Silent Giant: $3.5B LuBian Hack Hid in Plain Sight Since 2020

In a revelation shaking the crypto industry, blockchain analytics firm Arkham has uncovered one of the largest known Bitcoin theft in history - a 2020 breach of the Chinese mining pool LuBian that netted hackers 127,426 BTC, worth $3.5 billion at the time and $14.5 billion today. Despite controlling nearly 6% of the Bitcoin network’s hash rate in 2020, LuBian never disclosed the hack, and it remained hidden for over four years until Arkham’s on-chain analysis exposed it. The breach appears to have exploited weak, brute-forceable private keys, draining over 90% of LuBian’s holdings in a single day. In a bizarre twist, LuBian sent over 1,500 blockchain messages directly to the hacker’s wallets, pleading for the return of funds - with no reply. Both the stolen BTC and the surviving 11,886 BTC LuBian retained remain untouched, the hacker now ranking as the 13th largest Bitcoin holder in the world. The disclosure underscores how massive sums can sit undetected on-chain, and how blockchain sleuthing - even from firms outside the “usual suspects” of the industry - can bring them to light years later.

Teen Spy’s Wallet Ties FSB to Darknet and Garantex

Reuters recently exposed the case of Canadian teenager Laken Pavan, recruited by Russia’s FSB for spying across Europe, but the crypto side of the story runs deeper. Global Ledger’s blockchain investigation revealed that Pavan’s Bitcoin payments came from a structured laundering network linked to FSB-controlled wallets, using splitting, mixing, and obfuscation tactics to hide the funds’ origins. Even a $74 transaction labeled as from his “Mom” showed signs of deliberate concealment, passing through more than 15 wallets tied to centralized exchanges and payment services. After Pavan’s arrest in May 2024, his wallet continued to receive BTC routed through darknet platforms such as Kraken Darknet and OMG!OMG!, pointing to possible third-party control. Some of the upstream funds tied to the case also intersected with the sanctioned Russian exchange Garantex, further embedding the story within Russia’s illicit finance ecosystem.

More weekly top stories:

Crypto risk in MENA beyond Western models

Blog Post by Crystal Intelligence →

How Telegram’s Ban on Huione and Xinbi Has Reshaped the Guarantee Services Landscape

Story by TRM →

Inca Digital joins Circle Alliance Program

LI Post by Inca Digital →

Chainalysis offers the AI helper for it's suite (Rapid)

Blog Post by Chainalysis

More stories from this week:

Global Ledger partners with CryptoSwift (Travel Rule)

Merkle Science Partners with VerifiedX

Global Ledger partners with Diameter Pay

Chainalysis partners with Cantor Fitzgerald for the launch of their Bitcoin financing business.

See you next week!

Keep Reading

No posts found

© 2025 Cryptostigation.

Privacy policy

Terms of use

Powered by beehiiv