Latest news with #LuBian
News.com.au
5 days ago
- Business
- News.com.au
$22.3 billion Bitcoin heist discovered five years later
Earlier this week, American cryptocurrency exchange platform Arkham revealed 127,426 Bitcoin was stolen from Chinese mining pool LuBian, worth a whopping $A5.4 billion ($US3.5b). The kicker? It happened in December 2020, and no one knew about it - until now. And now it's worth $A22.3 billion ($US14.5b). You may be wondering, how is this possible? First, since the incident and at the time of writing this, LuBian are still yet to release an official statement. In the last four and a half years, there have been no public announcements, no acknowledgments, not even a half-hearted PR-approved tweet. Second, the stolen funds were never moved after the hack. To this day, there has been no exchanging, no spending, no selling, no withdrawing. Essentially, aside from pulling off the biggest crypto hack in history, there's been no suspicious activity. According to Arkham, who were the first to disclose the theft, LuBian were first hacked on December 28th, 2020, for over 90 per cent of their BTC. Only a day later, on December 29th, 2020, around $A9.2 million ($US6m) of additional BTC and USDT was stolen from a LuBian active address operating on the Bitcoin Omni layer. To add icing on the cake, Arkham's investigation shows that LuBian had asked the hacker to return the funds. According to the cryptocurrency exchange company, LuBian spent 1.4 BTC across 1516 different transactions to send these messages. One message reads as such: 'OP_RETURN: through 1228btc@ to discuss the return of asset and your reward.' Another: 'OP_RETURN: MSG from LB. To the whitehat who is saving our asset, you can contact us.' A white hat hacker is an ethical security hacker, generally alerting those they have hacked of the vulnerability, typically for a reward. Companies will hire white hats to find security weaknesses in order to help safeguard their businesses from threats, such as those posed by more nefarious hackers. It was a valiant effort by LuBian but, unfortunately, the hacker in this case did not bite. The last known movement of the hacker was the consolidation of wallets in 2024. It suggests that the hacker may not be able to move the funds without risking exposing their identity, or perhaps is planning a long-term play. Arkham have suggested LuBian fell victim to the hack due to its private key generation system. LuBian's system used a 32-bit entropy. As a general rule, anything measuring less than 72 bits can be easily cracked by a machine. Anything higher than 75 is considered strong. LuBian's 32-bit entropy meant that the company was an easy target for brute force attacks, a hacking method that involves trying all possible combinations to gain unauthorised access. LuBian, which had facilities in China and Iran, reportedly controlled nearly 6 per cent of Bitcoin's total hash rate — which is the total computational power of all miners mining Bitcoin — in 2020, making it one of the world's largest mining pools. In that year, they were operating at full speed, and had achieved an impressive 16,200 BTC in nearly a year of mining. But in early 2021, LuBian stopped mining, which some reports argue could have been because of the massive breach. The attack, which is confirmed as the largest heist in BTC history, exposes the security risks of cryptocurrency wallets. It wasn't a fully fledged, hi-tech cyber attack. It was a calculated hack that took advantage of a security flaw.
Yahoo
03-08-2025
- Business
- Yahoo
Arkham Says $3.5B LuBian Bitcoin Theft Went Undetected for Nearly Five Years
A crypto wallet tied to a little-known Chinese mining pool may have been the victim of the largest bitcoin theft ever recorded, according to new findings from Arkham Intelligence. In an Aug. 2 thread on X, the onchain analytics firm said it had uncovered evidence that 127,426 BTC — worth $3.5 billion at the time — was stolen from LuBian Mining Pool in late December 2020. Neither LuBian nor the suspected hacker has ever publicly acknowledged the breach, and Arkham said it is the first to report the incident. LuBian was one of the largest bitcoin mining pools globally in 2020, reportedly controlling nearly 6% of Bitcoin's total hash rate as of May that year. The hack, if confirmed, would eclipse the scale of other high-profile exploits like Mt. Gox and Bitfinex by nominal value at the time of loss. Arkham's analysis indicates that on Dec. 28, 2020, more than 90% of LuBian's BTC holdings were drained. Two days later, another theft involving about $6 million worth of BTC and USDT occurred, linked to a LuBian address operating on the Bitcoin Omni layer. The company appears to have moved its remaining 11,886 BTC — then worth hundreds of millions — into recovery wallets by Dec. 31, 2020. A notable detail in Arkham's report is the presence of OP_RETURN messages — special transactions that allow data to be embedded in the Bitcoin blockchain — sent from LuBian to the hacker. According to Arkham, the mining pool spent 1.4 BTC across over 1,500 transactions attempting to contact the thief, urging them to return the stolen funds. This effort suggests the messages were genuine and originated from the rightful wallet owner. Arkham believes the vulnerability may have stemmed from LuBian's use of a flawed private key generation algorithm that left it susceptible to brute-force attacks. The stolen BTC has apparently remained largely dormant, with the last major movement being a wallet consolidation in July 2024. Due to the price appreciation of bitcoin since 2020, the current value of the stolen assets is estimated to be $14.5 billion. That makes the wallet associated with the LuBian hacker the 13th largest BTC holder tracked by Arkham — surpassing the holdings linked to the Mt. Gox breach. As of today, both the hacker and LuBian are believed to still control their respective BTC balances. Arkham has published wallet trackers for both parties, but no additional details about the identities involved have been disclosed. Sign in to access your portfolio
