Blockchain analytics firm Arkham has revealed that a previously unknown hack of Chinese mining pool LuBian in December 2020 resulted in the theft of 127,426 BTC worth around $3.5 billion at the time.
This makes it the largest crypto theft in history, Arkham stated, and the haul today would be worth a whopping $14.5 billion.
Neither LuBian nor the hacker has publicly acknowledged the hack, the firm stated.
BREAKING: ARKHAM UNCOVERS $3.5B HEIST – THE LARGEST EVER
LuBian was a Chinese mining pool with facilities in China & Iran. Based on analysis of on-chain data, it appears that 127,426 BTC was stolen from LuBian in December 2020, worth $3.5 billion at the time and now worth pic.twitter.com/PnIOKgMt0i
Arkham (@arkham) August 2, 2025
The breach went unreported for over four years despite draining nearly all of LuBians holdings. The mining pool, which was once top-ten globally with 6% of Bitcoins hash rate, mysteriously shut down in early 2021.The closure was previously attributed to regulatory pressure, but is now understood to be the result of this catastrophic hack.
Arkham reported that the mining pool appears to have been first hacked in December 2020 for over 90% of its BTC. Later that month, around $6 million of additional BTC and USDT was stolen from a LuBian address active on the Bitcoin Omni layer.The miner rotated their remaining funds to recovery wallets at the end of December 2020.
Arkham believes the theft was enabled by weak private key generation, vulnerable to brute-force attacks. LuBian made desperate attempts to recover the funds, sending over 1,500 small transactions with 1.4 BTC with messages pleading for the return of the funds, but the hacker never responded.
LuBian preserved 11,886 BTC, currently worth $1.35 billion, which they still hold; however, the hacker also still holds the stolen BTC, with their last known movement being a wallet consolidation in July 2024.
The massive heist makes the LuBian hacker the 13th largest Bitcoin holder on Arkham, ahead of the Mt. Gox hacker, it stated.
Cybersecurity firm Certik reported that around $153 million was lost, combining all the exploits and scams in July.
Around $86.6 million was attributed to incidents involving exchanges, while $55.4 million was lost in incidents related to code vulnerabilities, it revealed.
#CertiKStatsAlert
Combining all the incidents in July weve confirmed ~$153M lost to exploits and scams.
~$86.6M is attributed to incidents involving exchanges.
Incidents related to code vulnerabilities represent ~$55.4M losses.
More details below pic.twitter.com/1EsEFmZa1f
CertiK Alert (@CertiKAlert) August 2, 2025
Meanwhile, Hacken reported that $3.1 billion has been lost in the first six months of 2025, and it was DeFis worst quarter since early 2023.
A surge in social engineering and AI-driven attacks was to blame for the losses, which have already exceeded those in all of 2024, it stated.