Original Author: National Computer Virus Emergency Response Center

On December 29, 2020, the LuBian mining pool experienced a major hacking incident, resulting in the theft of a total of 127,272.06953176 bitcoins (valued at approximately $3.5 billion at the time, now worth $15 billion). The holder of this large amount of bitcoin is Chen Zhi, the chairman of the Cambodian Prince Group. After the hacking incident, Chen Zhi and his Prince Group released messages on the blockchain multiple times in early 2021 and July 2022, appealing to the hackers to return the stolen bitcoins and expressing a willingness to pay a ransom, but received no response. Strangely, after the theft, this large amount of bitcoin remained dormant in wallets controlled by the attackers for four years, with almost no movement, which clearly does not align with typical hacker behavior eager to cash out for profit, but rather resembles a precise operation orchestrated by a "state-level hacker organization." It wasn't until June 2024 that this stolen bitcoin was transferred to a new bitcoin wallet address, and it has remained untouched since.

On October 14, 2025, the U.S. Department of Justice announced criminal charges against Chen Zhi and stated that it would seize 127,000 bitcoins from him and his Prince Group. Various pieces of evidence indicate that the large amount of bitcoin seized by the U.S. government is precisely the bitcoin from the LuBian mining pool that was stolen by hackers back in 2020. In other words, the U.S. government may have seized the 127,000 bitcoins held by Chen Zhi through hacking techniques as early as 2020, marking a typical "black eat black" incident orchestrated by a state-level hacker organization. This report analyzes the key technical details of the incident from a technical perspective, focusing on the origins of the stolen bitcoins, reconstructing the complete attack timeline, and assessing the security mechanisms of bitcoin, hoping to provide valuable security insights for the cryptocurrency industry and its users.

I. Background of the Incident

The LuBian mining pool (LuBianminingpool) was established in early 2020 and quickly rose as a bitcoin mining pool, primarily operating in China and Iran. In December 2020, the LuBian mining pool suffered a large-scale hacking attack, resulting in the theft of over 90% of its bitcoin holdings. The total amount stolen was 127,272.06953176 BTC, which closely matches the 127,271 BTC mentioned in the U.S. Department of Justice's indictment.

The operational model of the LuBian mining pool includes centralized storage and distribution of mining rewards. The bitcoins in the pool are not stored in regulated centralized exchanges but exist in non-custodial wallets. From a technical perspective, non-custodial wallets (also known as cold wallets or hardware wallets) are considered the ultimate safe haven for crypto assets, as they cannot be frozen by a legal order like exchange accounts; they are more like a bank vault that belongs solely to the holder, with the keys (private keys) only in the holder's possession.

As a cryptocurrency, bitcoin's on-chain addresses are used to identify the ownership and flow of bitcoin assets. Mastering the private key of an on-chain address allows complete control over the bitcoins in that address. According to reports from on-chain analysis firms, the large amount of bitcoin controlled by the U.S. government that belongs to Chen Zhi highly overlaps with the hacking incident at the LuBian mining pool. On-chain data records show that on December 29, 2020, Beijing time, there was an abnormal transfer from LuBian's core bitcoin wallet address, with a total transfer amount of 127,272.06953176 BTC, which closely matches the 127,271 BTC mentioned in the U.S. Department of Justice's indictment. After this batch of stolen bitcoins was transferred, it remained dormant until June 2024. Between June 22 and July 23, 2024, this batch of stolen bitcoins was transferred again to new on-chain addresses, and it has remained untouched since. The well-known blockchain tracking tool platform ARKHAM has marked these final addresses as being held by the U.S. government. Currently, the U.S. government has not disclosed how it obtained the private keys for Chen Zhi's large bitcoin on-chain addresses in the indictment.

