Gigantic Cyber Attack Uncovered by Arkham: Digital Assets Valued at a Staggering $14.5 Billion
In a shocking revelation, a massive hack on Chinese Bitcoin mining pool LuBian in December 2020 has been uncovered, making it the largest crypto heist ever recorded. The hack, which saw the theft of approximately 127,426 Bitcoins, is now worth a staggering $14.5 billion due to the significant price increases in Bitcoin.
The Theft and Its Aftermath
On December 28, 2020, hackers made off with more than 90% of LuBian’s Bitcoin holdings, worth $3.5 billion at the time. Two days later, an additional theft of roughly $6 million in Bitcoin and USDT tied to LuBian's Omni protocol addresses occurred [1][2][4]. LuBian managed to move their remaining BTC (about 11,886 coins) to recovery wallets by December 31, 2020, worth over $1 billion then [1][2][4][5].
The breach went undetected publicly for almost five years, with neither LuBian nor the attacker acknowledging it [1][2][5].
The Hack: A Matter of Private Key Generation
The vulnerability that led to the hack is believed to have resulted from a flawed private key generation algorithm used by LuBian, making their keys susceptible to brute-force attacks by hackers [1][2][5]. Attackers demonstrated sophisticated knowledge of LuBian’s wallet systems, possibly enabling them to bypass multi-signature security and exploit vulnerabilities in automated payout mechanisms [3].
LuBian attempted to contact the hacker via more than 1,500 OP_RETURN messages embedded directly in Bitcoin transactions, costing 1.4 BTC. These messages, which imply they genuinely came from LuBian’s wallet, asked for the stolen funds back and even promised rewards [1][5].
The Fallout and Current Status
The stolen bitcoins have mostly remained dormant since the hack, with only wallet consolidations observed in mid-2024 [1]. Blockchain analytics firm Arkham Intelligence has identified the compromised wallets and now tracks both the hacker's and LuBian’s wallets but has not revealed identities [1].
At the time, LuBian was a significant mining pool, controlling about 6% of Bitcoin’s total hash rate, with mining operations in China and Iran [3][4].
A Historic Hack
The LuBian hack is historically significant due to its scale ($3.5 billion stolen, now $14.5 billion), delayed discovery, and the exploitation of a critical key-generation flaw in a top Bitcoin mining pool [1][2][3][4][5]. The current Bitcoin price eclipses the $3.5 billion lost by LuBian in value, underscoring the impact of this unprecedented event.
It's important to note that this article does not provide financial or investment advice, and readers are encouraged to verify information and consult with a professional before making decisions based on the content. As of now, the $3.5 billion lost by LuBian is worth $14.5 billion, given the current Bitcoin price close to $114,000.
This article is committed to providing unbiased and transparent reporting. Neither LuBian nor the hacker have publicly acknowledged the hack. The funds have never moved from the hacker's address. At the time of the loss, Bitcoin was trading around $27,000, and the amount lost reached $3.5 billion. The hack surpasses Bybit's $1.5 billion hack by a lot.
LuBian, one of the largest mining pools in the world at the time of the hack, operated in China and Iran. In a bid to recover their losses, LuBian sent a batch of OP_RETURN messages to the hacker addresses, asking for a fund return and promising rewards. However, the response from the hacker never arrived. The method used by LuBian was susceptible to brute-force attacks, making it a lesson for other mining pools to strengthen their security measures.
Technology played a significant role in the LuBian hack, as the vulnerability that led to the theft was a flawed private key generation algorithm used by the mining pool. This flaw made their keys susceptible to brute-force attacks by hackers, demonstrating the importance of secure technology in the field of finance and investing.
Investigating the hack further, it's apparent that the hackers showcased sophisticated knowledge of LuBian’s wallet systems, potentially enabling them to bypass multi-signature security and exploit vulnerabilities in automated payout mechanisms. This highlights the need for ongoing research and development in security technologies to protect assets in the cryptocurrency market.
