Chinese mining pool LuBian was hacked in 2020 for 127,426 Bitcoin (BTC), valued at about $3.5 billion at the time, making it the biggest crypto hack in history, according to blockchain analytics platform Arkham Intelligence.

The platform retroactively uncovered the heist on Saturday, claiming that LuBian, which emerged as the sixth-largest BTC mining pool at the time, was first hacked on December 28, 2020. 

About 90% of the pool’s BTC was stolen by the threat actor before LuBian was able to move its remaining 11,886 BTC to recovery wallets. Neither the platform nor the hacker publicized the attack at the time, the intelligence platform said.

The mining pool embedded an OP_RETURN message to each of the wallet addresses belonging to the hacker in 1,516 different messages, which cost it about 1.4 BTC. Arkham’s team also wrote:

“It appears that LuBian was using an algorithm to generate its private keys that was susceptible to brute-force attacks. This may have been the vulnerability exploited by the hackers.”

The stolen Bitcoin is now worth about $14.5 billion at current prices, and the attack highlights the need for crypto users to practice proactive safety measures and private key management, relying on only the most robust random number generators to create keys.

Related: Crypto hacks top $142M in July, with CoinDCX leading losses

LuBian hack tops the ByBit hack and other infamous crypto heists

In February, the ByBit exchange was hacked for $1.5 billion and the attack was reported as the single biggest crypto hack in history at the time.

The ByBit attack was attributed to a compromised SafeWallet developer machine, according to a post-mortem report from SafeWallet and cybersecurity firm Mandiant.

These hackers likely exploited the developer’s machine by installing malware on the system and then using that developer’s Amazon Web Services (AWS) tokens while the developer was online and active.

This allowed the hackers to access sensitive systems without setting off any alarm bells or triggering a response from the team.

In April, an elderly individual lost $330 million in Bitcoin through a social engineering attack, which was laundered through 300 different wallet addresses.

The BTC heist was considered the fifth-largest crypto heist in history at the time, and only $7 million of the $330 million was frozen in the immediate wake of the attack.

Magazine: Inside a 30,000 phone bot farm stealing crypto airdrops from real users