The private key to $15 billion worth of Bitcoin was accidentally cracked by the US.

In October 2025, the United States District Court for the Eastern District of New York disclosed an unprecedented case of crypto asset seizure: the U.S. government confiscated 127,271 bitcoins, worth approximately $15 billion at market prices.

Cobo co-founder Shenyu stated that law enforcement agencies did not obtain the private keys through brute force cracking or hacking, but rather exploited a randomness vulnerability. Some forums also claim that law enforcement directly seized the wallet's mnemonic phrases or private key files from servers and hardware wallets controlled by Prince Group executive Chen Zhi and his family, but the specific facts have not yet been publicly reported.

These hardware wallets were subsequently transferred to a multi-signature cold storage facility managed by the US Marshals Service (USMS) under the U.S. Department of the Treasury. The 9,757 BTC transfer signed by USMS into the official custody address on October 15, 2025, originated from this seizure. In the indictment, the U.S. Department of Justice described Lubian as part of the Cambodian Prince Group's money laundering network, emphasizing that the criminal group attempted to launder scam funds using "new coins" mined from mining pools.

Some community members tracking on-chain data believe these are the bitcoins stolen from the Lubian mining pool due to a vulnerability at the end of 2020. Lubian mining pool suddenly appeared in 2020, with no team background information or disclosed operating model, yet its hash rate quickly ranked among the world's top 10 mining pools within a few months, at one point accounting for nearly 6% of the global hash rate.

The report mentioned that Chen Zhi boasted to other Prince Group members that "the profits are considerable because there are no costs," but it is still unclear whether he founded or later controlled the operation. However, this case has brought the dormant whale back into the spotlight, prompting a re-examination of the wallet private key security disaster lurking around 2020.

When researchers re-investigated the incident, they found that the first two words in the mnemonic phrase generated by the flawed key generation process were Milk Sad, which is why the incident was later referred to as the Milk Sad event.

The Hidden Dangers of Weak Random Numbers

And it all originated from Mersenne Twister MT19937-32, a pseudo-random number generator.

Bitcoin private keys should be composed of 256-bit random numbers, theoretically yielding 2^256 possible combinations. To generate an identical sequence, all 256 "coin tosses" would need to match exactly. While not impossible, the probability is virtually zero. Wallet security does not come from luck, but from this vast space of possibilities.

However, the Mersenne Twister MT19937-32 random number generator used by Lubian mining pool and other tools is not a truly fair "coin-tossing machine," but rather a jammed device that always selects numbers within a limited and predictable range.

Once hackers understood this pattern, they could quickly enumerate all possible weak private keys through brute force, thereby unlocking the corresponding bitcoin wallets.

Due to misunderstandings about security among some wallet or mining pool users, from 2019 to 2020, many bitcoin wallets generated using this "weak random algorithm" accumulated astonishing wealth, with large amounts of funds flowing into this vulnerable zone.

According to statistics from the Milk Sad team, between 2019 and 2020, the total number of bitcoins held in these weak-key wallets once exceeded 53,500.

The sources of funds included both whale-level centralized transfers—four weak wallets received about 24,999 bitcoins in a short period in April 2019—and daily mining rewards, with some addresses receiving over 14,000 miner rewards labeled "lubian.com" within a year. A total of 220,000 such wallets have now been identified, and their holders were clearly unaware of the risks in the private key generation process, continuing to deposit assets into them to this day.

The Mass Exodus at the End of 2020

The long-standing security risk erupted at the end of 2020. On December 28, 2020 (UTC+8), abnormal transactions appeared on-chain, with a large number of wallets in the Lubian weak-key range being emptied within hours. About 136,951 bitcoins were transferred out in one go, worth about $3.7 billion at the then price of $26,000 per bitcoin.

The transaction fee for these transfers was fixed at 75,000 sats, regardless of the amount, indicating that the operator was highly familiar with the bitcoin network. Some of the funds later flowed back to the Lubian mining pool for subsequent mining rewards, suggesting that not all assets ended up in the hands of hackers. But for the victims, the loss was already a reality.

Even more bizarrely, some on-chain transactions included messages.

Whether these were taunts from hackers or pleas for help from victims remains unknown. Critically, this massive transfer was not immediately recognized as theft at the time.

Milk Sad researchers later admitted in their analysis that, with bitcoin prices soaring and mining pool revenues halting, they were unsure whether it was the work of hackers or Lubian management selling at the peak and restructuring wallets. They noted, "If the theft occurred in 2020, it would predate the confirmed Mersenne Twister weak-key attack timeline, but we cannot rule out this possibility."

Because of this uncertainty, the exodus of funds at the end of 2020 did not trigger an industry alert, and the massive amount of bitcoin remained dormant on-chain for years, becoming an unresolved mystery.

Thus, not only Lubian but also older versions of Trust Wallet were affected. On November 17, 2022 (UTC+8), security research team Ledger Donjon first disclosed the random number vulnerability in Trust Wallet to Binance. The team responded quickly, pushing a fix to GitHub the next day and gradually notifying affected users.

However, it was not until April 22, 2023 (UTC+8) that Trust Wallet officially disclosed the vulnerability details and compensation measures. During this period, hackers exploited the vulnerability in several attacks, including the theft of about 50 bitcoins on January 11, 2023 (UTC+8).

Belated Alarm

Meanwhile, the vulnerability was brewing in another project.

The bx seed command in Libbitcoin Explorer 3.x used the MT19937 pseudo-random number algorithm with a 32-bit system time as the seed, resulting in a key space of only 2^32 combinations.

Hackers soon began probing attacks. Starting in May 2023, several small-scale thefts appeared on-chain. On July 12, 2023 (UTC+8), the attacks peaked, with a large number of wallets generated by bx being swept clean. On July 21, 2023 (UTC+8), Milk Sad researchers, while helping users investigate losses, identified the root cause: the weak random number in bx seed allowed private keys to be brute-forced. They immediately reported this to the Libbitcoin team.

However, since this command was officially regarded as a testing tool, initial communications were not smooth. The team eventually bypassed the project party and publicly disclosed the vulnerability and applied for a CVE number on August 8, 2023 (UTC+8).

It was this discovery in 2023 that prompted the Milk Sad team to reverse-engineer historical data. They were surprised to find that the weak-key range that accumulated huge funds between 2019 and 2020 was linked to Lubian, and that the massive transfer mentioned above occurred on December 28, 2020 (UTC+8).

At that time, about 136,951 bitcoins resided in these weak wallets, and the large-scale transfer that day was worth about $3.7 billion. The last known movement was a wallet consolidation in July 2024 (UTC+8).

In other words, the suspicious aspects of the Lubian incident only surfaced after the weak random number vulnerability was exposed. The missed alert window is gone forever, and the whereabouts of the bitcoins at that time have also disappeared. Five years later, it was not until the joint indictment of Prince Group and Chen Zhi by the U.S. Department of Justice (DOJ) and UK authorities that the matter began to come to light.

For us, the phrase "Not your Wallet, Not Your Money" now only holds true under the premise of strong randomness.