A major dispute has emerged between China and the United States over the fate of 127,000 bitcoin (BTC), now valued at approximately $13 billion, originally taken from the LuBian mining pool in 2020.
China’s accusations against the U.S.
China’s National Computer Virus Emergency Response Center (CVERC) released a report accusing the U.S. government of seizing bitcoin that was stolen in a 2020 hack.
The agency claimed that a “state-level hacking organization” was responsible for the original theft and implied the U.S. was behind both the hack and the eventual seizure.
CVERC’s technical analysis, highlighted by the state-run Global Times, pointed to the use of advanced tools and suggested the operation deviated from typical criminal patterns.
U.S. response and open-source findings
The U.S. government disputes these claims, maintaining that the 2024 seizure was a law enforcement action targeting criminal proceeds tied to Chen Zhi, chairman of Cambodia’s Prince Group, who is under indictment for fraud and money laundering.
Independent blockchain researchers traced the original outflow of the LuBian wallets to a flaw in Bitcoin address key generation, which allowed an unknown entity to sweep the funds.
Forensic analysis by Arkham, MilkSad, and others tie the seized coins to vulnerable wallets, but do not attribute the 2020 hack to any specific state actor.
What blockchain forensics show
On-chain data confirms that the coins remained dormant for years before being consolidated into wallets now tagged as U.S. government-controlled.
Technical reports, including CVE-2023-39910, explain that weak random number generation made the wallets susceptible to brute-force attacks.
The U.S. Department of Justice has filed forfeiture actions for the seized bitcoin, asserting they are criminal proceeds.
Ongoing debate over attribution
While Chinese authorities link U.S. custody of the assets to possible state involvement in the hack, Western researchers stress a lack of technical evidence for this claim.
As on-chain forensics show, the funds’ movement aligns with exploitation of weak wallet keys, not definitive state action.
The question of who initially drained the wallets remains unresolved.
