- LuBian’s weak encryption gave a hacker complete access to 127,000 Bitcoins without alert
- A gaming PC and time were all the hacker needed to breach crypto’s “safest” platform
- Over 5,000 wallets compromised and no alarms triggered as billions silently vanished
What began as a silent infiltration into one of the world’s largest cryptocurrency mining pools has now been confirmed as the biggest crypto theft in history.
The LuBian mining pool, once a dominant force in the Bitcoin network, quietly lost over 127,000 Bitcoins in 2020.
The breach was only uncovered in 2025 by Arkham Intelligence, revealing a staggering $14.5 billion worth of stolen assets that had remained untouched and undetected for half a decade.
A historic breach hidden in plain sight
The scale of this theft eclipses even the infamous Mt. Gox incidents of the early 2010s, as while Mt. Gox saw a higher number of Bitcoins disappear, the significantly lower value of Bitcoin at the time made the financial loss far smaller in comparison.
By contrast, the LuBian hack, valued at around $3.5 billion when it occurred, has since ballooned to $14.5 billion due to the rise in Bitcoin prices.
Despite the passage of time, the hacker has held onto all the stolen funds, with no signs of large-scale laundering or spending.
Arkham’s investigation suggests that the LuBian breach likely exploited a fundamental weakness in the platform’s security architecture.
Its private key generation reportedly relied on only 32 bits of entropy, a dangerously low standard by cryptographic norms, and which allowed the attacker to deploy brute-force attacks with nothing more than a gaming PC and patience.
The implication is critical digital assets were being guarded with the digital equivalent of a paper lock.
The hacker, who reportedly compromised over 5,000 wallets, used the vulnerability to access and siphon nearly all of LuBian’s Bitcoin holdings.
The mining pool itself disappeared from the network in 2021, only a few months after the theft.
LuBian had once boasted of being the “safest high-yielding mining pool,” a claim now overshadowed by its catastrophic collapse.
This incident calls attention to the broader issue of cyber hygiene within crypto infrastructure.
The use of comprehensive security suites, robust encryption methods, and advanced firewall protections should be non-negotiable – yet even among top-tier players, critical oversights remain alarmingly common.
The lack of transparency around the breach until 2025 also raises questions about how many similar attacks may have gone unnoticed.
The hacker has now been arrested, but the LuBian case is a reminder of the consequences of weak digital security.
It also shows how easily identity theft and systemic failures can converge in the largely unregulated world of cryptocurrency.
Via Toms Hardware
Add Comment