The Largest Bitcoin Theft in History: The LuBian Hack
In a groundbreaking revelation, blockchain intelligence firm Arkham has unearthed what is now recognized as the largest Bitcoin (BTC) theft in history. The incident involved a staggering 127,426 Bitcoin hack from a China-based mining pool known as LuBian. This monumental breach, which transpired quietly in late December 2020, was shrouded in secrecy until Arkham’s investigation brought it to light.
Uncovering the LuBian Hack: How It Went Undetected
The LuBian hack remained undetected for over two years, with neither the mining pool nor the attacker acknowledging the breach. Arkham’s investigation marks the first public acknowledgment of the incident, revealing that more than 90% of LuBian’s Bitcoin was siphoned off in a remarkably short time frame. On December 28, 2020, the first major breach occurred. By the next day, another $6 million in Bitcoin had been stolen, amounting to a total loss valued at approximately $3.5 billion at the time, which has since escalated to over $14.5 billion at current Bitcoin prices.
Attempts to Recover Stolen Funds
Following the hack, LuBian took an unusual step by attempting to engage the hacker through Bitcoin’s OP_RETURN feature, which allows users to embed messages within transactions. They sent out 1.4 BTC across 1,516 messages, urging the hacker to return the stolen funds while even offering a reward. Despite their efforts, the stolen Bitcoin remains in the possession of the hacker, who has now emerged as the 13th largest BTC holder tracked by Arkham, surpassing even the notorious Mt. Gox hacker.
Root Causes of the Exploit: Weak Private Keys
Arkham’s investigation identified the root cause of the exploit as weak private key generation. It appears that LuBian’s algorithms were vulnerable to brute-force attacks. This vulnerability was exacerbated by issues related to the firm’s Trust Wallet code, which is based on a 32-bit entropy method that has previously been a target for hackers. This issue is not isolated; it has been linked to multiple instances of wallet hacks in the past.
The Scale of the Breach: Moving Vast Amounts of Bitcoin
The enormity of the LuBian theft has eclipsed previous records, surpassing even the significant breach of Bybit, which saw over $1.4 billion in Ethereum (ETH) stolen. Arkham’s analysis shows that the stolen Bitcoin was meticulously moved across hundreds of wallets, further adding to the complexity and secrecy surrounding the hacking incident. This level of sophistication in fund movement has left the crypto community in a state of shock and has raised questions about security measures in place at major crypto platforms.
LuBian’s Legacy: The Impact of the Theft
Despite losing the majority of its Bitcoin, LuBian managed to retain 11,886 BTC, currently valued at approximately $1.35 billion. At its height, LuBian was among the largest Bitcoin mining pools globally, controlling close to 6% of the Bitcoin network’s hash rate from its operations in China and Iran. This saga has highlighted vulnerabilities in the crypto mining and trading ecosystems, prompting stakeholders to re-evaluate security protocols and risk management strategies.
In summary, the revelations surrounding the LuBian Bitcoin hack underscore the pressing need for robust security measures within the crypto industry. As the digital asset space evolves, both miners and traders must remain vigilant and proactive in safeguarding their assets against increasingly sophisticated threats.
