A significant cryptocurrency event from 2020, the LuBian Bitcoin exploit, has recently become the subject of geopolitical contention. While independent blockchain forensic experts have meticulously traced the stolen funds and identified the technical vulnerability exploited, China's National Computer Virus Emergency Response Center (CVERC) has leveled a direct accusation against the United States, claiming U.S. state actors were behind the original hack. This controversy highlights the complexities of digital forensics and international relations in the age of decentralized finance.
The Anatomy of the LuBian Exploit
In late December 2020, approximately 127,000 Bitcoin were illicitly siphoned from wallets associated with the LuBian mining pool over a mere two-hour period. Open-source forensics, notably from Arkham and the MilkSad research team, revealed that these wallets were vulnerable due to the use of a weak random-number generator (MT19937) with insufficient entropy (only 32 bits). This critical flaw allowed attackers to brute-force private keys and execute coordinated withdrawals across hundreds of addresses. Years later, these very coins—now valued at hundreds of millions of dollars—have been consolidated and taken into custody by the U.S. government, linked to forfeiture proceedings against Chen Zhi and the Prince Group for alleged fraud and money laundering. Independent tracing by entities like Elliptic and Arkham confirms the seized addresses map directly to the original LuBian weak-key cluster.
Conflicting Attributions: China vs. Independent Forensics
Despite the comprehensive technical understanding of the exploit, independent blockchain investigators have consistently stated they cannot identify the original perpetrators. Firms like MilkSad, Arkham, and Blockscope refer to an "unknown actor" or the "LuBian hacker," focusing on the how and what rather than the who. However, China's CVERC, amplified by state media, presents a starkly different narrative. They contend that the extended dormancy period of the stolen funds—years of minimal movement—is atypical for criminal groups and points to a state-level operation. CVERC then connects this dormancy to the subsequent U.S. government custody, alleging that U.S. actors executed the 2020 exploit and later converted it into a law enforcement seizure. While CVERC's technical analysis of the vulnerability aligns with independent research, their attribution leap relies on circumstantial inferences about dormancy and ultimate custody rather than new forensic evidence.
Unpacking the Possible Scenarios
The public record allows for at least three distinct interpretations of the LuBian exploit and its aftermath. The most widely supported scenario suggests an unknown party discovered and exploited the weak-key pattern in 2020, leaving the funds mostly dormant until U.S. authorities obtained the keys through various investigative means (e.g., device seizures, cooperating witnesses), culminating in the recent forfeiture. A second possibility frames the "hack" as an internal, opaque movement within the Prince Group's own treasury or laundering network, consistent with the Department of Justice's framing of the wallets as unhosted and within the defendants' possession. The third scenario is the one advanced by CVERC: that a U.S. state actor was responsible for the initial 2020 operation. Crucially, the technical feasibility of brute-forcing the weak keys is not in dispute—it was well within reach for motivated actors. The core disagreement lies not in the mechanics of the exploit, but in the ultimate ownership, control, and identity of the initial actors behind the massive 2020 Bitcoin drain.
