China’s National Computer Virus Emergency Response Center just accused the US of carrying out the 2020 LuBian Bitcoin exploit.
However, Western research has linked the incident to a flaw in the wallet’s random numbers, without naming the state actor.
Open source forensics for LuBian drains
The core facts of this episode are well documented throughout open source. According to Arkham, approximately 127,000 BTC was leaked from wallets associated with the LuBian mining pool in a period of approximately two hours between December 28 and 29, 2020, in coordinated withdrawals across hundreds of addresses.
According to the MilkSad research team and CVE-2023-39910, these wallets were created with software that seeded MT19937 with just 32 bits of entropy, reducing the search space to approximately 4.29 billion seeds and exposing batches of P2SH to P2WPKH addresses to brute force attacks.
MilkSad update #14 links a cluster holding approximately 136,951 BTC that began to be leaked on December 28, 2020 to LuBian.com through on-chain mining activity and documents a fixed 75,000 Sat fee pattern in sweep transactions. Blockscope’s restoration shows that the majority of the funds were kept with minimal movement for many years afterwards.
These same coins are currently held in wallets controlled by the U.S. government. According to the US Department of Justice, prosecutors are seeking the forfeiture of approximately 127,271 BTC in proceeds and instruments from alleged fraud and money laundering related to Cheng Zhi and Prince Group. The Justice Department says the assets are now under U.S. control.
The ellipses show that the addresses in the DOJ complaint map to the LuBian weak-key cluster that MilkSad and Arkham had previously identified, and Arkham has tagged the integrated wallets as US government-controlled. On-chain detectives, including ZachXBT, have publicly pointed out the overlap between the seized addresses and a previous set of weak keys.
What Forensic Records Show About the LuBian Exploit
Regarding attribution, the technical team that originally identified the flaw and tracked the flow does not claim knowledge of who ran the 2020 drain. MilkSad has repeatedly mentioned the attackers who discovered and exploited the vulnerable private keys and said they do not know their identity.
Arkham and Blockscope describe this entity as a LuBian hacker, focusing on its methodology and scale. Elliptic and TRM limit their claims to tracking and correspondence between the 2020 breach and subsequent Justice Department seizure. None of these sources name any state actors for the 2020 operation.
CVERC advances a different narrative, amplified by the Chinese Communist Party-owned Global Times and local pickups.
The group claims that the four-year dormancy period deviates from typical criminal cash withdrawal patterns and therefore indicates the presence of a nation-state hacking organization.
It further links the subsequent storage of the coins by the United States with claims that U.S. actors carried out the exploit in 2020 before moving on to seizure by law enforcement.
The technical section of the report closely tracks independent public research on weak keys, MT19937, address batching, and pricing patterns.
That attribution leap is based on circumstantial inferences about dormancy and ultimate custody rather than new forensics, tool alignment, infrastructure duplication, or other standard indicators used to attribute state actors.
What we really know about the LuBian Bitcoin outflow
There are at least three consistent interpretations that fit what is published.
- One is that an unknown party, criminal or otherwise, discovered a pattern of weak keys, exfiltrated the cluster in 2020, left the coins largely dormant, and then U.S. authorities obtained the keys through device seizures, cooperating witnesses, or related investigative methods, ultimately leading to consolidation and forfeiture filings in 2024-2025.
- The second treats LuBian and its affiliates as part of Prince Group’s internal financial and laundering network, and while the apparent hack may have been an opaque internal movement between wallets controlled with weak keys, consistent with the Department of Justice’s framework that the wallets are unhosted and owned by the defendants, the public documents do not fully detail how Mr. Chen’s network came to control certain keys.
- Third, CVERC asserted that U.S. state agencies were responsible for the 2020 operation. The first two are consistent with the evidentiary stance set forth in MilkSad, Arkham, Elliptic, TRM, and the Department of Justice’s filings.
The third is a claim that is not substantiated by independent technical evidence in the public domain.
A brief timeline of uncontested events is below.
From a capabilities perspective, a brute force attack on the 2^32 seed space is well within the reach of a motivated attacker. At about 1 million guesses per second, you can traverse space in a few hours with a single setup, but using a distributed or GPU-accelerated rig compresses it further.
Feasibility is at the heart of the MilkSad class of vulnerabilities, explaining how a single attacker can mop up thousands of vulnerable addresses simultaneously. The fixed fee pattern and address derivation details published by MilkSad and reflected in CVERC’s technical documentation strengthen this method of exploitation.
The remaining disputes are not with the mechanics but with ownership and control at each stage. The Justice Department characterized the wallet as a repository for criminal proceeds tied to Chen and said the assets could be confiscated under U.S. law.
Chinese authorities have framed Lu Bian as the victim of the theft and blamed US state institutions for the initial misuse.
An independent blockchain forensics group has linked the 2020 breach to a consolidation and seizure in 2024-2025, but has stopped short of revealing who pushed the button in 2020. That’s the status of the record.
(Tag translation) Bitcoin
