3 days ago
$22.3 billion Bitcoin heist discovered five years later
Earlier this week, American cryptocurrency exchange platform Arkham revealed 127,426 Bitcoin was stolen from Chinese mining pool LuBian, worth a whopping $A5.4 billion ($US3.5b).
The kicker? It happened in December 2020, and no one knew about it - until now. And now it's worth $A22.3 billion ($US14.5b).
You may be wondering, how is this possible?
First, since the incident and at the time of writing this, LuBian are still yet to release an official statement.
In the last four and a half years, there have been no public announcements, no acknowledgments, not even a half-hearted PR-approved tweet.
Second, the stolen funds were never moved after the hack.
To this day, there has been no exchanging, no spending, no selling, no withdrawing.
Essentially, aside from pulling off the biggest crypto hack in history, there's been no suspicious activity.
According to Arkham, who were the first to disclose the theft, LuBian were first hacked on December 28th, 2020, for over 90 per cent of their BTC.
Only a day later, on December 29th, 2020, around $A9.2 million ($US6m) of additional BTC and USDT was stolen from a LuBian active address operating on the Bitcoin Omni layer.
To add icing on the cake, Arkham's investigation shows that LuBian had asked the hacker to return the funds.
According to the cryptocurrency exchange company, LuBian spent 1.4 BTC across 1516 different transactions to send these messages.
One message reads as such: 'OP_RETURN: through 1228btc@ to discuss the return of asset and your reward.'
Another: 'OP_RETURN: MSG from LB. To the whitehat who is saving our asset, you can contact us.'
A white hat hacker is an ethical security hacker, generally alerting those they have hacked of the vulnerability, typically for a reward.
Companies will hire white hats to find security weaknesses in order to help safeguard their businesses from threats, such as those posed by more nefarious hackers.
It was a valiant effort by LuBian but, unfortunately, the hacker in this case did not bite.
The last known movement of the hacker was the consolidation of wallets in 2024.
It suggests that the hacker may not be able to move the funds without risking exposing their identity, or perhaps is planning a long-term play.
Arkham have suggested LuBian fell victim to the hack due to its private key generation system.
LuBian's system used a 32-bit entropy. As a general rule, anything measuring less than 72 bits can be easily cracked by a machine. Anything higher than 75 is considered strong.
LuBian's 32-bit entropy meant that the company was an easy target for brute force attacks, a hacking method that involves trying all possible combinations to gain unauthorised access.
LuBian, which had facilities in China and Iran, reportedly controlled nearly 6 per cent of Bitcoin's total hash rate — which is the total computational power of all miners mining Bitcoin — in 2020, making it one of the world's largest mining pools.
In that year, they were operating at full speed, and had achieved an impressive 16,200 BTC in nearly a year of mining.
But in early 2021, LuBian stopped mining, which some reports argue could have been because of the massive breach.
The attack, which is confirmed as the largest heist in BTC history, exposes the security risks of cryptocurrency wallets. It wasn't a fully fledged, hi-tech cyber attack. It was a calculated hack that took advantage of a security flaw.
