Blockchain intelligence firm Arkham has revealed that the Chinese mining pool Lubian was the target of a sophisticated 2020 cyberattack in which hackers stole 127,426 bitcoin.
Largest Bitcoin Theft Ever? Chinese Mining Pool Hacker Now Ranks Among BTC Elite
WRITTEN BY
SHARE
A Timeline of the Attack
Blockchain intelligence firm Arkham has said their on-chain analysis points to the Chinese mining pool Lubian as the victim of a sophisticated cyberattack in December 2020 in which cybercriminals made off with 127,426 bitcoin ( BTC). While the stolen funds were valued at approximately $3.5 billion at the time, the top cryptocurrency’s subsequent price appreciation saw stolen digital funds skyrocket to approximately $14.5 billion, making this the largest heist ever.
With neither Lubian nor the perpetrators having publicly acknowledged the attack, Arkham’s report is the first public disclosure of the incident, the firm said. In an X post detailing an attack, the report notes Lubian was a major player in the cryptocurrency space at the time, with operating mining facilities in both China and Iran. It accounted for almost 6% of the Bitcoin network’s total hashrate.
However, on December 28, 2020, hackers breached Lubian systems and siphoned over 90% of its BTC holdings. A secondary theft took place the next day, with approximately $6 million in additional BTC and USDT being stolen from a Lubian address active on the Bitcoin Omni layer.
The Suspected Vulnerability and Aftermath
Immediately following the attacks, Lubian took action by moving the remaining funds into recovery wallets on December 31. Next, the Chinese mining pool made an attempt to communicate with the hackers by sending a series of OP_RETURN messages embedded in the blockchain. The messages, seen in screenshots provided by Arkham, were a plea for the return of the stolen funds. The mining pool spent 1.4 BTC across 1,516 different transactions to send these messages.
Arkham’s analysis, meanwhile, points to a possible vulnerability in Lubian’s security protocols as likely reason that allowed the attackers to succeed.
“It appears that LuBian was using an algorithm to generate its private keys that was susceptible to brute-force attacks. This may have been the vulnerability exploited by the hackers. LuBian preserved 11,886 BTC, currently worth $1.35B, which they still hold. The hacker also still holds the stolen BTC, with their last known movement being a wallet consolidation in July 2024,” Arkham explained in the report.
According to the report, the heist makes the Lubian hacker the 13th largest BTC holder on Arkham’s rich list, surpassing even the Mt. Gox hacker.
