Uncovering the Quiet Exit: How Lubian's $3.5 Billion Bitcoin Heist Was Hidden in Plain Sight
In a shocking revelation, blockchain analytics firm Arkham has uncovered a previously undisclosed theft of 127,000 Bitcoins, worth a staggering $3.5 billion at the time, which is now believed to be the largest crypto theft in history. The heist, which occurred on December 28, 2020, was linked to the sudden disappearance of Chinese mining pool Lubian, which had been a top-10 player in the industry just months prior.
Lubian's mysterious shutdown in early 2021 sparked speculation about regulatory pressure in China and Iran, where many of its machines were reportedly located. However, Arkham now suggests that the shutdown was directly caused by a catastrophic breach, likely enabled by weak private key generation vulnerable to brute-force attacks. This revelation comes as no surprise given the growing number of high-profile crypto thefts in recent years.
The hacker behind the heist took advantage of Lubian's weaknesses and drained nearly all of its holdings before sending over 1,500 small Bitcoin transactions that included messages asking for the stolen funds to be returned. The pool also rotated what remained of its Bitcoin into recovery wallets as a last-ditch attempt to mitigate the damage.
However, the hacker has yet to move the stolen coins beyond a 2024 consolidation, leaving the full extent of the theft and its impact on the crypto market still largely unknown. With the stolen Bitcoin now worth over $14.5 billion, the attacker ranks among the largest Bitcoin holders in the world, ahead of several nation-state treasuries and even the infamous Mt. Gox hacker.
The incident highlights the growing threat of crypto thefts and the need for greater security measures to protect users' assets. As the crypto landscape continues to evolve, it's clear that hackers will stop at nothing to exploit vulnerabilities in the system. Arkham's discovery serves as a stark reminder of the importance of vigilance and cooperation between industry players to prevent such incidents.
The revelation comes amid a historic surge in crypto-related thefts. In the first half of 2025 alone, hackers stole more than $3.1 billion across web3 platforms, with $1.83 billion tied to so-called access control attacks. These exploits often involve compromised infrastructure or admin credentials, and increasingly bypass traditional safeguards like multi-signature wallets.
The sheer scale of these thefts demands attention from regulatory bodies and industry leaders alike. As the crypto market continues to grow in size and complexity, it's essential that we prioritize security and work together to create a safer, more resilient ecosystem for all users.