127,000 BTC seized? The lifeline of randomness behind security.

On October 14, 2025, the federal court in Brooklyn, New York unsealed an indictment revealing that the U.S. Department of Justice recently conducted the largest cryptocurrency seizure operation in history, confiscating approximately 127,000 Bitcoins, worth over 15 billion dollars.

But the more shocking detail is that the U.S. law enforcement obtained the private keys not through hacking or breaking into the system, but rather discovered an absurd fact — the generation of this batch of private keys was never “random” from the very beginning.

It can be said that this tens of billions of dollars turmoil caused by private key defects has instantaneously shifted the industry's focus from macro narratives back to the most fundamental technical details of wallet security: randomness.

127,000 Bitcoins 'stolen' Roswell incident

Upon closer inspection, this major case involving approximately 127271 Bitcoins (worth about 15 billion USD) is actually a Rashomon tale involving “mining pool theft.”

The whole event has two keywords: pig killing plate and Lubian mining pool.

The origin of everything is related to a complex illegal profit laundering chain, whereby a certain pig slaughtering organization in Cambodia funnels the proceeds of fraud into a seemingly legitimate and self-controlled Crypto Assets mining business, Lubian mining pool. The mining farm continuously produces new Bitcoins, and the originally tainted dirty money is converted into newly mined 'clean' BTC, thus being completely laundered.

Interestingly, Lubian was once one of the largest mining pools in the world in 2020, controlling nearly 6% of the total hash rate of the Bitcoin network at its peak. It was precisely such a high-profile Bitcoin mining entity that became a key hub for the entire illegal money laundering network.

Source: Arkham

However, ironically, LuBian suddenly suspected to have been stolen 127,426 Bitcoins in December 2020.

Why is it said to be suspected? Because neither LuBian nor the hacker have publicly acknowledged this hacking attack, only the on-chain intelligence platform Arkham was the first to publicly report this matter, and Lubian went silent shortly after being impacted, suddenly shutting down its mining pool business in February 2021.

Therefore, the outside world has been speculating whether external hackers stole the dirty money, or if the operator of the pig-butchering scheme staged it themselves, transferring the stolen funds out of the mining pool in an attempt to create a false appearance of being “stolen”. In any case, these valuable Bitcoins have remained silent on the chain for over three years, becoming a mystery.

Until July 2024, approximately 127,000 BTC suddenly completed a large-scale centralized transfer and consolidation, and these addresses, upon comparison, are exactly the destination of the funds “stolen” in 2020 from Lubian. Delving into it, the timing is particularly delicate – it just happened on the eve of a joint crackdown by law enforcement agencies from the United States, Cambodia, and several other Southeast Asian countries.

According to the civil forfeiture lawsuit documents from the U.S. Department of Justice, 25 wallet addresses listed do indeed closely match the hacker addresses in the Lubian mining pool theft case. In other words, the U.S. government believes that these BTC were not stolen by hackers, but rather are the proceeds of money laundering by a fraud group and its accomplices through Lubian.

Source: Milk Sad

Of course, the real mystery lies in the fact that, although the actual controllers of this scam group theoretically have not yet been brought to justice, the U.S. government has already obtained the relevant private keys. Cobo co-founder Shen Yu believes that law enforcement agencies did not obtain the private keys through violent cracking or intrusion methods, but rather because Lubian used a pseudorandom algorithm with serious flaws during its operation, resulting in the private keys generated by the Lubian wallet being predictable.

In short, the “seizure” of this exorbitant asset was due to a vulnerability in the random number of the private key, rather than an issue with the underlying mechanism of Bitcoin.

Randomness: The Digital Order Behind Crypto Security

So what exactly is randomness?

In the blockchain world, a private key is essentially a 256-bit binary number, a figure so large it is nearly abstract—theoretical size is 2 to the power of 256, far exceeding the number of atoms in the universe, and it is precisely for this reason that the possibility of a private key being brute-forced is theoretically approaching zero:

Randomness refers to the “unpredictability” of generating keys, seeds, or mnemonic phrases, which are giant numbers. In other words, a secure private key must be generated completely randomly, that is, truly randomly and uniformly drawn from the possibilities of 2 to the power of 256.

If this extraction process is completely random, then it is almost impossible for an attacker to collide with your private key through enumeration, guessing, or repeated generation. However, the problem is that once randomness is insufficient, predictability increases significantly, reducing the scope of brute force attacks, making the private key easier to guess.

