The Breakdown - Did the US Steal $13 Billion in Bitcoin? China Says Yes
Episode Date: November 13, 2025China is accusing the US of hacking a major Bitcoin mining pool in 2020 and stealing 127,000 BTC—now worth more than $13 billion. NLW breaks down the origins of the Labuyan hack, why the coins later... appeared in DOJ-linked wallets, the allegations surrounding Chinese billionaire Chen Ji, and what this fight reveals about Bitcoin’s role in rising US–China tensions. Plus, a quick look at Coinbase’s move to revive US token sales. Enjoying this content? SUBSCRIBE to the Podcast: https://pod.link/1438693620 Watch on YouTube: https://www.youtube.com/@TheBreakdownBW Subscribe to the newsletter: https://blockworks.co/newsletter/thebreakdown Join the discussion: https://discord.gg/VrKRrfKCz8 Follow on Twitter: NLW: https://twitter.com/nlw Breakdown: https://twitter.com/BreakdownBW
Transcript
Discussion (0)
Welcome back to The Breakdown with me, NLW.
It's a daily podcast on macro, Bitcoin, and the Big Picture Power Shifts remaking our world.
What's going on, guys? It is Wednesday, November 12th, and today we are talking about China,
accusing the U.S. of stealing $13 billion in Bitcoin.
Before we get into that, however, if you are enjoying the breakdown, please go subscribe to it,
give it a rating, give it a review, or if you want to dive deeper into the conversation,
come join us on the Breakers Discord.
You can find a link in the show notes or go to bit.ly slash breakdown pod.
Well, friends, China has accused the U.S. of orchestrating a $13 billion Bitcoin theft.
The allegation was made by China's cybersecurity agency and refers to a 2020 theft from the
Lubian Bitcoin mining pool.
Over 127,000 Bitcoin were stolen from the pool in December 2020, but the theft wasn't
widely known until Arkham Intelligence reported on the incident this August.
Lubuian had only been created in April of 2020 and quickly grew to become the sixth largest
pool on the network.
It shut down the following February after the hack wiped out most of its holdings.
At the time, investors speculated whether the Chinese government had shut Labuian down or if they
had converted it into a private pool.
Arkham's research uncovered that the Bitcoin had in fact been stolen.
They speculated that a weakness in Labuian's private key generation had left them open to brute
force attacks.
Now, this is the largest Bitcoin hack of all time by dollar amount, representing around
$3 billion in Bitcoin at the time of the attack.
The Bitcoin didn't move from late 2020 until July of last year when they were moved into government
wallets. There doesn't appear to have been any attempt to launder the funds, as we would typically
see from a North Korean hack. A new report from the Chinese cybersecurity agency describes the attack
as a state-level hacker operation, likely led by the U.S. They noted that the quiet and delayed
movement of the funds suggested government activity rather than a typical hacker. The agency
further claimed the Bitcoin are related to a U.S. case against Chinese national Chen Ji.
She is the chairman of Prince Group, which the DOJ is alleging to be a multinational criminal
organization. They are alleged to have run a vast pig-butchering scam network out of call centers in
Cambodia, as well as one of the largest dark web markets called Huyan Guarantee. The allegations
are gnarly discussing large-scale human trafficking and forced labor used to man the call centers.
Charges against Xi were announced in mid-October of this year, with the DOJ boasting of the
largest ever Bitcoin seizure alongside. The numbers line up with the DOJ filing for the forfeiture of
around 127,000 Bitcoin at the same time. An account of the seizure was completely absent from
the press release. It said that Xi had the private keys to the Bitcoin wallets in his possession,
but given Xi is still at large, he can have voluntarily turned them over. Many suspected government
hacking at the time, but we had very little information to go from. The Chinese cybersecurity
agency is now heavily implying that state-sponsored hacking was the mechanism, stating,
the U.S. government may have already used hacking techniques as early as 2020 to steal the
127,000 bitcoins held by Chenji. They continued,
this is a classic Black Eats Black operation orchestrated by a state-level hacking group.
She and Prince Group released a denial of all allegations on Tuesday,
their first communication on the matter and interestingly coming less than a week after
the allegations of state-sponsored hacking out of Beijing.
Now, there has been a huge amount of fresh attention on this case over the past week,
26 million worth of luxury cars in Taiwan over the weekend,
and Bloomberg reported on a multi-million dollar embezzlement from Xi's Singapore
family office. This isn't just some unknown scammer hiding out in Southeast Asia.
