Arkham Intelligence has brought four-year-old Crypto Mystery back to the spotlight. According to the blockchain analytics company, a total of 127,426 BTC, worth around $14.5 billion, was stolen from China’s Mines Pour Rubian in December 2020. At the time, the stolen Bitcoin was worth around $3.5 billion, making it the biggest theft in Osprence history historically.
Hacks like Mt. Gox included more coins (744,000 BTC), but Bitcoin’s prices meant at the time these losses were worth hundreds of millions rather than hundreds of millions.
Who is Rubien?
Rubien wasn’t just a small mining pool. It was launched in April 2020 and within a few months it became the sixth largest mining pool on the Bitcoin network. Its website was boldly called “the world’s safest and most yielded mining pool.” But then, in early 2021, it disappeared without explanation.
Theories were swirling back then. Perhaps Chinese regulators have shut it down. Maybe it’s become private. However, according to Arkham’s latest research, the truth may be dark – Rubien did not leave. It disappeared due to a massive violation that emitted almost all of the Bitcoin reserves within days.
How was Hack pulled away?
This is the technical location. Arkham believes the attacker exploited the vulnerability of Rubien’s secret key generation algorithm. Simply put, Lubian used an unstable method to generate private keys.
On December 28, 2020, the hackers are said to have stolen more than 90% of Rubian’s Bitcoin. The next day, an additional $6 million in BTC and USDT was sucked up from Lubian’s Bitcoin Omni layer address. This was not just a violation, it was a sustained and adjusted takedown.
What happened after the theft?
Rubien wasn’t silent. To send messages directly to hackers, I used the Op_return field in Bitcoin, a small amount of feature that allows data to be embedded in Transactions. The message is read like a digital ransom, calling the attacker a potential white hat and providing a reward if the stolen assets are returned.
Here is part of what Rubien wrote:
“White Hats that are saving our assets can contact us… to discuss the return of assets and your compensation.”
But so far, nothing has been returned. Interestingly, the stolen BTC has not moved since July 2024. The attacker is either very patient, very careful, or suggests that he cannot simply move funds without detection.
Rubien never lost everything. Approximately 11,886 BTC (currently worth $1.35 billion) is stored and remains in known wallets. It’s still a large part of the wealth of code, but it’s far from what’s stolen.
This case is a wake-up call from the mining ecosystem. Even large, successful pools can collapse overnight if they ignore key management best practices. Unlike smart contract exploits and phishing scams, this hack targeted the core of Cryptographic Security: Private Key Generation.
That’s rare. And that’s scary.
Will stolen BTC be recovered?
It’s unlikely. The coins are not washed or mixed, but still make the vast volume radioactive. Moving through just a few parts of BTC will instantly attract attention from all major exchanges, law enforcement and blockchain analysts around the world.
Hackers can try to wait for blockchain monitoring to be less effective, but as platforms like Arkham and Chain Orisis become more sophisticated, their windows continue to be closed.
What’s next?
Arkham’s report has already rekindled interest in the incident. If law enforcement hadn’t fully recognized the hack before, they certainly are now. Additionally, when an attacker moves BTC, real-time alerts are triggered across the Crypto Intelligence Community.
On the other hand, the lesson is clear. Crypto security is not just about protecting against bugs in phishing emails and smart contracts. It starts with a foundation like secret key hygiene. One flawed algorithm costs billions of dollars.
$ bitcoin, $ btc
