Table of Contents
Title: Unveiling the Largest Crypto Heist: The LuBian Mining Pool Incident
In a groundbreaking revelation, Arkham Intelligence has brought to light a colossal theft from the LuBian Mining Pool, one of the prominent Bitcoin mining operations. In December 2020, a malicious attack resulted in the loss of 127,426 BTC, now valued at an astounding US$14.5 billion (AU$22.39 billion). This cyber heist is recorded as possibly the largest in cryptocurrency history, surpassing even the notorious Mt. Gox incident in terms of dollar value.
The Hack Uncovered
The attack exploited a serious flaw in LuBian’s private key generation method, which left over 90% of the mining pool’s assets vulnerable to access by hackers. At the time of the breach, Bitcoin was trading at approximately US$27,000 (AU$41,733), marking the immediate financial loss at around US$3.5 billion (AU$5.41 billion). While the volume of Bitcoin stolen by Mt. Gox was greater, the value attributed to the LuBian heist makes it significantly impactful in financial terms.
LuBian’s Ascent and Descent
Established in April 2020, LuBian rapidly rose to prominence, controlling nearly 6% of the global Bitcoin network’s hash rate within just a month. The company was marketed as "the safest high-yielding mining pool in the world." However, by February 2021, LuBian vanished from the public landscape under mysterious circumstances.
Analysis by Arkham indicates that the major theft occurred on December 28, 2020, when 90% of LuBian’s reserves were drained. Subsequently, two days later, an additional US$6 million (AU$9.26 million) was lost from another address associated with LuBian. By the end of December, the remaining 11,886 BTC, valued at about US$1.35 billion (AU$2.08 billion), was reportedly transferred to separate recovery wallets.
The Aftermath of the Theft
Arkham suspects that LuBian’s weak private key generation method was susceptible to brute-force attacks, which ultimately led to the security breach. Since the incident, neither LuBian nor the hacker have publicly discussed the theft.
In an attempt to recover the stolen funds, LuBian utilised blockchain messaging through Bitcoin’s OP_RETURN field, reaching out directly to the perpetrator and even offering a reward for the return of the stolen assets. Regrettably, these messages went unanswered, and the stolen Bitcoin remains untouched. The last recorded transaction associated with the hacker’s wallet was a consolidation of funds back in July 2024, placing this wallet among the top 13 largest BTC holdings currently monitored.
Conclusion
The LuBian Mining Pool incident not only highlights the vulnerabilities associated with cryptocurrency operations but also raises significant questions regarding security practices within the industry. As cryptocurrency continues to evolve, such historical breaches serve as critical reminders for stakeholders to enhance their protective measures against similar attacks in the future. The analysis from Arkham Intelligence is pivotal in understanding the contours of this significant theft and its implications for the ongoing discourse surrounding cryptocurrency safety and legitimacy.
