Source: Arkham
However, paradoxically, LuBian was suddenly suspected of having 127,426 bitcoins stolen in December 2020.
Why suspected? Because neither LuBian nor the hacker publicly acknowledged the hack. Only the on-chain intelligence platform Arkham publicly reported the incident for the first time. Moreover, Lubian disappeared shortly after the attack and abruptly shut down its mining pool business in February 2021. Therefore, the outside world has always speculated whether external hackers stole the black money, or the controllers of the pig-killing scam staged a scam themselves, transferring the stolen funds out of the mining pool in an attempt to create the illusion of "theft". In any case, this batch of priceless Bitcoins remained dormant on the chain for more than three years, becoming an unsolved case. Until July 2024, approximately 127,000 BTC suddenly completed a large-scale centralized transfer and collection. After comparison, these addresses were found to be the destination of the "stolen" funds from Lubian in 2020. A closer look reveals an extremely subtle timing: it happened just before the joint crackdown by law enforcement agencies in the United States, Cambodia, and multiple Southeast Asian countries.
According to the 25 wallet addresses listed in the U.S. Department of Justice's civil forfeiture lawsuit, they are indeed highly consistent with the hacker addresses in the Lubian mining pool theft case. In other words,
the U.S. government has determined that these BTC were not stolen by hackers, but were obtained by the fraud group and its accomplices through money laundering through Lubian.
Source: Milk Sad
Of course, the real mystery lies in that, while the actual controller of the fraud group is still theoretically at large, the US government already has the relevant private keys. Cobo co-founder Shenyu believes that law enforcement agencies did not obtain the private keys through brute force or intrusion, but rather because Lubian used a seriously flawed pseudo-random algorithm in its operations, which made the private keys generated by the Lubian wallet predictable.
In short, the "confiscation" of this astronomical asset was caused by a vulnerability in the private key random number, not a problem with Bitcoin's underlying mechanism.
So what exactly is randomness?
In the blockchain world, a private key is essentially a 256-bit binary number, a number so large that it is almost abstract -
its theoretical size is 2 to the power of 256, far exceeding the number of atoms in the universe. This is what ensures that the possibility of a private key being brute-forced is theoretically close to zero:
Randomness is the "unpredictability" of the giant number used to generate the key, seed, or mnemonic. In other words, a secure private key must be generated completely randomly, that is, one must be truly randomly and uniformly drawn from the possible 2 to the power of 256.
If this extraction process is completely random, then it is almost impossible for an attacker to collide with your private key by enumeration, guessing, or repeated generation, but the problem is that
once the randomness is insufficient, the predictability will increase significantly, the scope of brute force cracking will become smaller, and the private key will be easy to guess.
For example, when the random source (i.e., seed) used in private key generation is too weak and comes from a predictable source (such as timestamp, fixed hardware count, easy-to-infer variables), the range of generated private keys will be narrowed to a very small set that is predictable and enumerable. A mainstream wallet was once exposed in its early version that the iOS version used a library that only used timestamps as initial entropy in the production environment, making some wallet private keys extremely easy to restore through brute force search. In fact, the loss of crypto assets caused by weak random numbers is nothing new. As early as 2015, the hacker group Blockchain Bandit exploited faulty random number generators and program code vulnerabilities to systematically search for weak private keys, successfully scanning more than 700,000 vulnerable wallet addresses and stealing more than 50,000 ETH from them. According to Milk Sad's research, a comprehensive review of wallet history within the 256-bit range is simply astonishing - at the historical high on November 5, 2020, the cumulative number of Bitcoins stored in weak random wallets in this range exceeded 53,500 BTC! Even more outrageous is that even after the vulnerability was made public, some people still continue to transfer funds to these known weak addresses... Overall, these incidents are not due to the fragility of the Bitcoin protocol itself, but rather to the implementation layer (wallets, mining pools, key management systems) failing to comply with cryptographic-level entropy requirements when generating private keys or incorrectly migrating test code to the production environment, thus turning the originally inexhaustible safe into a target for investigation. How to build a solid security line of defense? As mentioned above, for wallets, the key to security lies in pseudo-randomness. As long as imToken uses the same cryptographic-grade random algorithm as bank-grade security, ensuring it is unpredictable, irreproducible, and irreversible, it will be secure. It's worth noting that imToken's private key generation logic has been fully open source (the TokenCore codebase) since October 2018. On Android and iOS, it directly calls the secure random number generator provided by the underlying operating system. Taking iOS as an example, system entropy comes from statistical data on system kernel events over time, including touch input, CPU interrupts, clock jitter, sensor noise, and more. These parameters vary every millisecond, and even the system itself cannot reproduce them. Therefore, the private keys generated by imToken are "unpredictable, unreproducible, and irreversible," eliminating the risk of pseudo-randomness at the entropy source level. This is also the fundamental reason why imToken users are not affected by vulnerabilities like the Lubian incident.
