4th August 2025 – (Beijing) Blockchain analytics firm Arkham has disclosed that a previously unreported hack of the Chinese mining pool LuBian in December 2020 resulted in the theft of 127,426 BTC, valued at approximately $3.5 billion at the time. This incident is now recognised as the largest cryptocurrency theft ever, with the stolen amount currently worth around $14.5 billion.
Arkham noted that neither LuBian nor the hacker has publicly acknowledged the breach.
The hack, which drained nearly all of LuBian’s assets, went unreported for over four years. Once a top-ten mining pool responsible for 6% of Bitcoin’s hash rate, LuBian mysteriously ceased operations in early 2021. While its closure was initially attributed to regulatory pressures, it is now believed to have been a consequence of this catastrophic hack.
According to Arkham, the initial breach in December 2020 compromised over 90% of LuBian’s BTC. Later that month, an additional $6 million worth of BTC and USDT was taken from a LuBian address active on the Bitcoin Omni layer. By the end of December 2020, the miner attempted to transfer their remaining funds to recovery wallets.
Arkham suggests that the hack was made possible by weak private key generation, which was susceptible to brute-force attacks. LuBian made several attempts to recover the stolen assets, sending over 1,500 small transactions containing 1.4 BTC each, pleading for the return of the funds, but the hacker did not respond.
LuBian retained 11,886 BTC, currently valued at $1.35 billion, which they still hold. However, the hacker continues to possess the stolen BTC, with the last known activity being a wallet consolidation in July 2024.
This significant theft positions the LuBian hacker as the 13th largest Bitcoin holder on Arkham, surpassing the infamous Mt. Gox hacker.
Cybersecurity firm Certik reported that approximately $153 million was lost to various exploits and scams in July alone. Of this, $86.6 million was linked to incidents involving exchanges, while $55.4 million was attributed to vulnerabilities in code.
Meanwhile, Hacken reported that $3.1 billion has been lost in the first half of 2025, marking DeFi’s worst quarter since early 2023. A notable increase in social engineering and AI-driven attacks has been identified as a key factor behind these rising losses, which have already surpassed totals from all of 2024.
