The private key to $15 billion worth of Bitcoin was accidentally cracked by the United States.

Author: BUBBLE

 

In October 2025, the U.S. District Court for the Eastern District of New York disclosed an unprecedented case of cryptocurrency asset seizure: the U.S. government confiscated 127,271 bitcoins, worth about $15 billions at market price.

Cobo co-founder Shenyu stated that law enforcement agencies did not obtain the private keys through brute force or hacking, but exploited a randomness vulnerability. Some forums also claim that law enforcement directly seized wallet mnemonic phrases or private key files from servers and hardware wallets controlled by Prince Group executive Chen Zhi and his family, but the specific facts have not yet been publicly reported.

These hardware wallets were subsequently transferred to a multi-signature cold storage managed by the US Marshals Service (USMS) under the U.S. Department of the Treasury. The 9,757 BTC transfer signed by USMS to the official custody address on October 15, 2025, originated from this. In the indictment, the U.S. Department of Justice described Lubian as part of the Cambodian Prince Group's money laundering network, emphasizing that the criminal group attempted to launder scam funds using "new coins" mined from the mining pool.

Some community members tracked on-chain data and determined that these were the bitcoins stolen from Lubian mining pool at the end of 2020 due to a vulnerability. Lubian mining pool suddenly appeared in 2020, with no team background information or disclosed operating model, yet its hashrate quickly rose to the world's top 10 mining pools within a few months, once accounting for nearly 6% of the global hashrate.

The report mentioned that Chen Zhi boasted to other Prince Group members that "the profits are considerable because there are no costs," but it is still unclear whether he founded or later controlled it. However, this case has brought the dormant whale back to the surface, prompting a re-examination of the wallet private key security disaster lurking around 2020.

When researchers re-investigated afterwards, the first two words in the mnemonic phrase generated by the faulty key generation process were Milk Sad, and the incident has since been referred to as the Milk Sad event.

The Hidden Dangers of Weak Random Numbers

And everything originated from the Mersenne Twister MT19937-32, a pseudo-random number generator.

Bitcoin private keys should be composed of 256-bit random numbers, theoretically offering 2^256 possible combinations. To generate an identical sequence, all 256 "coin tosses" would have to match exactly. While the probability is not zero, it is close enough; wallet security does not come from luck, but from this vast possibility space.

However, the Mersenne Twister MT19937-32 random number generator used by Lubian mining pool and other tools is not a truly fair "coin toss machine," but rather a jammed device that always picks numbers within a limited and regular range.

Once hackers mastered this pattern, they could quickly enumerate all possible weak private keys through brute force, thereby unlocking the corresponding bitcoin wallets.

Due to some wallet or mining pool users' misunderstanding of security, from 2019 to 2020, many bitcoin wallets generated using this "weak random algorithm" accumulated astonishing wealth, with large amounts of funds pouring into this vulnerable range.

According to statistics from the Milk Sad team, during 2019 to 2020, the total number of bitcoins held in these weak key wallets once exceeded 53,500.

The sources of funds included both whale-level centralized transfers—four weak wallets received about 24,999 bitcoins in a short period in April 2019—and daily mining rewards. Some addresses received over 14,000 miner rewards labeled "lubian.com" within a year. There are now 220,000 such wallets, and the holders were clearly unaware of the risks in the private key generation process, continuing to pour assets into them to this day.

The Mass Exodus at the End of 2020

The long-hidden security risk erupted at the end of 2020. On December 28, 2020, abnormal transactions appeared on-chain, with a large number of wallets in the Lubian weak key range being emptied within hours. About 136,951 bitcoins were transferred out in one go, worth about $3.7 billions at the then price of $26,000 per bitcoin.

The transaction fee for the transfers was fixed at 75,000 sats, regardless of the amount, indicating that the operator was highly familiar with the bitcoin network. Some of the funds subsequently flowed back to the Lubian mining pool for future mining rewards, indicating that not all transferred assets fell into the hands of hackers. But for the victims, the loss was already a fact.

Even more bizarre, some on-chain transactions carried messages such as "To the white hat who saved our assets, please contact 1228btc@gmail.com." Since the weak private key addresses were already exposed, anyone could send transactions with messages to these addresses, and these messages may not necessarily come from the real victims.

Whether it was hackers mocking or victims seeking help remains unknown. Fatally, this huge transfer was not immediately recognized as theft at the time.

Milk Sad researchers later admitted in their analysis that, with bitcoin prices soaring and mining pool revenues stopping, they were unsure whether it was the work of hackers or Lubian management selling at the peak and reorganizing wallets. They pointed out, "If the theft occurred in 2020, it would predate the confirmed Mersenne Twister weak key attack timeline, but we cannot rule out this possibility."

Precisely because of this uncertainty, the capital exodus at the end of 2020 failed to trigger an industry alert, and the huge amount of bitcoin remained dormant on-chain for years, becoming an unresolved mystery.

Thus, it was not only Lubian that was affected, but also the old version of Trust Wallet. On November 17, 2022, security research team Ledger Donjon first disclosed the random number vulnerability in Trust Wallet to Binance. The team responded quickly, pushing a fix to GitHub the next day and gradually notifying affected users.

However, it was not until April 22, 2023, that Trust Wallet officially disclosed the vulnerability details and compensation measures. During this period, hackers exploited the vulnerability to launch several attacks, including the theft of about 50 bitcoins on January 11, 2023.

Belated Alarm

Meanwhile, the vulnerability was brewing in another project.

The bx seed command in Libbitcoin Explorer 3.x used the MT19937 pseudo-random number algorithm with a 32-bit system time as the seed, resulting in a key space of only 2^32 combinations.

Hackers soon began probing attacks. Starting in May 2023, several small thefts appeared on-chain. On July 12, the attack peaked, and a large number of wallets generated by bx were swept clean. On July 21, Milk Sad researchers found the root cause while helping users investigate losses: the weak random number in bx seed allowed private keys to be brute-forced. They immediately reported this to the Libbitcoin team.

However, since this command was officially regarded as a testing tool, initial communication was not smooth. The team eventually bypassed the project party and publicly disclosed the vulnerability and applied for a CVE number on August 8.

It was precisely because of this discovery in 2023 that the Milk Sad team began to reverse-engineer historical data. They were surprised to find that the weak key range that accumulated huge funds from 2019 to 2020 was associated with Lubian, and that the massive transfer mentioned above occurred on December 28, 2020.

At that time, about 136,951 bitcoins resided in these weak wallets, and the large-scale transfer that day was worth about $3.7 billions. The last known movement was a wallet consolidation in July 2024.

In other words, the suspicious aspects of the Lubian incident only surfaced after the weak random vulnerability was exposed. The missed alert window at the time is gone forever, and the whereabouts of the bitcoin at that time have also vanished. Five years later, it was not until the U.S. Department of Justice (DOJ) and UK authorities jointly prosecuted Prince Group and Chen Zhi that the matter became clearer.

For us, the phrase "Not your Wallet, Not Your Money" now only holds true under the premise of randomness.