The largest cryptocurrency hack ever recorded involved the theft of 127,426 BTC from Chinese mining pool LuBian in December 2020.
The stolen Bitcoin was worth approximately $3.5 billion at the time of the theft and has since appreciated to an estimated $14.5 billion at current market valuations.
The revelation comes nearly five years after the incident, with neither LuBian nor the perpetrators having publicly acknowledged the massive security breach.
Key Takeaways
1. 127,426 BTC stolen ($3.5B in 2020, now $14.5B) - biggest hack ever.
2. Weak private key algorithm allowed brute-force attacks on wallets.
3. Hacker retains all stolen funds.
According to Arkham’s on-chain analysis, the hack occurred on December 28, 2020, when over 90% of LuBian’s Bitcoin holdings were systematically drained from their wallets.
Sophisticated Attack Exploited Cryptographic Vulnerabilities
The investigation reveals that the attackers likely exploited a fundamental weakness in LuBian’s private key generation algorithm, making their wallets susceptible to brute-force attacks.
Private keys, which are cryptographic codes that provide access to Bitcoin wallets, appear to have been generated using predictable patterns that allowed hackers to guess the correct combinations systematically.
Following the initial theft on December 28, the attackers returned on December 29 to steal an additional $6 million worth of Bitcoin and USDT tokens from a LuBian address operating on the Bitcoin Omni Layer, a protocol that enables smart contracts and additional token types on the Bitcoin blockchain.
LuBian’s response to the hack demonstrates the desperation of the situation. The mining pool spent 1.4 BTC across 1,516 separate transactions to send OP_RETURN messages to the hacker’s addresses, pleading for the return of their stolen funds.
OP_RETURN is a Bitcoin transaction output type that allows users to embed small amounts of data directly into the blockchain, creating permanent, immutable messages.
Despite the massive theft, LuBian managed to preserve 11,886 BTC (currently worth approximately $1.35 billion) by quickly rotating its remaining funds to recovery wallets on December 31, 2020.
The mining pool, which controlled nearly 6% of Bitcoin’s total hash rate in May 2020, making it one of the world’s largest mining operations, has maintained control of these recovered assets.
The stolen Bitcoin remains in the hacker’s possession, with the most recent activity being a wallet consolidation in July 2024. This process involves combining multiple wallet addresses to manage large cryptocurrency holdings better.
The perpetrator now ranks as the 13th largest Bitcoin holder tracked by Arkham Intelligence, surpassing even the infamous Mt. Gox hacker.
The LuBian hack highlights ongoing security challenges in the cryptocurrency mining industry, particularly around cryptographic key management and wallet infrastructure security.
As Bitcoin’s value has appreciated by over 314% since the 2020 theft, the financial impact continues to grow, making this case a stark reminder of the permanent nature of blockchain-based thefts and the critical importance of robust security protocols in cryptocurrency operations.
Integrate ANY.RUN TI Lookup with your SIEM or SOAR To Analyses Advanced Threats -> Try 50 Free Trial Searches
