Last week, China’s National Computer Virus Emergency Response Center made a bold claim against the United States, accusing its government of masterminding a massive cyber theft back in 2020. The target was LuBian, a prominent bitcoin mining pool based in China with ties to Iran, where hackers stole 127,272 bitcoin that now holds a value of around $13 billion at current prices. This incident, first revealed in detail by blockchain analytics firm Arkham Intelligence in August 2025, stands out as one of the largest cryptocurrency heists ever, surpassing many high-profile breaches in scale and stealth. The Chinese report describes the operation as a “state-level hacker attack,” pointing to the unusual patience of the thieves who let the funds sit untouched for years, behavior more typical of governments than opportunistic criminals.
Bitcoin mining pools like LuBian play a crucial role in the network by combining the computational power—or hashing power—from thousands of individual miners around the world. This collective effort makes it more likely for the group to solve the complex mathematical puzzles required to validate transactions and add new blocks to the blockchain, earning the associated rewards in freshly minted bitcoin. At its peak in late 2020, LuBian controlled nearly 6% of the global bitcoin mining hashrate, making it the sixth-largest pool and a significant player in the ecosystem. Operating across borders, particularly in China and Iran, LuBian helped miners in regions with varying access to resources pool their efforts for steady payouts rather than relying on luck alone. The hack disrupted this model dramatically, as the pool vanished from public view by February 2021, leaving miners and observers puzzled about its sudden disappearance.
The theft occurred in December 2020, exploiting a critical flaw in LuBian’s system for generating private keys, which are essential for securing bitcoin wallets. This weakness in the key generation algorithm allowed attackers to use brute-force methods—essentially guessing keys through repeated automated attempts—to drain the pool’s holdings without immediate detection. In the chaotic days right after the breach, LuBian operators sent out hundreds of small transactions totaling over $40,000 to the hacker’s addresses, embedding desperate messages in the blockchain data like “Please return our funds, we’ll pay a reward. These on-chain pleas, visible to anyone tracking the blockchain, highlight the panic and the pool’s attempt to negotiate directly with the thief, but no response ever came, and the funds remained dormant. Chinese investigators now link these same bitcoins to addresses later controlled by U.S. authorities, arguing that the slow, deliberate movements—such as a major transfer in June 2024—point to official involvement rather than black-market flips.
Because the bitcoin blockchain is a public ledger, every transaction leaves a permanent, traceable record that experts can analyze for patterns and origins. This transparency has allowed both Chinese and independent analysts to follow the stolen coins’ path, from LuBian’s wallets to their eventual seizure. The Chinese agency emphasizes that ordinary hackers would have quickly laundered or sold the bitcoin, but the prolonged inactivity suggests a state actor holding them for strategic reasons. U.S. officials, however, have pushed back hard, calling the accusations baseless and refusing to disclose details on how they acquired the funds, which only fuels the speculation. This back-and-forth underscores the challenges in attributing cybercrimes when blockchain data can confirm movements but not always the actors behind them.
U.S. Ties the Bitcoin to Pig Butchering Scams and Forced Labor Operations
In stark contrast to China’s narrative, the U.S. Department of Justice (DOJ) maintains that the 127,272 bitcoin were not stolen through any government hack but seized from a sprawling criminal enterprise tied to international scams. Announced on October 14, 2025, this forfeiture marks the largest in U.S. history, with the bitcoin now valued at approximately $15 billion due to price surges since the original theft. The case centers on Chen Zhi, the billionaire chairman of Cambodia’s Prince Group, who was indicted in New York federal court on charges of wire fraud conspiracy and money laundering. Prosecutors allege that Chen and his associates built a network of fake businesses to clean dirty money from online frauds, using bitcoin mining as a key tool to generate untainted cryptocurrency.
