$14 Billion Bitcoin Heist Hidden for 5 Years: How LuBian Lost Everything to a Single Flaw

Key Takeaways

Crypto’s biggest theft just came to light, nearly 5 years later.
Over $14 billion in Bitcoin is sitting in untouched wallets controlled by an anonymous hacker.
LuBian’s poor private key security enabled the breach, not malware or insider sabotage.
Arkham’s work proves that no wallet is truly invisible on-chain anymore.

In a revelation that has sent shockwaves across the crypto world, blockchain intelligence firm Arkham has retroactively uncovered what is now the largest crypto heist in history.

A staggering 127,000+ BTC, worth nearly $14 billion today, was silently drained from LuBian, a once-prominent Chinese Bitcoin mining pool, in late December 2020.

The kicker? No one knew until July 2025.

How the World’s Biggest Crypto Heist Stayed Hidden for 5 Years

On August 2, 2025, Arkham Intelligence revealed its findings in a tweet thread that rapidly went viral. The firm had traced the unauthorized transfer of 127,426 BTC from wallets controlled by LuBian Pool on December 28, 2020. At the time, this was worth approximately $3.5 billion.

BREAKING: ARKHAM UNCOVERS $3.5B HEIST – THE LARGEST EVER

LuBian was a Chinese mining pool with facilities in China & Iran. Based on analysis of on-chain data, it appears that 127,426 BTC was stolen from LuBian in December 2020, worth $3.5 billion at the time and now worth… pic.twitter.com/PnIOKgMt0i

— Arkham (@arkham) August 2, 2025

While the blockchain is often lauded for transparency, the theft remained invisible because the funds were never moved after the hack. No mixing services, no exchanges, no spending, just cold storage.

The heist flew under the radar because LuBian never disclosed it, and the crypto community simply assumed the pool had shut down due to market conditions or regulatory pressures in China.

Top Picks for Bitcoin

The Weak Link: A 32-Bit Private Key

Arkham’s investigation suggests that the hacker exploited LuBian’s flawed private key generation system, which used 32-bit entropy, a dangerously low level of randomness. Such a weak key allowed brute-force decryption of LuBian’s wallets, effectively handing the attacker access to billions in Bitcoin.

This wasn’t a high-tech malware attack. It was a mathematical flaw in wallet security, one that, according to Arkham, could’ve been cracked using a moderately powerful system over time.

The Timeline of a Silent Theft

Date	Event
Dec 28, 2020	LuBian’s hot wallet is drained of 114,000+ BTC
Dec 29, 2020	Another $6 million in BTC and USDT is taken from an Omni-layer address
Dec 31, 2020	LuBian consolidates 11,886 BTC into a “recovery wallet” and goes offline
Early 2021	LuBian ceases all mining operations and disappears
Jul 2024	The hacker consolidates their holdings but doesn’t spend any funds
Aug 2, 2025	Arkham publicly identifies the hack and labels the wallet owner as the attacker

OP_RETURN: The Bitcoin “Post-it Note” for the Blockchain

One unique element of this case is the use of OP_RETURN, a special Bitcoin feature. But what is OP_RETURN, and why does it matter?

What it is: OP_RETURN is like a “post-it note” attached to a Bitcoin transaction. Instead of sending money, users can embed a tiny piece of data (like a message or document hash) directly into the blockchain.
Why it exists: It’s often used for proof-of-existence records, timestamping, or embedding data for decentralized apps.
In this heist: After realizing their funds were stolen, LuBian sent 1,516 OP_RETURN transactions to the hacker’s wallet. Each one contained a message pleading for the return of the stolen Bitcoin, an unusual digital cry for help.
Cost: These attempts cost LuBian 1.4 BTC, but it shows they were trying to communicate directly with the hacker on-chain, because the blockchain has no customer support or dispute button.

This simple messaging feature helped Arkham confirm the theft: only the original wallet owner would have reason to spend money sending these on-chain distress calls.

Where the Stolen Bitcoin Is Now

As of August 2025, the stolen Bitcoin remains in a series of dormant wallets, making the hacker one of the top 15 largest Bitcoin holders in the world. These wallets have never moved the funds beyond basic consolidation, suggesting the attacker may be:

Unable to safely liquidate the funds without exposing their identity
Waiting for legal limitations to expire in certain jurisdictions
Planning a long-term play, such as private OTC deals or token wrapping

Who Is Arkham Intelligence?

Founded in 2020, Arkham Intelligence is a blockchain analytics firm focused on on-chain forensics and wallet deanonymization. By combining AI-driven algorithms with human oversight, Arkham helps identify and track illicit blockchain activity.

Their success with the LuBian case positions them as one of the most advanced players in blockchain surveillance, and raises big questions about blockchain anonymity in a surveillance age.

Why This Matters for the Crypto Industry

It exposes critical security flaws: Poor wallet entropy can lead to catastrophic loss, even for large institutions like mining pools. The crypto community must prioritize wallet safety beyond cold storage and multisig, entropy and key generation matter.
It highlights the limits of transparency: The Bitcoin blockchain is transparent, yes, but only if you know what to look for. It took five years and a specialist firm to uncover this mega-heist, reminding us that visibility is not the same as comprehension.
It raises questions about regulation: Should companies be required to disclose hacks? LuBian’s silent exit shows that lack of regulation enabled a black hole of trust, users never even knew their funds were at risk.
It redefines ‘Dead Wallets’: Just because coins don’t move doesn’t mean they’re lost forever. In fact, the LuBian hacker now controls 1 out of every 125 BTC in circulation.

Conclusion

The LuBian hack, now confirmed as the largest crypto heist in history, highlights how security flaws, silence, and blockchain’s pseudonymous nature can combine into the perfect storm. For nearly five years, billions in stolen Bitcoin sat quietly on-chain, unnoticed by regulators, exchanges, and users.

Arkham’s discovery is more than just a solved mystery, it’s a wake-up call for the entire crypto ecosystem. From ensuring proper key security to adopting transparent incident disclosures, the industry must learn from LuBian’s downfall.

And for everyday crypto users, the message is clear: your security is only as strong as the code and practices behind your wallet.

FAQs

Who is the hacker behind the LuBian Bitcoin theft?

As of now, the hacker’s identity remains unknown. Arkham has labeled the wallet addresses but has not linked them to any individual or group. The hacker has not interacted with exchanges or services that could expose them.

What happened to LuBian after the hack?

After the December 2020 theft, LuBian quietly moved its remaining BTC to a recovery wallet and shut down operations without public explanation. The pool disappeared from on-chain mining data in early 2021.

Can the stolen Bitcoin ever be recovered?

Unlikely. Unless the attacker chooses to move the funds through a traceable path or gets caught due to KYC/AML enforcement at an exchange, the Bitcoin will likely remain inaccessible to authorities.

How did Arkham uncover the heist?

Arkham used a combination of wallet clustering, OP_RETURN analysis, and on-chain heuristics to trace the flow of BTC from LuBian’s wallets to the hacker’s. The unique digital footprint, including distress messages from LuBian, helped confirm the theft.

About the Author

Onkar Singh

Onkar Singh has three years of experience as a digital finance content creator. Throughout his career, he has collaborated with various DeFi projects and crypto media outlets. In his leisure time, he enjoys fitness activities at the gym and watching movies across different genres. Balancing his professional and personal interests, Onkar continues to contribute to the digital finance landscape while pursuing his hobbies.

[email protected]