Xi was a prominent businessman in charge of a large corporate empire with very obvious and vast wealth.
In that light, it's interesting to see Beijing weighing in on the situation.
The agency report doesn't actually lend any real support to Xi. It's merely a technical
postmortem designed to educate Bitcoin users in China. The report does seem to imply that
Lebuin was not related to Xi and the asset seizure was used as a cover for the Lebuyan hack.
Regardless of the specifics, it's a wild allegation to claim the U.S. might have a team of hackers
on the payroll going after Bitcoin owned by international crime organizations.
So, do we think that's really plausible and what are the implications if it's true?
First of all, it's important to note that this doesn't have anything to do with systemic problems
with Bitcoin or a suggestion that the network is hackable.
This was a very specific problem with a private key generator.
Security expert Taylor Monaghan took a look at the hack back in October when the indictment
was unsealed, concluding, I guess the one takeaway is that this dude, Chenji,
or his friends or services he was using, or his dev or whatever, were apparently absolute
shit at generating wallets with enough entropy for years, RIP.
As for whether the U.S. government has a crack team of crypto hackers on the payroll,
Mike Solana of PirateWires is unconvinced, tweeting,
would be cool if our government were this competent.
Now, while the idea of state-sanction hackers going after Bitcoin held by criminals
seems a little far-fetched, it might not be all that out there.
This was actually a serious proposal put forward by Chris Perkins,
the president of Coin Fund, and Christian Carlo, former CFTC chairman in February of this year.
They viewed the sanctioning of state-sponsored hacking as a solution to bad actors like
North Korea's Lazarus Group.
At the time, the $1.4 billion-by-bit hack was fresh in everyone's minds, and radical ideas were
being floated. Perkins and Giancarlo suggested the U.S. should revive the 200-year-old idea of
privateers, pirates who had a government license to attack the ships of bad actors on the high seas.
They argued that a crypto-privateer initiative, quote, would deliver a low-cost, flexible,
and effective option to address unconventional national security challenges.
The concept was later contained in a bill proposed by Republican Congressman David Schweigart
in August. The bill would codify and expand the powers of the president to grant these
privateering licenses to hackers. Now, it is worth noting that if this were a state-sponsored attack,
Christian Carlo was one of the few crypto experts in the previous Trump administration that could have
given the green light. The other note about this is that Bitcoin now seems to be part of a
geopolitical squabble that's becoming quite significant. When the seizure was first announced,
it was basically assumed these 127,000 Bitcoin would find their way into the Strategic
Bitcoin Reserve in due course. Now, Beijing seems to be making a claim that they weren't seized
from a criminal, but rather hacked from an unrelated Chinese mining pool. Not like these two countries
don't already have enough to be going on, but another $13 billion in a U.S. state-sponsored hacking
episode could easily spark a fresh dispute. Legacy internet and infrastructure are brittle,
plagued by downtime, coverage gaps, and outdated financing models. Communities and builders
are left behind while capital sits locked out. Althea is changing that. Since 2018, their
technology has powered resilient, sustainable networks across the U.S. and abroad. With Althea L1,
they built the world's first blockchain purpose-built for utilities and telecom, turning infrastructure
into a transparent, investable asset class.
Through liquid infrastructure, networks can now be financed in real time,
operated more efficiently and scaled to meet the $3 trillion telecom and utilities market.
This is fintech for infrastructure,
connecting capital directly to builders and returning revenue seamlessly to funders.
No middlemen, no bottlenecks, just sovereign, resilient infrastructure
that works for people, communities, and investors alike.
Learn more at althea.net and find them on Crackin to join the future of infrastructure finance.
Next up, moving to a totally different side of the industry, Coinbase is bringing ICOs back
to the U.S. with the launch of a new token sales platform. The platform will allow retail investors,
including non-accredited investors in the U.S. to participate in token launch sales.
The first token to be sold is Monad with the sale taking place next week ahead of Mainnet
launch the following week. Now, if you weren't around for the ICO craze in 2017, then you missed
one of the most insane periods in crypto history. For a very brief window, token projects could
sell or at least were selling directly to U.S. retail investors. It was a little bit like the
NFT craze, but instead of monkey pictures, founders were selling the concept of a crypto token.
In most cases, the projects were a little more than a white paper and a deposit address.
