Key Takeaways
1. Arkham Intelligence identified a hack from December 2020 involving the closed Chinese mining pool LuBian, which lost 127,426 Bitcoins valued at $3.5 billion at the time, now worth about $14.5 billion.
2. The breach occurred on December 28, 2020, with over 90% of LuBian’s holdings disappearing in one transaction, followed by an additional $6 million in Bitcoins and USDT extracted the next day.
3. A weak key-generation method with only 32 bits of entropy was likely the cause of the breach, making it vulnerable to attacks.
4. LuBian attempted to recover their stolen funds by spending 1.4 Bitcoins on over 1,500 messages pleading with the attacker to return the money.
5. LuBian still holds 11,886 Bitcoins (valued at around $1.35 billion), while the hacker has moved funds recently, ranking them as the 13th largest known Bitcoin holder.
Arkham Intelligence has tracked down a hack from December 2020 involving the now-closed Chinese mining pool LuBian, which lost 127,426 Bitcoins. At the time, those coins were valued at $3.5 billion, but they are now worth about $14.5 billion. This mining pool briefly held the sixth spot globally, commanding roughly six percent of Bitcoin’s total hash rate in mid-2020, before it vanished from the spotlight in 2021.
Details of the Breach
According to blockchain investigations, the primary breach happened on December 28, 2020, when over 90 percent of LuBian’s holdings disappeared in a single transaction. The following day, attackers extracted an additional $6 million in Bitcoins and USDT from a LuBian address on the Bitcoin Omni layer. On December 31, LuBian rushed to transfer their remaining assets into recovery wallets.
Weak Key-Generation Routine
Arkham’s findings suggest that a notably weak key-generation method was likely the source of the breach: LuBian reportedly used just 32 bits of entropy, a level that can be easily cracked with gaming equipment if given enough time.
The pool seemed to have identified the breach, spending 1.4 bitcoins on over 1,500 OP_RETURN messages begging the attacker to return the stolen funds. These messages strongly imply they were sent by the real operators rather than someone trying to impersonate them.
Current Status of the Coins
Both parties have kept their coins since the incident. LuBian still possesses their remaining 11,886 Bitcoins (valued around $1.35 billion), while the hacker only moved funds last to consolidate wallets in July 2024. At present values, the stolen Bitcoins would rank the attacker as the 13th largest known Bitcoin holder, just ahead of the Mt. Gox attacker, according to Arkham’s rankings.
Source:
Link
Leave a Reply