After four years of silence, it has finally come to light! A Chinese mining pool was robbed of 127,000 BTC, amounting to 14.5 billion USD, making it the largest theft in the history of encryption.

Blockchain analysis company Arkham Intelligence has disclosed a shocking theft case that had been buried for four years — the top three mining pools in China were hacked on December 28, 2020, resulting in the theft of 127,426 BTC (worth $3.5 billion at the time). Through on-chain tracking, it has been confirmed that the scale of this theft has surpassed the Mt. Gox incident. At the current Bitcoin price (approximately $114,000), the value of the stolen assets has skyrocketed to $14.5 billion, making it the largest single theft in crypto history.

The investigation shows that hackers are suspected of exploiting a private key generation vulnerability in the Mining Pool to carry out a brute-force attack (, looting 90% of the pool's assets within two days. More dramatically, the roadside sent over 1,500 on-chain messages through the Bitcoin OP_RETURN field pleading with the hackers to return the funds (costing 1.4 BTC), but received no response. Before the hackers integrated wallets in July 2024, the stolen money had remained untouched for years. This case exposes a persistent security issue in the encryption industry — from 2025 to the present, the industry has suffered losses exceeding $3.1 billion.

) The fall of the mining pool giant: at its peak, it accounted for 6% of the total network hash rate, and the China-Iran layout has ultimately become a bubble The roadside Mining Pool once ranked among the top tier of global mining pools, controlling nearly 6% of Bitcoin's total hash rate at its peak in 2020, with large-scale mining farms established in China and Iran. The stolen 127,426 BTC accounted for 90% of its total reserves at that time, along with $6 million in related Omni layer assets (including USDT) being stolen the following day, effectively declaring the mining pool bankrupt. Shockingly, neither the mining pool nor the hackers proactively disclosed this incident, and the truth has been buried for four years.

( Two ) Attack Method Decryption: Private Key Generation Vulnerability Subjected to Bruteforce Attack Arkham analysis pointed out that the roadside Mining Pool may have adopted a weak private key generation mechanism, creating an opportunity for hackers to implement brute force attacks. After successfully hacking on December 28, 2020, the hacker launched a follow-up attack the next day. On December 31, the Mining Pool urgently transferred the remaining 11,886 BTC (currently valued at $1.35 billion) to a secure wallet and initiated a desperate self-rescue.

( Three ) on-chain tragic plea: spent 1.4BTC to send 1500 OP_RETURN messages To recover stolen assets, the roadside Mining Pool utilized the OP_RETURN field feature of Bitcoin transactions to permanently embed a plea to the Hacker on the Blockchain. A total of over 1,500 on-chain messages were sent, costing 1.4 BTC (approximately $49,000 at the time), all requesting the return of the stolen funds. This most expensive "on-chain shout" in blockchain history ultimately ended in failure.

( Four ) Tracking of illicit funds: Hacker firmly sits as a top giant whale, wallet integration starts in 2024 According to Arkham's on-chain monitoring, the hacker has not moved the stolen funds for years until July 2024 when they suddenly initiated a wallet consolidation operation, gathering dispersed assets into at least a few addresses. At current coin prices, the stolen BTC is valued at $14.5 billion, making this hacker surpass the Mt. Gox hacker on Arkham's whale list, becoming the richest illegal holder of Bitcoin on-chain.

( The security alarm rings long: The industry's theft and loss have exceeded 3.1 billion dollars in 2025 This case once again highlights the security vulnerabilities of the encryption ecosystem. In just 7 months of 2025, losses caused by exchange vulnerabilities, protocol attacks, and phishing scams have exceeded $3.1 billion, an 18% increase compared to the same period last year. As hacker techniques become increasingly sophisticated, the industry urgently needs to establish stricter private key management standards and a real-time threat response system.

Conclusion: The exposure of the roadside mining pool's theft case involving billions of dollars has revealed the security scars behind the crypto boom. Hackers easily breached top mining pools by brute-forcing private keys, exposing the security flaws of early infrastructure. Although current technologies like multi-signatures and MPC wallets have significantly improved protection levels, the "time bomb" of 14.5 billion dollars left over from this case continues to flow on-chain. The industry needs to not only strengthen defenses but also establish a cross-platform threat intelligence sharing network to cope with the increasingly organized on-chain crime. The subsequent asset movements from this case will continue to test the collaborative tracking capabilities of regulatory agencies and blockchain analysis companies. ) integrates Arkham Intelligence's on-chain analysis report (.