A 2020 Bitcoin theft targeting China’s LuBian Mining Pool has resurfaced, with Arkham Intelligence uncovering what may be the largest crypto hack in history.
Key Takeaways
- 1Arkham Intelligence uncovered a hidden 2020 hack involving 127,426 BTC stolen from LuBian Mining Pool.
- 2The stolen Bitcoin, once worth $3.5 billion, is now valued at $14.5 billion.
- 3The theft went unreported by both LuBian and the hacker until Arkham’s 2025 investigation.
- 4Weak private key generation was likely the cause, with LuBian sending over 1,500 blockchain messages to the hacker pleading for the funds’ return.
What Happened?
In an explosive revelation, blockchain analytics firm Arkham Intelligence has uncovered a long-hidden heist that siphoned off 127,426 BTC from LuBian Mining Pool in December 2020. Valued at $3.5 billion at the time and now worth $14.5 billion, this is now believed to be the largest crypto theft in history by dollar value.
BREAKING: ARKHAM UNCOVERS $3.5B HEIST – THE LARGEST EVER
,Arkham (@arkham) August 2, 2025
LuBian was a Chinese mining pool with facilities in China & Iran. Based on analysis of on-chain data, it appears that 127,426 BTC was stolen from LuBian in December 2020, worth $3.5 billion at the time and now worth… pic.twitter.com/PnIOKgMt0i
Arkham’s findings show the mining pool never disclosed the breach, and the hacker has kept most of the stolen BTC untouched for nearly five years.
LuBian’s Sudden Rise and Mysterious Disappearance
LuBian emerged in April 2020 and quickly became one of the top six Bitcoin mining pools globally, controlling nearly 6% of the Bitcoin network’s hash rate by mid-year. It promoted itself as the “safest high yielding mining pool in the world”, yet by February 2021, it vanished from the public eye.
According to Arkham, the breach began on December 28, 2020, when more than 90% of LuBian’s Bitcoin holdings were drained. A follow-up theft occurred two days later, involving $6 million in BTC and USDT linked to another LuBian-controlled address. LuBian was able to salvage 11,886 BTC, worth hundreds of millions, by transferring it to recovery wallets by the end of the year.
The Vulnerability: A Flawed Key Generator
Arkham’s analysis attributes the breach to a flawed algorithm used by LuBian for private key generation. This left the pool vulnerable to brute-force attacks, a critical weakness in an industry where secure key storage is paramount.
The stolen funds were not immediately moved or laundered. Instead, the BTC was left largely dormant, with only a wallet consolidation in July 2024 showing any activity. This inactivity may have contributed to the hack staying under the radar for so long.
OP_RETURN Messages: A Digital Cry for Help
In a desperate attempt to recover the stolen Bitcoin, LuBian spent 1.4 BTC sending 1,516 OP_RETURN messages, a Bitcoin feature that allows data to be embedded in transactions to the hacker’s wallet addresses. These messages urged the thief to return the funds and even offered a reward, underscoring the authenticity of the pleas.
However, no response was ever received, and the stolen Bitcoin remains in limbo.
A Record-Breaking Theft
With the rise in Bitcoin’s price, the hacker’s wallet now ranks as the 13th largest BTC holder tracked by Arkham. This surpasses other infamous incidents, including the Mt. Gox and Bitfinex hacks in terms of present-day value.
For comparison:
- ByBit’s $1.5 billion hack in 2025 was previously seen as the largest.
- In April 2025, an elderly individual lost $330 million in a social engineering scam involving 300 wallet addresses.
Yet neither case approaches the scale of the LuBian theft.
CoinLaw’s Takeaway
I find it almost unbelievable that a $3.5 billion hack went completely unnoticed for five years. This isn’t just a story about a mining pool getting hacked. It’s a case study in how poor security and a lack of transparency can lead to staggering losses. The fact that LuBian was quietly pleading for the return of funds using blockchain messages shows how helpless they were. And that these funds are still sitting untouched is chilling. If anything, this should be a wake-up call to anyone storing large amounts of crypto: do not compromise on key security, and never assume silence means safety.