Figure 1: Key Activity Timeline

II. Attack Link Analysis

It is well known that in the world of blockchain, random numbers are the cornerstone of cryptographic security. Bitcoin uses asymmetric encryption technology, and the bitcoin private key is a string of 256-bit binary random numbers, theoretically requiring 2^256 attempts to crack, which is nearly impossible. However, if this 256-bit binary private key is not completely randomly generated, for example, if 224 bits follow a specific pattern that can be deduced and only 32 bits are randomly generated, it would significantly reduce the strength of the private key, requiring only 2^32 (approximately 4.29 billion) attempts to brute-force crack it. For instance, in September 2022, the UK cryptocurrency market maker Wintermute was hacked for $160 million due to a similar pseudo-random number vulnerability.

In August 2023, an overseas security research team, MilkSad, first disclosed the discovery of a third-party key generation tool with a pseudo-random number generator (PRNG) vulnerability and successfully applied for a CVE number (CVE-2023-39910). In the research report released by this team, it was mentioned that the LuBian bitcoin mining pool had a similar vulnerability, as all 25 bitcoin addresses mentioned in the U.S. Department of Justice's indictment were included in the addresses of the hacked LuBian bitcoin mining pool.

Figure 2: List of 25 Bitcoin Wallet Addresses in the U.S. Department of Justice's Indictment

As a non-custodial wallet system, the LuBian bitcoin mining pool's wallet addresses rely on a custom private key generation algorithm to manage funds. The private key generation did not use the recommended 256-bit binary random number standard but relied on a 32-bit binary random number, which has a fatal flaw: it depends on a timestamp or weak input as a seed for the "pseudo-random generator" MersenneTwister (MT19937-32). A pseudo-random number generator (PRNG) is equivalent to the randomness of a 4-byte integer, which can be efficiently exhausted in modern computing. Mathematically, the probability of cracking is 1/2^32; for example, if an attack script tests 10^6 keys per second, the cracking time would be approximately 4200 seconds (about 1.17 hours). In practice, optimization tools like Hashcat or custom scripts can further accelerate this process. The attackers exploited this vulnerability to steal the large amount of bitcoin from the LuBian mining pool.

Figure 3: Comparison Table of LuBian Mining Pool and Industry Security Standards Defects

Through technical tracing, the complete timeline and related details of the LuBian mining pool's hacking incident are as follows:

1. Attack and Theft Phase: December 29, 2020, Beijing Time

Event: Hackers exploited the pseudo-random number vulnerability in the LuBian mining pool's bitcoin wallet address private key generation to brute-force crack over 5,000 weak random wallet addresses (wallet type: P2WPKH-nested-in-P2SH, prefix 3). Within approximately 2 hours, about 127,272.06953176 BTC (valued at about $3.5 billion at the time) was drained from these wallet addresses, leaving less than 200 BTC. All suspicious transactions shared the same transaction fee, indicating that the attack was executed by an automated batch transfer script.

Sender: Group of weak random bitcoin wallet addresses from the LuBian mining pool (controlled by the LuBian mining operation entity, belonging to Chen Zhi's Prince Group);

Receiver: Group of bitcoin wallet addresses controlled by the attackers (addresses not disclosed);

Transfer Path: Weak wallet address group → Attacker wallet address group;

Correlation Analysis: The total amount stolen was 127,272.06953176 BTC, which closely matches the 127,271 BTC mentioned in the U.S. Department of Justice's indictment.

2. Dormant Phase: December 30, 2020, to June 22, 2024, Beijing Time

Event: After being stolen through the pseudo-random number vulnerability in 2020, this batch of bitcoins remained in wallets controlled by the attackers for nearly 4 years, in a dormant state, with only a fraction of dust transactions possibly used for testing.

Correlation Analysis: This batch of bitcoins remained almost untouched until it was fully taken over by the U.S. government on June 22, 2024, which clearly does not align with the typical nature of hackers eager to cash out for profit, but rather resembles a precise operation orchestrated by a state-level hacker organization.

3. Recovery Attempt Phase: Early 2021, July 4 and 26, 2022, Beijing Time

Event: After the theft of this batch of bitcoins, during the dormant period, in early 2021, the LuBian mining pool sent over 1,500 messages (costing about 1.4 BTC in fees) through the Bitcoin OPRETURN function, embedding them in the blockchain data area, pleading with the hackers to return the funds. Message example: "Please return our funds, we'll pay a reward." On July 4 and 26, 2022, the LuBian mining pool again sent messages through the Bitcoin OPRETURN function, with message examples: "MSG from LB. To the white hat who is saving our asset, you can contact us through 1228BTC@gmail.com to discuss the return of asset and your reward."

