arkham’s analysis provides a detailed timeline of the events.
The firm’s on-chain data shows that on December 28, 2020, over 90% of LuBian’s Bitcoin holdings were drained from their wallets. This initial theft was followed two days later by a smaller but separate incident, involving approximately $6 million in BTC and USDT. In the immediate aftermath, LuBian appears to have recognized the compromise, as it quickly moved its remaining 11,886 BTC into recovery wallets by the end of December 2020. This swift action to secure their remaining assets suggests the company was aware of the ongoing security vulnerability.
A unique and compelling piece of evidence supporting Arkham’s findings is the presence of special messages embedded in the Bitcoin blockchain. The analysis shows that LuBian spent 1.4 BTC across more than 1,500 transactions to send OP_RETURN messages to the hacker’s wallet. These on-chain pleas were a clear attempt to contact the thief and persuade them to return the stolen funds. According to Arkham, this highly unusual and persistent effort indicates the messages were genuine and originated from the rightful owner of the wallet, adding weight to the claim that the funds were indeed stolen.
Arkham’s investigation also offers a potential explanation for the security breach.
The firm theorizes that the vulnerability stemmed from LuBian’s use of a flawed private key generation algorithm, which could have made it susceptible to a brute-force attack. Such a flaw would have exposed critical security weaknesses in early cryptocurrency mining infrastructure. The stolen Bitcoin has remained largely untouched since the incident, with the last significant movement being a wallet consolidation in July 2024. The current value of the assets has skyrocketed since the theft, now estimated at a staggering $14.5 billion due to Bitcoin’s price appreciation.
This massive sum places the hacker’s wallet as the 13th largest BTC holder tracked by Arkham, surpassing the holdings linked to the infamous Mt. Gox breach. As of today, Arkham believes both the hacker and LuBian still control their respective Bitcoin balances, and the firm has published wallet trackers for both parties. While the identities of those involved remain undisclosed, the discovery by Arkham Intelligence sheds light on a major historical event in the crypto world and highlights the significant and long-lasting consequences of security vulnerabilities in early cryptocurrency infrastructure.
Reference:
