Arkham Unmasks the Biggest Bitcoin Hack Ever Recorded
In a revelation that stunned the crypto world, blockchain forensics firm Arkham has uncovered the largest crypto hack in history, a previously unconfirmed 2020 breach that saw 127,426 BTC stolen from the Chinese mining pool LuBian. Back then, the loot was worth around $3.5 billion, but today that same stash is valued at a staggering $14.5 billion.
Despite the scale of the theft, neither LuBian’s operators nor the hackers have ever publicly acknowledged the event. It was Arkham’s data analytics that exposed the silent mega-heist, showing that over 90% of LuBian’s holdings were drained on December 28, 2020, in a coordinated and highly targeted attack.
BREAKING: ARKHAM UNCOVERS $3.5B HEIST - THE LARGEST EVER
— Arkham (@arkham) August 2, 2025
LuBian was a Chinese mining pool with facilities in China & Iran. Based on analysis of on-chain data, it appears that 127,426 BTC was stolen from LuBian in December 2020, worth $3.5 billion at the time and now worth… pic.twitter.com/PnIOKgMt0i
BREAKING: ARKHAM UNCOVERS $3.5B HEIST - THE LARGEST EVER
— Arkham (@arkham) August 2, 2025
LuBian was a Chinese mining pool with facilities in China & Iran. Based on analysis of on-chain data, it appears that 127,426 BTC was stolen from LuBian in December 2020, worth $3.5 billion at the time and now worth… pic.twitter.com/PnIOKgMt0i
A Devastating Blow to a Leading BTC Mining Pool
LuBian wasn’t just any operation—it once controlled nearly 6% of Bitcoin’s global hash rate, running nodes out of China and Iran. The attack wiped out most of its Bitcoin and even affected funds on the Omni protocol, where an additional $6 million in BTC and USDT vanished the next day.
In a desperate bid to recover the lost funds, LuBian sent 1,516 OP_RETURN messages directly to the hacker's addresses, a move that cost the pool 1.4 BTC in fees. This unusual tactic, often used to communicate on-chain, suggests that the pleas were likely genuine—originating from the actual LuBian team, rather than a scammer hoping to hijack the situation.
Source: Arkham Intelligence
Weak Key Security Was the Entry Point
Security analysts believe that LuBian’s key-generation method was the weak link. A flawed cryptographic algorithm likely left the pool vulnerable to brute-force attacks, enabling the hacker to gain access without needing to breach internal systems or staff credentials.
Although most of the funds were stolen, LuBian retained 11,886 BTC, worth about $1.35 billion today, which have remained untouched in recovery wallets. The hacker, meanwhile, consolidated the stolen coins into a single wallet in July 2024, but has otherwise left them idle—a possible sign of caution, or an effort to avoid triggering tracking systems.
LuBian Hack Dwarfs All Previous Exchange Heists
To put this in context, the second-largest known crypto hack—the $1.5 billion Bybit theft in February 2025—now seems minor in comparison. That attack saw massive flows of mETH and stETH rerouted through decentralized exchanges and mixers. It was flagged by on-chain sleuth ZachXBT and security firm Cyvers, yet Bybit denied any internal breach, calling it a wallet misrouting incident.
In contrast, the LuBian hack was undetected for years, without any major alerts or whistleblowers. Arkham’s investigation now places the hacker as the 13th-largest BTC holder globally, ahead of even the Mt. Gox hacker, and just behind Bitcoin’s pseudonymous creator, Satoshi Nakamoto, whose untouched 1 million BTC stash remains the stuff of crypto legend.
A Wake-Up Call for the Crypto Industry
The LuBian case is a chilling reminder of how much wealth can vanish without a trace in crypto. It also shows that even the biggest players, managing billions, can fall prey to basic security oversights. With the price of BTC surging, the value of dormant hacks only grows, posing increasing systemic risks if these coins ever move again.
Blockchain investigators now urge exchanges, wallets, and compliance firms to monitor LuBian’s hacker addresses and flag any activity. As the industry matures, the case also renews calls for standardized wallet security and improved threat visibility, even for decentralized actors.