Now, I actually think that the ICO movement has been a little bit maligned by history.
There were, in fact, many founders who were generally excited about themes of decentralization.
However, things did get totally insane, and whatever legitimate excitement there was,
was very quickly overwhelmed by a spectrum of scammers and hocksters who pumped,
hundreds, if not thousands of vaporware tokens that quickly crashed and faded from memory.
Now, it is worth noting that each token launch required a significant amount of technical
skill back then, meaning that 2017 did not see millions of token launches like we experienced
during the meme coin craze. For that reason, and due to the very primitive liquidity
conditions in the crypto space at the time, the ICO boom was a relatively straightforward
trading environment. Most of the small handful of coins launched in a given week would pop,
traders would dump their bags and crash the chart, and then everyone would show up and do it
again the next week. This eventually led to a very adverse environment for fundraising, which was
ostensibly the point. Traders would clog Ethereum with transactions desperately trying to get an
allocation that could sell out in seconds. These buyers typically had zero intention of sticking around
beyond a day or two. By the end of the ICO boom, there was only the bearer pretense that
any of this stuff does anything, and eventually it all came crashing down. In bringing back ICOs,
Coinbase has thought through those issues and proposed some sale rules to mitigate them.
First, this is a curated sales platform, so we won't get the same volume of vaporware we saw in 2017.
Coinbase is planning to conduct around one token sale a month.
Second, Coinbase is going to prioritize filling smaller allocations first in an attempt to avoid large whales buying up the entire supply.
Controversially, for some, token buyers who sell their allocation within 30 days may see smaller allocations on later token launches.
Coinbase says this is designed to, quote, prioritize access to a project's real users.
Garga, one of the founders of the Bored Ape Yacht Club, wrote,
If you sell your allocation immediately, you're punished. Welcome to the world of the crypto credit score,
citizen. In addition, Coinbase is attempting to keep the early investors from using retail as
ex-liquidity by setting a few standards. They've laid out key disclosures around tokenomics and
identity of the team, which sound a lot like the proposals coming from regulators.
Interestingly, the Monad documents include a disclosure of which market makers are participating
in the terms of their token loan. Now, this type of disclosure is table stakes for an IPO or
an ETF listing, but hasn't been a part of token launches in the past. Issuers and early investors,
will also be prevented from selling for six months after the public sale. Finally, Coinbase are
charging zero listing fees to projects, with many people drawing the connection between the fight
over Binance's listing fees from last month. Juan Leon, the senior investment strategist
at Bitwise wrote, Remember the 2017-2018 ICO bust? The Wild West of token sales was defined
by gas wars, anonymous teams, rampant scams, and immediate whale dumping. Coinbase just created a regulated
IPL model for crypto tokens, and it's a direct answer to every one of those problems.
Now, if you're wondering about the legality of all of this, Coinbase seems to think they're in the clear.
Jess, the founder of Seed Club, asked Coinbase to clarify and got this response.
Quote, token sales don't involve the sale of securities, so the accredited versus
non-accredited distinction isn't applicable and any retail trader on Coinbase in the U.S. can
participate.
Meaning, it seems like Coinbase has strong legal advice if the Howie Test doesn't apply in this
case.
EJaz, a former Coinbase and Consensus employee, wrote,
Coinbase launching an ICO platform is all the evidence you need to know the Clarity Act is
getting passed. Launching a token used to be enough to send you to jail in the U.S.
and now it's about to be a legal instrument to raise capital, govern bath swads of internet
native capitalists, and return profits in the form of dividends and buybacks, for anyone anywhere
in the world. I think many are underestimating what this means for the industry at large.
For some from the outside, it looks like a bad idea. Alex Johnson of FinTech commentator wrote,
didn't we do the ICO thing already and didn't it not go very well? But frankly, things like
memecoin mania seem like a direct result of not having a path for legitimate projects to launch in the
U.S. Sure, maybe it'll end up the same way it did in 2018, but there are many people that think
it's worth another try. Robbie Ferguson, the co-founder of NFT platform, Immutable, wrote,
At the start of the year, the word ICO was enough to get you on an SEC watch list. Now,
Coinbase, a publicly listed company, is launching an ICO platform with the SEC's blessing.
The next decade of crypto is going to be remarkable. Perfect end for today's breakdown.
Appreciate you listening, as always, and until next time, be safe and take care of each other.
Peace.