In a case that sounds like a blend of cyber forensics and spycraft, the U.S. Department of Justice (DOJ) has pulled off the largest financial seizure in its history—roughly 127,000 bitcoin, worth about $15 billion.

What makes this extraordinary is not only the amount, but how the U.S. obtained the digital fortune. Reports by analysts unveil a shocking story of a flaw in the way thousands of Bitcoin wallet addresses were created.

Last week, the DOJ confirmed confiscation of around 127,000 BTC, reportedly tied to the massive international fraud and scam ring, the Prince Holdings Group.

The seizure connects two stories that have stunned the Bitcoin community: the mysterious 2020 disappearance of the Lubian bitcoin mining pool in 2021, and the U.S. government’s recent crackdown on Cambodia’s Prince Group, allegedly run by “pig-butchering kingpin” Chen Zhi.

According to the DOJ, Chen Zhi’s Prince Group ran an enormous forced-labor scam empire in Cambodia. Victims were lured into fake digital-asset-investment schemes, known as pig-butchering scams.

The U.S. government accuses Chen and his associates of laundering billions of dollars in profits through shell companies, real-estate projects, and even bitcoin mining operations.

Related: US Seizes 127K BTC from Cambodian Scam Ring in Largest Financial Raid

Among these operations was Lubian Mining, a once-prominent bitcoin mining pool with reported facilities in China and Iran. At its peak, Lubian controlled around 6% of Bitcoin’s total network hash rate.

In early 2021, Lubian suddenly went dark, with reports of 127,000 BTC of its funds being stolen surfacing years later. The stash was worth about $3.5 billion at the time. The event baffled the Bitcoin world, and the stolen coins vanished from public view for years.

New researches suggest that Lubian’s loss wasn’t caused by a hack in the traditional sense. Instead, investigators found that a flaw in Lubian’s cryptographic key generation process that made its Bitcoin wallets dangerously predictable.

Cobo and F2Pool co-founder, Shenyu, who first reported on the issue, explained that the weakness came from a faulty pseudorandom number generator (PRNG) used to create private keys.

Shenyu on X

“The crucial new trick is that the wallet creator of the P2WPKH-nested-in-P2SH wallets generated more than one private key from a Mersenne Twister PRNG output stream before re-seeding the PRNG,” Shenyu wrote in his research update.

This predictability compromised the randomness of the keys, making them vulnerable to prediction.

In simple terms, the software that Lubian used to generate Bitcoin wallet keys didn’t create truly random numbers. This made it possible for someone—potentially even law enforcement—to calculate the private keys and access the funds.

Shenyu’s findings indicated that over 220,000 Bitcoin addresses were affected by this same flaw. He highlighted that even though a public disclosure has been made, some users are still sending funds to these vulnerable addresses.

Shenyu on X

When the Lubian wallets were drained on December 28, 2020, blockchain analysts noticed some odd details. Many of the suspicious transactions used the same flat fee of 75,000 satoshis, an amount experts described as “unusual.”

Shenyu’s later research found that around 136,951 BTC were moved during the two-hour withdrawal spree, with most of the funds ending up in a few major addresses. For years, those wallets remained dormant—until mid-2024, when the coins suddenly moved again.

Now, in October 2025, the DOJ announced the seizure of 127,271 BTC from Chen Zhi and his network. The same addresses listed in the indictment matched those from the 2020 Lubian incident.

Elliptic and Arkham Intelligence, two leading blockchain analytics firms, confirmed that these were indeed the same coins once linked to the Lubian mining pool. As Arkham noted, the wallets had long been tagged as belonging to Lubian, and now to the Prince Group’s laundering network.

While U.S. authorities have not publicly explained how they obtained the private keys, multiple reports suggest it was not through brute-force hacking. Instead, as Shenyu noted, investigators likely discovered randomness defects present at the time the keys were created.

The seizure not only exposed Chen Zhi’s alleged criminal empire, but also revealed a critical lesson about the dangers of weak cryptography in the Bitcoin space.

The DOJ’s indictment outlines how Chen laundered scam proceeds by running Bitcoin mines that produced “clean” coins.

Prosecutors explain how Chen Zhi used bitcoin mining to launder the funds — Source

Lubian’s mining operations, as it turns out, were part of that laundering network. But because its wallets were generated with flawed code, their private keys were never truly secure.

The discovery turned out to be a powerful weapon for U.S. investigators. It is possible that by exploiting the key generation flaw, the U.S. authorities managed to take control of the massive bitcoin stash without any hacking in the traditional sense.

---

Filed under: Altcoins - @ October 19, 2025 11:07 am