TechFlow news, on November 9, the National Computer Virus Emergency Response Center released a technical traceability analysis report on the LuBian mining pool hacking incident in which a large amount of Bitcoin was stolen. The report pointed out: a major cyberattack occurred on the LuBian mining pool in 2020, during which a total of 127,272.06953176 Bitcoin (worth about $3.5 billion at the time and now valued at $15 billion) were stolen by attackers. The holder of this massive amount of Bitcoin is Chen Zhi, chairman of Cambodia's太子Group.
After the hacking incident, the Bitcoin stored in the attacker-controlled wallet address remained dormant for as long as four years, almost entirely untouched—clearly inconsistent with typical hacker behavior focused on quickly liquidating assets for profit. Instead, it resembled a precise operation orchestrated by a "state-level hacking organization."
It wasn't until June 2024 that these stolen Bitcoins were moved again into new Bitcoin wallet addresses, where they have remained since.
On October 14, 2025, the U.S. Department of Justice announced criminal charges against Chen Zhi and stated it would seize 127,000 Bitcoin belonging to Chen Zhi and his太子Group.
Various pieces of evidence indicate that the massive amount of Bitcoin seized by the U.S. government from Chen Zhi and his太子Group is precisely the LuBian mining pool Bitcoin that had already been technically stolen in the 2020 cyberattack.
In other words, the U.S. government may have already acquired through hacking techniques back in 2020 the 127,000 Bitcoin held by Chen Zhi—a classic case of a state-level hacking organization conducting a "hacking-the-hackers" operation.
