A bombshell revelation has rocked the crypto community. Blockchain intelligence firm Arkham has uncovered a long-concealed $3.5 billion Bitcoin hack from 2020—making it the largest crypto theft in history.

The victim? LuBian, a Chinese Bitcoin mining pool that briefly ranked as the sixth-largest globally at the time. The hack went completely unreported for years—by both the hackers and LuBian—until Arkham retroactively traced the stolen funds.

127,426 BTC Stolen—Now Worth $14.5 Billion

According to Arkham’s analysis, 127,426 BTC were stolen from LuBian on December 28, 2020, when Bitcoin was valued at around $27,500. At today’s prices, the stolen stash would be worth approximately $14.5 billion.

The hacker managed to siphon off nearly 90% of LuBian’s funds before the mining pool salvaged 11,886 BTC into recovery wallets.

What makes this attack even more astonishing is the total secrecy that followed. No announcements, no alerts—just silence.

How Was the Hack Executed?

Arkham investigators believe the root cause was a vulnerable private key generation algorithm. The team stated:

“It appears that LuBian was using an algorithm to generate its private keys that was susceptible to brute-force attacks. This may have been the vulnerability exploited by the hackers.”

As a warning to the attacker—or a cryptic message—LuBian embedded 1,516 OP_RETURN messages across the hacker’s wallet addresses. This move cost the pool around 1.4 BTC in fees but served as digital breadcrumbs marking the event.

ByBit, SafeWallet, and the Elderly Victim: 2025’s Hack-Filled Year

Although previously ByBit’s $1.5 billion hack in February 2025 held the title of the largest crypto heist, the newly uncovered LuBian attack dwarfs it. The ByBit breach was linked to a compromised developer machine at SafeWallet, where AWS tokens were exploited to gain unauthorized access.

In another high-profile case, an elderly victim lost $330 million in Bitcoin to a social engineering attack in April. That BTC was laundered through more than 300 wallets, with only $7 million recovered.

These attacks underscore the need for robust security practices, particularly around key generation algorithms and insider threat management.

Lessons for the Industry

The LuBian revelation shines a harsh spotlight on crypto custodial practices, reminding both individuals and institutions of the dangers of weak cryptographic protections.

Key takeaways:

• Always use strong, battle-tested random number generators for private key creation.
• Implement layered, real-time monitoring and alerts.
• Keep backup recovery systems fully offline and tamper-proof.

Summary

The resurfacing of the LuBian hack serves as a wake-up call to the entire industry. With over $14.5 billion in potential losses, it stands as a historic event in crypto’s still-young timeline—and a reminder that transparency, key management, and cyber hygiene are not optional in the world of digital assets.