Pig butchering scams represent a particularly insidious form of fraud that preys on victims’ emotions and greed. Scammers, often operating from overseas, initiate contact through dating apps, social media, or messaging platforms, posing as friendly or romantic interests to build long-term trust—a process likened to “fattening up a pig” before the slaughter. Once rapport is established, they introduce the victim to a phony investment opportunity, typically in cryptocurrencies or forex, showing fake profits to encourage larger deposits. The irreversible nature of crypto transfers makes these schemes devastating, as victims lose everything without easy recourse, though stablecoins can sometimes allow for quicker freezes by exchanges. In this case, Prince Group’s operations allegedly scammed billions, targeting people worldwide with promises of quick riches.
The indictment paints a grim picture of the human cost behind these frauds. Chen’s conglomerate reportedly ran secretive compounds in Cambodia resembling prisons, where traffickers lured young people—many from China and Southeast Asia—with job offers, only to force them into scam work under brutal conditions. Over 5,000 individuals endured physical abuse, starvation, and threats of violence if they resisted or tried to escape, generating proceeds that funded Prince Group’s legitimate ventures like banking and real estate. To launder the illicit gains, the group invested in cryptocurrency mining pools, including LuBian, where scam money bought hardware and operations, producing “clean” bitcoin that appeared freshly mined and disconnected from crimes. Blockchain analysis from firms like Elliptic confirms that LuBian wallets received funds directly from scam-related addresses, blending dirty inflows with legitimate mining rewards.
The DOJ’s charges against Chen carry severe penalties, potentially up to 40 years in prison if convicted, and include civil forfeiture of assets beyond the bitcoin, such as luxury properties and vehicles. Chen’s legal team has denied the allegations, calling them “seriously misguided” and vowing to work with cryptocurrency experts to trace the funds’ true path. The U.S. Treasury Department and U.K. authorities joined the crackdown, designating Prince Group a transnational criminal organization and imposing sanctions to disrupt its global reach. Details on the exact seizure process remain sealed, but experts believe the June 2024 wallet movements indicate U.S. law enforcement gaining control, possibly through cooperation with exchanges or informants. This operation highlights how law enforcement increasingly uses blockchain forensics to dismantle cross-border crime rings.
Debates Surround the Seized Bitcoin and Ideas for a U.S. Strategic Reserve
Within the bitcoin community, the fate of these seized funds has sparked intense discussion, with some enthusiasts hoping they could seed a national strategic reserve. During his 2024 presidential campaign, Donald Trump pledged at the Bitcoin 2024 conference in Nashville to create such a reserve, treating bitcoin like gold in the U.S. Treasury to bolster economic sovereignty. An executive order issued early in his second term directed a feasibility study, but progress has stalled amid regulatory hurdles and market volatility. Prediction platform Polymarket reflects the skepticism, pricing the odds of a 2025 reserve at just 3%, a sharp drop from a 77% peak in March when crypto-friendly policies seemed imminent.
Recent Trump administration actions, including the pardon of Binance co-founder Changpeng “CZ” Zhao on related charges, have intensified scrutiny over crypto priorities. Critics argue these moves signal a lax approach to enforcement, potentially undermining efforts to build trust in a government-held bitcoin stockpile. Blockchain analyst Conor Grogan from Coinbase voiced doubts on X (formerly Twitter), noting that the DOJ’s story “doesn’t make a ton of sense” when cross-checked against transaction histories, as the funds’ path shows inconsistencies with a straightforward scam-to-seizure narrative. Independent firms like Chainalysis have aided the DOJ in mapping the flows, but even they acknowledge gaps in attribution, leaving room for theories ranging from insider thefts to advanced persistent threats.
The uncertainty extends to practical questions: If held by the government, could these bitcoins be sold off gradually to fund public programs, or would they sit as a hedge against inflation?. Past U.S. seizures, like those from the Silk Road dark web market, were auctioned to avoid market disruption, but the scale here—equivalent to over 0.6% of bitcoin’s total supply—could sway prices if mishandled. As debates rage, this case illustrates bitcoin’s dual role as both a tool for criminals and a potential national asset, with blockchain’s immutability ensuring every twist remains etched in digital stone.
