Home » Home » The Largest Bitcoin Theft in History: How a $3.5B Hack Went Undetected for 5 Years

The Largest Bitcoin Theft in History: How a $3.5B Hack Went Undetected for 5 Years

By  //  October 15, 2025

A crypto wallet tied to Chinese mining pool LuBian may have been the victim of the largest Bitcoin theft ever recorded, according to new findings from blockchain analytics firm Arkham.

The theft of 127,426 BTC, worth $3.5 billion at the time, occurred in late December 2020 but went undetected for nearly five years. LuBian never publicly reported the breach, and Arkham said it is the first to reveal the incident.

LuBian was one of the largest Bitcoin mining pools globally in 2020, reportedly controlling nearly 6% of Bitcoin’s total hash rate as of May that year. The hack, if confirmed, would eclipse the scale of other high-profile exploits like Mt. Gox and Bitfinex by nominal value at the time of loss.

The December 2020 Attack

Arkham’s blockchain intelligence platform analysis indicates that on Dec. 28, 2020, more than 90% of LuBian’s BTC holdings were drained from their wallets. Two days later, another theft involving about $6 million worth of BTC and USDT occurred, linked to a LuBian address operating on the Bitcoin Omni layer.

The timing was particularly brutal. Bitcoin was in the middle of its historic 2020 bull run, hitting new all-time highs weekly. Mining operations like LuBian were printing money, accumulating massive Bitcoin reserves as rewards poured in. Then, in the span of 48 hours, it was mostly gone.

The company appears to have realized what happened quickly. By Dec. 31, 2020, LuBian had moved its remaining 11,886 BTC, then worth hundreds of millions, into what appear to be recovery wallets, trying to secure whatever was left.

Desperate Messages on the Blockchain

What happened next reads like a digital-age ransom negotiation, played out entirely on Bitcoin’s public ledger. Arkham research uncovered something remarkable: LuBian spent 1.4 BTC across over 1,500 transactions, embedding OP_RETURN messages directly into the blockchain.

These weren’t just any transactions. OP_RETURN messages allow data to be permanently recorded on Bitcoin’s blockchain, and LuBian used them to plead with the hacker to return the stolen funds. Imagine spending over $50,000 (at today’s prices) just to send messages into the void, hoping your attacker might have a conscience.

The messages serve as a permanent monument to LuBian’s desperation, forever embedded in Bitcoin’s transaction history. They also prove the mining pool knew exactly what had happened and who was responsible—making their public silence over the past five years even more puzzling.

A $14.5 Billion Hodler by Accident

The math here is brutal for LuBian. What started as a $3.5 billion loss in 2020 is now worth $14.5 billion. Every Bitcoin price rally over the past five years has effectively rewarded the thief while compounding LuBian’s pain.

Meanwhile, the hacker sits on enough Bitcoin to rank among the world’s top holders. According to data from Arkham, the wallet associated with the LuBian theft is now the 13th largest BTC holder globally—bigger than the Mt. Gox estate, bigger than most nation-states, bigger than almost every public company.

They’ve barely touched the funds. The last major movement was just some wallet housekeeping in July 2024, probably consolidating addresses for better security. Either they’re playing the ultimate long game, or they’re smart enough to know that moving $14 billion worth of Bitcoin tends to attract the kind of attention you don’t want.

Technical Breakdown: How It Happened

The attack likely succeeded because of a fundamental flaw in how LuBian generated private keys—the cryptographic secrets that control Bitcoin wallets. Analysts believe the vulnerability stemmed from weak randomness in the key generation process, making their “unbreakable” encryption breakable through computational brute force.

This isn’t some exotic hack requiring nation-state resources. It’s a basic implementation error that left billions of dollars exposed. Think of it like using “password123” to secure Fort Knox—technically sophisticated in execution, but embarrassingly simple in concept.

The scary part? If LuBian’s key generation was flawed, how many other mining pools, exchanges, and crypto companies are running similar vulnerabilities right now? The industry’s rapid growth often outpaces its security maturity, creating exactly these kinds of blind spots.

Five Years of Hiding in Plain Sight

Here’s what makes this discovery fascinating from a forensics perspective: the crime was hiding in plain sight for five years. Every transaction was recorded on Bitcoin’s public ledger, viewable by anyone with an internet connection. But without the right analytical tools and expertise, the pattern remained invisible.

Arkham’s investigation cut through the noise of thousands of transactions by focusing on what mattered most: the data itself. Rather than relying solely on piecing together a timeline or clustering wallets, the team zeroed in on the victim’s own words—on-chain messages pleading with the hacker to make contact. It’s a new era of detective work, where the most pivotal evidence is often the information permanently etched into the public ledger.

The Forensics Arms Race

This case highlights how the blockchain analytics space has evolved into something resembling a digital Cold War. On one side, criminals are getting more sophisticated in their laundering techniques, using mixers, privacy coins, and complex routing to obscure their tracks. On the other, companies like Arkham are developing AI-powered tools that can identify patterns human investigators would never spot.

Arkham has published wallet trackers for both the hacker and LuBian’s remaining holdings, essentially crowdsourcing the ongoing investigation. Anyone can now monitor these addresses for movement, creating a global surveillance network that makes it increasingly difficult to spend stolen Bitcoin undetected.

Uncomfortable Questions

The LuBian hack raises uncomfortable questions about how many other major thefts might be sitting undetected in blockchain history. If a $3.5 billion heist can stay hidden for five years, what else is out there? How many other mining pools, exchanges, and DeFi protocols have been quietly drained without anyone noticing?

The silence from both parties, LuBian and the hacker, suggests this isn’t a case where the victim wants public attention. Maybe there are legal complexities we don’t understand. Maybe LuBian cut a private deal we’ll never hear about. Or maybe they’re just hoping it all goes away.

The Broader Implications

For mining operations, the lesson is straightforward: the bigger you get, the bigger the target on your back. Proper key generation, multi-signature setups, cold storage protocols, and regular security audits aren’t optional anymore, they’re survival requirements in an industry where technical mistakes can cost billions.

The LuBian case also demonstrates the double-edged nature of Bitcoin’s design. The same transparency that eventually exposed this crime also allowed the thief to operate under everyone’s noses for five years. It’s a reminder that in crypto, yesterday’s feature is often tomorrow’s bug.

As the industry matures and more institutional money flows in, cases like LuBian will likely drive the development of better security standards and more sophisticated forensic capabilities. The question is whether these improvements will come fast enough to prevent the next billion-dollar mistake that’s probably brewing somewhere right now.