For example, if the random source (i.e., seed) used during private key generation is too weak and comes from predictable sources (such as timestamps, fixed hardware counts, or easily inferred variables), it can lead to the generated private key range being narrowed down to a predictable, enumerable, and extremely small set—there have been reports of mainstream wallets in early versions that were exposed for using a certain library in the iOS version, which relied solely on timestamps for initial entropy in production environments, resulting in some wallet private keys being easily restored through brute force search.

In fact, the losses of crypto assets caused by weak random numbers are not new. As early as 2015, the hacker group Blockchain Bandit systematically searched for weak security private keys by exploiting faulty random number generators and code vulnerabilities, successfully scanning over 700,000 vulnerable wallet addresses and stealing more than 50,000 ETH from them.

According to research by Milk Sad, it is astonishing to fully review the wallet history within the 256-bit range—on the historical peak of November 5, 2020, the total amount of Bitcoin stored in weak random wallets in this range exceeded 53,500 BTC!

Even more outrageous is that, even after the vulnerabilities have been disclosed, there are still people continuing to transfer funds to these known weak addresses…

Overall, such incidents are not due to the vulnerability of the Bitcoin protocol itself, but rather because the implementation layer (wallets, mining pools, key management systems) did not adhere to the cryptographic level of entropy requirements when generating private keys or erroneously migrated test code to the production environment, turning what was originally an unexhaustible vault into a target that could be scrutinized.

How to strengthen the security barrier?

As mentioned above, the key to security for wallets lies in whether it is “pseudo-random”. As long as a cryptographic-level random algorithm, similar to that used by imToken, is employed to ensure unpredictability, irreproducibility, and irreversibility, security can be guaranteed.

It is worth mentioning that the private key generation logic of imToken has been completely open-source since October 2018 (TokenCore codebase). It directly calls the secure random number generator provided by the operating system's underlying layer on Android and iOS systems.

Taking iOS as an example, the system entropy comes from the statistical data of kernel events over a period of time, including touch input, CPU interrupts, clock jitter, sensor noise, etc.—these parameters vary every millisecond, and even the system itself cannot reproduce them.

Therefore, the private keys generated by imToken have the characteristics of “unpredictable, unreproducible, and irreversible,” eliminating pseudo-random risks from the entropy source level. This is also the fundamental reason why imToken users are not affected by vulnerabilities like the Lubian incident.

Of course, technical security is just the foundation. To further understand and avoid security risks, the following points are also crucial:

1. Prioritize using non-custodial wallets that are time-tested, community-validated, open-source, and audited (such as imToken). Users with conditions should prioritize hardware wallets (such as imKey) to further isolate private key generation from network risks.

For example, for the hardware wallet imKey, the randomness security is taken a step further - its private keys are directly generated by the True Random Number Generator (TRNG) within the secure chip. The Infineon SLE 78CLUFX5000PH secure chip (SLE78 series) has also passed the German BSI AIS 31 PTG.2 certification, which is the highest level of security assessment for physical entropy sources. This standard requires that the random source undergo statistical testing, entropy modeling, and online health checks to ensure the quality of randomness used for cryptographic key generation.

In other words, the private key of imKey is generated, stored, and never leaves the boundaries of the secure chip. Its random source is based on physical noise and does not rely on any software or external seed, which means that even if an attacker has complete control over the device system, they cannot predict or reproduce its private key. 2. Additionally, do not take screenshots, do not copy and paste, and do not store your mnemonic phrase or private key on cloud drives or chat records. Never disclose your mnemonic phrase or private key to anyone; it is also recommended to write down your mnemonic phrase by hand and store it in a secure offline location. You can use a stainless steel mnemonic board that is moisture-proof, fire-proof, and corrosion-resistant, and perform multi-point backups in at least 2-3 secure locations. 3. Finally, be vigilant against phishing and malicious plugins. Public keys can be shared, but always verify the links when accessing your wallet or signing, and avoid installing plugins or apps from unknown sources on your device.

Conclusion

Objectively speaking, in the glamorous world of Crypto, every major security incident is an expensive public education lesson.

It can even be said that Web3 security itself is a long-term battle against time and a game of probability, and we can never completely eliminate risk.

But everyone can continuously push the security boundary forward — every line of code, every random number, and every user's security habits are indispensable defenses in this war.