Key Takeaways
The 2020 LuBian Bitcoin heist has been revealed as the largest hack in crypto history, with 127,426 BTC stolen, worth approximately $14.5 billion at the time of writing.
A long-unsolved mystery in the crypto world has just been brought to mainstream attention.
Blockchain sleuths at Arkham Intelligence have revealed that LuBian, a Chinese Bitcoin [BTC] mining pool, was the victim of a colossal hack back in December 2020, which saw 127,426 BTC vanish without a trace.
At the time, the stolen coins were worth $3.5 billion, which is an absurdly high amount to begin with.
But with Bitcoin’s meteoric rise in the following years, the coins’ value soared to a staggering $14.5 billion, officially marking it as the largest crypto heist in history.
Arkham Intelligence uncovers the scam
Arkham Intelligence uncovered that hackers breached LuBian, which was once the sixth-largest Bitcoin mining pool, on the 28th of December 2020, and stole approximately 127,426 BTC.
Yet for years, neither LuBian nor the attacker disclosed the incident, keeping it entirely under wraps.
In fact, hackers reportedly drained about 90% of LuBian’s funds before the pool managed to secure the remaining 11,886 BTC in recovery wallets, dealing a massive hit to the pool’s treasury.
But, it didn’t stop there. The next day, the breach further escalated, with another $6 million in BTC and USDT going out of LuBian’s wallets.
In an attempt to negotiate, LuBian spent 1.4 BTC across 1,516 transactions to send messages to hackers, pleading with them to return the stolen funds and offering a reward, but their attempts were to no avail.
Arkham traced the exploit back to weak private key generation, which likely made LuBian’s wallets susceptible to brute-force attacks.
Crypto weaknesses, exposed
The LuBian hack has now eclipsed all previous crypto thefts, even surpassing February’s $1.5 billion ByBit breach, which was earlier dubbed as the largest in history.
Though unlike ByBit, whose loss was traced back to a compromised developer machine, LuBian’s vulnerability reportedly stemmed from flawed Trust Wallet code that relied on weak 32-bit entropy, a method already exploited in past wallet breaches.
Remarkably, the hacker has left the stolen Bitcoin untouched, consolidating it into a single wallet as recently as July 2024.
At $14.5 billion in value, the stash makes the perpetrator the 13th-largest BTC holder, ranking above even the infamous Mt. Gox hacker.
The scale of the LuBian exploit reflects not only critical gaps in wallet security, but also how such breaches can send shockwaves across the industry.
Therefore, as scrutiny intensifies across both corporate and individual actors in crypto, the LuBian incident stands as a stark reminder of the ecosystem’s fragility, both technical and reputational.