Sender: LuBian weak random bitcoin wallet addresses (controlled by the LuBian mining operation entity, belonging to Chen Zhi's Prince Group);

Receiver: Group of bitcoin wallet addresses controlled by the attackers;

Transfer Path: Weak wallet address group → Attacker wallet address group; small transactions embedded in OP_RETURN;

Correlation Analysis: After the theft incident, these messages confirm that the LuBian mining pool, as the sender, made multiple attempts to contact "third-party hackers" to request the return of assets and discuss ransom matters.

4. Activation and Transfer Phase: June 22 to July 23, 2024, Beijing Time

Event: The bitcoins in the group of wallet addresses controlled by the attackers were activated from their dormant state and transferred to the final bitcoin wallet addresses. The final wallet addresses have been marked by the well-known blockchain tracking tool platform ARKHAM as being held by the U.S. government.

Sender: Group of bitcoin wallet addresses controlled by the attackers;

Receiver: New consolidated final wallet address group (not disclosed, but confirmed to be controlled by the U.S. government);

Transfer Path: Attacker-controlled bitcoin wallet address group → U.S. government-controlled wallet address group;

Correlation Analysis: This batch of stolen bitcoins, which remained dormant for 4 years with almost no movement, was ultimately controlled by the U.S. government.

5. Announcement of Seizure Phase: October 14, 2025, U.S. Local Time

Event: The U.S. Department of Justice issued an announcement, stating that it had charged Chen Zhi and "seized" the 127,000 bitcoins he held.

At the same time, through the public mechanism of blockchain, all bitcoin transaction records are fully public and traceable. Based on this, this report traces the source of the large amount of bitcoin stolen from the LuBian weak random bitcoin wallet addresses (controlled by the LuBian mining operation entity, possibly belonging to Chen Zhi's Prince Group). The total number of stolen bitcoins amounts to 127,272.06953176, with sources including: approximately 17,800 from independent "mining," about 2,300 from mining pool salary income, and 107,100 from exchanges and other channels. Preliminary results indicate discrepancies with the U.S. Department of Justice's indictment, which claims all sources are from illegal income.

III. Vulnerability Technical Detail Analysis

1. Bitcoin Wallet Address Private Key Generation:

The core of the LuBian mining pool vulnerability lies in its private key generator, which uses a defect similar to the "MilkSad" flaw in LibbitcoinExplorer. Specifically, the system employs the MersenneTwister (MT19937-32) pseudo-random number generator, initialized with only a 32-bit seed, resulting in effective entropy of only 32 bits. This PRNG is not cryptographically secure, making it easy to predict and reverse-engineer. Attackers can enumerate all possible 32-bit seeds (0 to 2^32-1), generate corresponding private keys, and check for matches with known wallet address public key hashes.

In the bitcoin ecosystem, the private key generation process typically involves: random seed → SHA-256 hash → ECDSA private key.

The implementation of the LuBian mining pool's foundational library may be based on custom code or open-source libraries (such as Libbitcoin), but it neglects the security of entropy. The similarity to the MilkSad vulnerability is that the "bxseed" command in LibbitcoinExplorer also uses the MT19937-32 random number generator, relying solely on timestamps or weak inputs as seeds, leading to private keys being vulnerable to brute-force attacks. In the LuBian attack incident, over 5,000 wallets were affected, indicating that the vulnerability is systemic and may stem from code reuse during bulk wallet generation.

