A crypto portfolio linked to a little-known Chinese mining pool may have been the victim of the largest Bitcoin flight ever recorded, according to new discoveries by Arkham Intelligence.
In a August 2 thread On X, ONCHAIN’s analysis firm said that it had revealed evidence that 127,426 BTC – worth $ 3.5 billion at the time – had been stolen from Lubian Mining Pool in late December 2020. Neither Lubian nor the alleged hacker never recognized the breach, and Arkham declared that he was not the first to report the incident.
Lubian was one of the largest Bitcoin operating swimming pools in the world in 2020, apparently controlling almost 6% of the total bitcoin chopping rate from the same year. Piracy, if confirmed, would overshadow the scale of other high -level exploits such as Mont Gox and Bitfinex by nominal value at the time of loss.
Arkham’s analysis indicates that on December 28, 2020, more than 90% of Lubian BTC assets were drained. Two days later, another flight involving around 6 million dollars in BTC and USDT occurred, linked to a Lubian address operating on the Bitcoin Omni layer. The company seems to have moved its remaining 11,886 BTC – then worth hundreds of millions – in recovery wallets by December 31, 2020.
A notable detail in the Arkham report is the presence of OP_PRETurn messages – special transactions that allow data to integrate in the Bitcoin Blockchain – Envoy from Lubian to the Pirate. According to Arkham, the mining swimming pool spent 1.4 BTC on more than 1,500 transactions trying to contact the thief, exhorting them to return the stolen funds. This effort suggests that the messages were authentic and came from the owner of the legitimate portfolio.
Arkham believes that vulnerability may have come from the use by Lubian of an imperfect private keys algorithm which left him sensitive to brute force attacks. The stolen BTC apparently remained largely sleeping, the last major movement being a portfolio consolidation in July 2024.
Due to the appreciation of Bitcoin prices since 2020, the current value of stolen assets is estimated at $ 14.5 billion. This makes the portfolio associated with the Lubian hacker on the 13th largest BTC carrier followed by Arkham – exceeding assets linked to the MT. Gox breach.
To date, the Pirate and the Lubian still control their respective BTC sales. Arkham has published portfolio trackers for both parties, but no additional details on the identities involved has been disclosed.