Escalating Cyber Rivalry Between China and the U.S.
China’s latest accusation against the U.S. fits into a broader pattern of mutual cyber blame, escalating what many experts describe as a new front in the Second Cold War. Just last month, Beijing released what it called “irrefutable evidence” of American hackers targeting its National Time Service Center, a critical facility for satellite timing and navigation. The LuBian report labels the bitcoin theft a “black eats black” scheme—one group of bad actors preying on another—implying U.S. intelligence exploited criminal vulnerabilities for geopolitical gain. This rhetoric echoes earlier claims, such as alleged U.S. intrusions into Microsoft’s Exchange servers and other Chinese infrastructure, which Beijing uses to rally domestic support against foreign threats.
From the U.S. perspective, concerns about Chinese cyber espionage run deep, particularly with companies like Huawei at the center. U.S. officials have long warned of hidden backdoors in Huawei’s telecom gear, allowing covert access to networks for surveillance or disruption. A 2019 Wall Street Journal report detailed how such vulnerabilities could compromise global communications, leading to bans on Huawei equipment in several countries. These fears stem from Huawei’s close ties to the Chinese government and its role in building 5G infrastructure worldwide. In response, the U.S. has invested heavily in offensive cyber capabilities, exemplified by the 2010 Stuxnet attack on Iran’s Natanz nuclear facility.
Stuxnet, widely attributed to a joint U.S.-Israeli operation, was a sophisticated worm that infiltrated air-gapped systems—networks isolated from the internet—and sabotaged uranium enrichment centrifuges by altering their speeds. Unlike traditional hacks that steal data, Stuxnet caused physical damage without leaving obvious traces, setting a precedent for cyber weapons in statecraft. A 60 Minutes investigation last month revealed China’s parallel efforts, mapping U.S. power grids and water systems for potential sabotage in a conflict scenario. These revelations paint a picture of mirrored strategies: Both nations probe weaknesses in critical infrastructure, from energy to finance, viewing cyberspace as a domain for asymmetric warfare. As tensions rise, international norms like the UN’s cyber stability talks struggle to keep pace, leaving room for incidents like LuBian to inflame diplomatic rows.
Cryptocurrency’s Emerging Role in International Cyber Battles
Bitcoin and other cryptocurrencies are increasingly entangled in global cyber conflicts, serving as both prizes and weapons in state-sponsored operations. North Korea‘s Lazarus Group exemplifies this trend, with U.S. and UN reports linking it to over $3 billion in crypto thefts since 2017, funding the regime’s nuclear program and evading sanctions. Lazarus has targeted exchanges, DeFi platforms, and even game developers, using sophisticated phishing and malware to siphon funds that are then laundered through mixers and privacy coins. Their success has inspired copycats, but no group matches their scale or persistence.
The recent $120 million exploit on Balancer, a DeFi protocol for automated market makers, occurred last week and involved a vulnerability akin to a classic office prank—tricking the system into mispricing assets. While blockchain sleuths quickly identified the attacker’s wallets, no ties to Lazarus or state actors have emerged, though investigations continue. Balancer’s case highlights DeFi’s risks: Smart contracts, while decentralized, can harbor bugs that drain liquidity pools in seconds, affecting users worldwide. As crypto matures into a reserve asset— with nations like El Salvador adopting bitcoin as legal tender—its appeal to cybercriminals grows, promising untraceable value transfers.
In the U.S.-China context, the LuBian saga shows how mining operations can become battlegrounds, blending economic espionage with financial crime. If bitcoin solidifies as a global store of value, expect more state involvement, from regulatory crackdowns to covert seizures. Tools from Chainalysis and Elliptic will remain vital for attribution, but the pseudonymous nature of crypto ensures shadows will linger over such disputes. Ultimately, these incidents remind us that in the digital age, control over code and coins can shift power balances as profoundly as any conventional weapon.
