A staggering revelation from blockchain intelligence firm Arkham Intelligence has brought to light what appears to be the biggest bitcoin theft in history—and why nearly $14.5 billion worth of stolen coins from a Chinese mining pool remain untouched more than four years later.
Inside the Heist: What Really Happened
In late December 2020, LuBian—a relatively unknown Chinese mining pool with operations in China and Iran—lost 127,426 BTC (valued at approximately $3.5 billion at the time) to a cyberattack. Arkham’s on chain tracing confirms the funds were drained in a single day, representing over 90 percent of LuBian’s bitcoin reserves.
One day later, a linked wallet lost roughly $6 million worth of BTC and USDT via the Bitcoin Omni layer—suggesting additional compromise beyond LuBian’s core wallets.
By December 31, LuBian had moved its remaining 11,886 BTC (then valued at about $1.3 billion) into separate “recovery” wallets, though no public disclosure of the breach ever occurred.
Recovery Attempts and Communication via the Blockchain
Unwilling to remain silent, the LuBian operators resorted to an unusual tactic: embedding 1,516 messages directly into transactions using Bitcoin’s OP_RETURN feature—costing about 1.4 BTC overall—to appeal to the hacker for a return of funds, possibly offering a reward. This forensic trail strongly supports Arkham’s conclusion that LuBian took these steps after the hack.
However, none of the messages prompted a response, and the majority of bitcoins have remained frozen ever since.
Why Haven’t the Hacker Moved the Funds?
By mid 2025, Bitcoin’s value had risen sharply—making the stolen stash now worth approximately $14.5 billion, according to Arkham’s valuation. Those coins have not been spent or transferred since a wallet consolidation in July 2024.
Because of this idle behavior, Arkham ranks the wallet as the 13th largest BTC holder on the chain—surpassing even balances linked to the Mt. Gox hack in terms of size.
Security experts speculate the hacker may be deliberately cautious—aware that any on chain movement could trigger law enforcement scrutiny, sanctions, or crypto tracking protocols.
What Enabled the Breach: A Critical Key Generation Flaw
Arkham’s team points to a key vulnerability: LuBian reportedly used a weak private key generation algorithm, which was vulnerable to brute force attacks—making it possible to systematically guess keys over time and gain access to funds.
With mining pools requiring high uptime, such cryptographic shortcuts may have seemed practical at the time—but in hindsight proved catastrophic.
LuBian’s Disappearance and Broader Crypto Lessons
Notably, by March 1, 2021, LuBian’s mining operations had ceased entirely—its final recorded block being number 672,636—a date uncovered by blockchain observers using mempool.space data. This sudden exit, in the absence of any public statement, aligned with China and Iran’s crypto crackdowns earlier that year. By September 2021, Beijing had labeled crypto mining as “obsolete” and imposed a nationwide ban on both mining and trading.
For the global crypto community, the LuBian heist underlines the paramount importance of proper private key generation, layered security protocols, and the risks of operating in secrecy. Arkham’s findings serve not only as a forensic breakthrough but a wake up call: even large, influential crypto players can be undone by overlooked vulnerabilities.
In a land of silent wallets and disappeared miners, the case of LuBian reminds us that bitcoin’s blockchain never forgets—and time only magnifies the cost of mistakes.
