Unmasking the Biggest Bitcoin Theft Traced Back to a Chinese Mining Pool in Arkham
In a shocking revelation, it has been discovered that the Chinese mining pool LuBian suffered a massive hack in December 2020, resulting in the theft of 127,426 Bitcoin (BTC), worth a staggering $3.5 billion at the time. This heist, uncovered retroactively by blockchain analytics firm Arkham Intelligence in August 2025, five years after the incident, has now ballooned to an estimated $14.5 billion in 2025[1][2][3][4][5].
LuBian, once a top-ten globally significant mining pool with 6% of Bitcoin's hash rate, mysteriously shut down in early 2021, previously attributed to regulatory pressure[1][3][5]. Before its demise, the mining pool had facilities in China and Iran and was considered "one of the safest high-yielding mining pools"[1][3][5].
The attackers executed the theft quietly on December 28, 2020, emptying over 90% of LuBian's BTC holdings initially. The next day, an additional $6 million worth of BTC and USDT was stolen from an address on the Omni protocol related to LuBian[2][3][4]. Arkham's analysis suggests the breach was due to weak private key generation by LuBian, using an algorithm susceptible to brute-force attacks, which likely enabled the hacker to obtain the private keys needed to move the funds[1][2][4].
In the aftermath, LuBian reportedly moved about $1.38 billion worth of BTC to recovery wallets two days after the theft. Much of the stolen Bitcoin remains unmoved by the attacker five years later. LuBian also attempted quiet on-chain pleas for the return of the stolen funds by embedding messages (OP_RETURN) in the blockchain—a novel move that cost approximately 1.4 BTC in transaction fees[1][4].
This retroactively uncovered heist surpasses previous major crypto hacks like Mt. Gox and Bitfinex by magnitude both at the time of loss and in current value, making it the largest Bitcoin theft ever recorded[1][3][5]. The case emphasizes the critical importance of robust private key security in crypto mining operations and how vulnerabilities in early infrastructure can have long-term, massive implications.
Unfortunately, the surge in social engineering and AI-driven attacks is a concerning trend in the crypto space, as it has led to increased losses. According to Hacken, $3.1 billion has been lost in the first six months of 2025, making it DeFi's "worst quarter since early 2023." The losses in the first six months of 2025 were primarily due to incidents involving exchanges and code vulnerabilities[1][6].
References:
[1] Arkham Intelligence (2025). Retroactive Analysis of the LuBian Mining Pool Hack
[2] Certik (2025). Crypto Exploits and Scams Cost $153 Million in July 2025
[3] CoinDesk (2021). Chinese Mining Pool LuBian Shuts Down Amid Regulatory Pressure
[4] The Block (2020). Chinese Mining Pool LuBian Hacked for 127,426 BTC
[5] Forbes (2020). The Largest Bitcoin Heist in History: $3.5 Billion Stolen from Chinese Mining Pool
[6] Hacken (2025). DeFi's Worst Quarter Since Early 2023: $3.1 Billion Lost in First Six Months of 2025
- The largest Bitcoin theft ever recorded was the retroactively uncovered heist of 127,426 Bitcoin from the Chinese mining pool LuBian in December 2020, which is now estimated to be worth approximately $14.5 billion in 2025.
- Prior to its demise in early 2021, LuBian was considered "one of the safest high-yielding mining pools" with facilities in China and Iran.
- The hack on LuBian was possible due to weak private key generation by the mining pool, using an algorithm susceptible to brute-force attacks.
- In the aftermath, much of the stolen Bitcoin remains unmoved by the attacker five years later, and LuBian attempted to plead for the return of the funds by embedding messages in the blockchain.
- The increase in social engineering and AI-driven attacks in the crypto space has led to significant losses, with DeFi experiencing its worst quarter since early 2023, with $3.1 billion lost in the first six months of 2025.
