In October, China accused the US of orchestrating $13 billion crypto hack from China-based LuBian, one of the largest hacks in history, on one of the largest mining pools on Earth, controlling almost ~6% of the Bitcoin network’s hashrate.
Neither LuBian, nor the hacker/s acknowledged the hack, until Arkham Intelligence uncovered it and announced the discovery with much ado on Augusts 2, 2025.
The hacker/s didn’t touch the funds during 4 years, which is highly unusual and indicates an actor with funds sufficient to let a multi-billion dollar treasure chest sit on the back burner.
Then, in June 2024, the funds moved into a new wallet, where they remained.
Later, on October 14, 2025, the Trump Department of Justice (DoJ) indicted a guy named Chen Zhi and stated they had seized the Bitcoin stockpile.
LuBian’s Own Goal or Nefarious State Actor?
The hacker was able to model the keys of multiple operational wallets because LuBian used poor entropy source for private key generation.
The Department of Justice filed a related civil forfeiture complaint seizing the 127,272 Bitcoin, making it the largest forfeiture action by the U.S. The announcement by the DOJ reads, in part: “As alleged, the defendant was the mastermind behind a sprawling cyber-fraud empire operating under the Prince Group umbrella, a criminal enterprise built on human suffering. Trafficked workers were confined in prison-like compounds and forced to carry out online scams on an industrial scale, preying on thousands worldwide, including many here in the United States.”
The U.S. government alleges the tokens are related to Chen Zhi, the chair of Prince Group, the Cambodian conglomerate, which operates a pig-butchering empire based on slave labor. Since a substantial number of the victims of Chen’s schemes were American citizens, the DOJ indicted Chen for a battery of charges associated with money laundering, wire fraud, and conspiracy.
Pig-butchering is not a new business, but the scope has expanded significantly, much to the horror of law enforcement professionals, policymakers, and the general public. This case exemplifies the scale and ruthlessness of the largest-scale operations.
It’s no wonder there’s a squabble over the proceeds. For comparison’s sake, witness the “fierce battle over the Holy Grail of shipwrecks” between the governments of Spain and Colombia, and a group of American investors, with a pot of gold worth an estimated $10 billion.
LuBian’s Massive Mining Pool
The mining pool was about to close its first year of operation in China and Iran with a bang, but instead, over 90% of its bitcoin holdings were stolen in December 2020. According to Arkham Intelligence’s analysis, “They appear to have been first hacked on December 28th, 2020 for over 90% of their BTC. Subsequently, on December 29th, around $6M of additional BTC & USDT was stolen from a LuBian address active on Bitcoin Omni layer.”
Arkham Intelligence noted LuBian spent 1.4 BTC on sending 1,500 desperate OP_RETURN messages, which are microtransactions embedded in metadata, begging and pleading with the hacker to return the funds.
Bitget posted an analysis by the National Computer Virus Emergency Response Center, which wrote, “According to reports from on-chain analysis institutions, the massive bitcoins controlled by the U.S. government and belonging to Chen Zhi highly overlap with the bitcoins stolen in the LuBian mining pool hacking incident.”
Who Dunnit? Clues Abound
The report noted, “In August 2023, a foreign security research team named MilkSad publicly disclosed the discovery of a third-party key generation tool with a pseudorandom number generator (PRNG) vulnerability and successfully obtained a CVE number (CVE-2023-39910). In a research report released by this team, it was mentioned that the LuBian Bitcoin mining pool had a similar vulnerability. Among the LuBian Bitcoin mining pool addresses exposed in the hack disclosed, all 25 Bitcoin addresses mentioned in the U.S. Department of Justice indictment were included.”
Arkham Intelligence observed, “On December 29, 2020, UTC, an unusual transfer occurred from LuBian’s core Bitcoin wallet address, with a total transfer amount of 127272.06953176 BTC, closely matching the 127271 BTC mentioned in the U.S. Department of Justice indictment. After this stolen Bitcoin was transferred, it remained dormant until June 2024. Between June 22 and July 23, 2024, this stolen Bitcoin was once again moved to new on-chain addresses and has remained untouched since. The well-known U.S. blockchain tracking tool platform ARKHAM has identified these final addresses as being held by the U.S. government. Currently, the U.S. government has not disclosed how they obtained Chen Zhi’s substantial Bitcoin on-chain address private key as stated in the indictment.”
According to the Japan Times, the U.S. has declined to say when or how the Bitcoin was seized, which is notable.
The Chinese Cybersecurity Agency wrote, “The U.S. government may have already used hacking techniques as early as 2020 to steal the 127,000 Bitcoins held by Chen Zhi. This is a classic ‘black eats black’ operation orchestrated by a state-level hacking organization.”
A Crescendo of Complaints by China
No one has officially shown that this was a U.S. government black op, but it certainly has a certain consistency with that type of operation, which would go unacknowledged. It’s not out of the realm of possibility that the U.S. government had identified Chen’s holdings and wanted to weaken his pig-butchering activities. The most obvious place to hit a guy like Chen would be in the wallet.
In August, China said the U.S. attacked Chinese companies, using a vulnerability in the servers of Microsoft Exchange. In early November, China blamed the U.S. for a cyber attack on the National Time Service Center.
We cannot confirm nor deny that the U.S. government is carrying out an aggressive, offensive cyber campaign against China.
Author: Tim Tolka, Senior Reporter
#Crypto #Blockchain #DigitalAssets #DeFi
The editorial team at #DisruptionBanking has taken all precautions to ensure that no persons or organizations have been adversely affected or offered any sort of financial advice in this article. This article is most definitely not financial advice.
See Also:
Why Are Pig Butchering Scams On The Rise? | Disruption Banking