2. Simulated Attack Process:

(1) Identify target wallet addresses (by monitoring LuBian mining pool activity on-chain);

(2) Enumerate 32-bit seeds: for seed in 0 to 4294967295;

(3) Generate private key: private_key = SHA256(seed);

(4) Derive public key and address: calculated using ECDSA SECP256k1 curve;

(5) Match: If the derived address matches the target, use the private key to sign the transaction and steal funds;

Comparison with similar vulnerabilities: This vulnerability is akin to the 32-bit entropy flaw in TrustWallet, which led to large-scale bitcoin wallet address compromises; the "MilkSad" vulnerability in LibbitcoinExplorer also exposed private keys due to low entropy. These cases stem from legacy issues in early codebases that did not adopt the BIP-39 standard (12-24 word seed phrases providing high entropy). The LuBian mining pool may have used a custom algorithm aimed at simplifying management but overlooked security.

Defense Gaps: The LuBian mining pool did not implement multi-signature (multisig), hardware wallets, or hierarchical deterministic wallets (HD wallets), all of which could enhance security. On-chain data shows that the attack covered multiple wallets, indicating a systemic vulnerability rather than a single point of failure.

3. On-Chain Evidence and Recovery Attempts:

OPRETURN Messages: The LuBian mining pool sent over 1,500 messages through Bitcoin's OPRETURN function, costing 1.4 BTC, pleading with attackers to return the funds. These messages embedded in the blockchain prove to be actions of the real owner, not forgeries. Example messages include "Please return the funds" or similar requests, distributed across multiple transactions.

4. Attack Correlation Analysis:

The U.S. Department of Justice's criminal indictment against Chen Zhi (case number 1:25-cr-00416) on October 14, 2025, listed 25 bitcoin wallet addresses holding approximately 127,271 BTC, with a total value of about $15 billion, which have been seized. Through blockchain analysis and official document review, these addresses are highly correlated with the LuBian mining pool attack incident:

Direct Correlation: Blockchain analysis shows that the 25 addresses in the U.S. Department of Justice's indictment are indeed the final holding addresses for the bitcoins stolen in the 2020 attack on the LuBian mining pool. An Elliptic report indicated that these bitcoins were "stolen" from the LuBian mining pool's mining operations in 2020. Arkham Intelligence confirmed that the funds seized by the U.S. Department of Justice directly originated from the LuBian mining pool theft.

Indictment Evidence Correlation: Although the U.S. Department of Justice's indictment does not directly name the "LuBian hack," it mentions that the funds originated from "the stolen attacks on bitcoin mining operations in Iran and China," which aligns with the on-chain analysis from Elliptic and Arkham Intelligence.

Attack Behavior Correlation: From the perspective of attack methods, the large amount of bitcoin from the LuBian mining pool was stolen through a technical attack in 2020 and remained dormant for 4 years, with only a fraction of dust transactions occurring during that time. It was almost untouched until it was fully taken over by the U.S. government in 2024, which does not conform to the typical nature of hackers eager to cash out for profit, but rather resembles a precise operation orchestrated by a state-level hacker organization. Analysis suggests that the U.S. government may have controlled this batch of bitcoins as early as December 2020.

IV. Impact and Recommendations

The impact of the LuBian mining pool's hacking incident in 2020 is profound, leading to the actual dissolution of the mining pool, with losses amounting to over 90% of its total assets at the time, while the current value of the stolen bitcoins has risen to $15 billion, highlighting the amplified risks of price volatility.

The LuBian mining pool incident exposes systemic risks in the random number generation within the cryptocurrency toolchain. To prevent similar vulnerabilities, the blockchain industry should use cryptographically secure pseudo-random number generators (CSPRNGs); implement multi-layer defenses, including multi-signature (multisig), cold storage, and regular audits, avoiding custom private key generation algorithms; mining pools should integrate real-time on-chain monitoring and abnormal transfer alert systems. Ordinary users should avoid using unverified key generation modules from open-source communities. This incident also reminds us that even with high transparency in blockchain, weak security foundations can lead to catastrophic consequences. It also reflects the importance of cybersecurity in the future development of the digital economy and digital currency.

免责声明：本文章仅代表作者个人观点，不代表本平台的立场和观点。本文章仅供信息分享，不构成对任何人的任何投资建议。用户与作者之间的任何争议，与本平台无关。如网页中刊载的文章或图片涉及侵权，请提供相关的权利证明和身份证明发送邮件到support@aicoin.com，本平台相关工作人员将会进行核查。