Of course, technical security is only the foundation. In order to further understand and avoid security risks, the following points are also crucial:
Give priority to the use of time- and community-verified, open-source and audited non-custodial wallets (such as imToken); Users with the conditions should give priority to hardware wallets (such as imKey) to further isolate private key generation and network risks. For example, the hardware wallet imKey takes randomness security one step further—its private key is generated directly by a physical True Random Number Generator (TRNG) within the security chip. The Infineon SLE 78CLUFX5000PH security chip (SLE78 series) employed has passed the German BSI AIS 31 PTG.2 certification. This standard, the highest level of security assessment for physical entropy sources, requires that random sources undergo statistical testing, entropy modeling, and online health checks to ensure the quality of randomness used for cryptographic key generation. In other words, imKey's private key is generated and stored within the security chip and never leaves the chip's boundaries. Its randomness source is based on physical noise and does not rely on any software or external seeds. This means that even an attacker with complete control over the device system cannot predict or reproduce its private key.
Also, do not take screenshots, copy and paste, or save your mnemonic phrases and private keys to cloud drives or chat logs.Never reveal your mnemonic phrases or private keys to anyone. We also recommend handwriting your mnemonic phrases and storing them in a secure offline location. You can use a stainless steel mnemonic pad to prevent moisture, fire, and corrosion, and make multiple backups in at least 2-3 safe locations.
Finally, be wary of phishing and malicious plugins.Public keys can be made public, but be sure to verify the link when accessing wallets or signing, and avoid installing plugins or apps from unknown sources on your device.
Objectively speaking, in the glamorous world of crypto, every major security incident is a valuable public education lesson.
One could even say that Web3 security itself is a long-term battle against time and probability, and we can never completely eliminate risk.
But we can continuously push the security boundaries forward—every line of code, every random number, and every user's security habit is an indispensable line of defense in this war.
North Korean hackers linked to the Lazarus Group set up two fake US companies, BlockNovas LLC and SoftGlide LLC, to target cryptocurrency developers with malware through fraudulent job offers. This operation, using fabricated identities and AI-generated profiles, aims to steal sensitive data and cryptocurrency credentials.
AnaisRipple has decided against an IPO in 2025, citing its strong financial position and lack of need for external funding. Instead, the company is focusing on strategic acquisitions and long-term growth, such as its $1.25 billion purchase of Hidden Road.
WeatherlyWorld Liberty Financial has partnered with the Pakistan Crypto Council to boost blockchain, stablecoin, and DeFi growth, with plans to launch regulatory sandboxes for blockchain solutions. Pakistani officials signal full crypto legalisation is near, while Binance founder CZ’s role as a Strategic Advisor highlights the country's rising digital asset ambitions.
CatherineNike closed its RTFKT unit in December 2024, causing the value of NFTs to plummet and leaving buyers with significant financial losses. This led to a lawsuit alleging that Nike misled investors about the stability and legality of the NFTs.
AnaisLoopscale lost $5.8 million from a flaw in its collateral pricing system, including 1,200 SOL and $5.7 million in USDC. Key platform functions are now restored, and the exploiter is willing to return the funds for a bounty.
KikyoTerm Finance, an Ethereum-based lending protocol, lost around $1.6 million in ETH due to a misconfigured oracle. The team recovered over $1 million through negotiations and will cover the remaining shortfall from the protocol's treasury. A post-mortem of the incident will be released soon.
CatherineMeta cut jobs in its Reality Labs division, affecting teams like Oculus Studios and the Supernatural VR app. The layoffs are part of a move to make the division more efficient as Meta keeps investing in mixed reality.
WeatherlyDonald Trump holds the lowest 100-day approval rating of any new US president in 70 years, with polls placing him between 39% and 45%. Public trust is eroding as voters grow sceptical of his handling of the economy, immigration, trade, and inflation, casting doubt on the administration’s ability to regain confidence.
KikyoxAI is negotiating a $20 billion funding round, which could increase its valuation to $120 billion and solidify Musk's influence in the AI field. Despite challenges with debt from the acquisition of Twitter, investor interest remains high, and xAI is positioned for significant growth in both AI and social media sectors.
WeatherlyDeepSeek has returned to South Korea’s app stores after a two-month suspension due to data privacy concerns. The company revised its privacy policy to comply with local laws and allow users to opt out of data sharing with foreign companies.
Anais