The $13 Billion Bitcoin Dispute: Decoding China's State-Hacking Accusation Against the US

The Accusation: A Technical Forensics Report Becomes Diplomatic Incident

China's National Computer Virus Emergency Response Center accused the United States government of orchestrating the theft of approximately 127,000 Bitcoin from the LuBian mining pool in December 2020. The agency released its analysis on November 10, 2025, through a technical report that reconstructed blockchain transactions, analyzed attack patterns, and concluded the hack was likely a "state-level hacker operation" led by the US rather than typical criminal behavior.

The timing matters. The US Department of Justice had announced criminal charges against Chen Zhi, chairman of Cambodia's Prince Group, in October 2025, along with a civil forfeiture complaint seeking control of 127,271 Bitcoin. American authorities characterized this as the largest cryptocurrency forfeiture in US history, targeting proceeds from an international fraud and money laundering network.

CVERC's report disputes this narrative fundamentally. The Chinese agency argues that the US government may have already used hacking techniques as early as 2020 to steal the 127,000 Bitcoins held by Chen Zhi, calling it a classic "black eats black" operation orchestrated by a state-level hacking organization.

The Timeline: Four Years Between Theft and Movement

Understanding the dispute requires reconstructing what happened when, using blockchain data that both sides acknowledge.

December 29, 2020: LuBian mining pool's Bitcoin wallet addresses experienced abnormal transfers totaling 127,272.06953176 BTC, worth approximately $3.5 billion at the time. The hack exploited a critical weakness in how the mining pool generated private keys for Bitcoin wallets, using a flawed random number generator called Mersenne Twister with only a 32-bit seed, making it vulnerable to brute-force attacks. All suspicious transactions shared the same transaction fee, indicating the attack was executed by an automated batch transfer script.

2021-2022: Chen Zhi and his Prince Group repeatedly posted messages on the blockchain appealing to the hackers to return the stolen Bitcoins and offering to pay a ransom, but received no response. They sent over 1,500 messages through Bitcoin transactions, spending about 1.4 bitcoins to plead for the return of their stolen funds.

Nearly four years of dormancy: After being stolen, this huge amount of Bitcoin remained dormant in Bitcoin wallet addresses controlled by the attackers for four years, almost untouched. This pattern forms a central pillar of China's argument—typical cybercriminals seeking profit would liquidate stolen cryptocurrency quickly, not leave billions dormant for years.

June-July 2024: According to Arkham data, an address labeled "LuBian.com Hacker" sent 120,576 BTC to an address labeled "US Government: Chen Zhi Seized Funds" in a single transaction on July 5, 2024. The dormant coins suddenly activated and moved to new blockchain addresses.

October 14, 2025: The US Department of Justice announced the unsealing of an indictment charging Chen Zhi with wire fraud conspiracy and money laundering conspiracy for directing Prince Group's operation of forced-labor scam compounds across Cambodia. The DOJ simultaneously filed civil forfeiture proceedings for the 127,271 Bitcoin.

The US Position: Criminal Proceeds from Fraud Network

American authorities present a straightforward law enforcement narrative. The DOJ describes the seizure as targeting proceeds from Chen Zhi's criminal enterprise, which operated forced labor camps in Cambodia for cryptocurrency fraud schemes including "pig butchering" scams that stole billions from victims worldwide.

The indictment portrays Chen Zhi as operating an international fraud network using trafficked workers forced to conduct online romance and investment scams. The indictment alleged that Chen and co-conspirators laundered illicit proceeds by using them to fund "large-scale" crypto mining operations including LuBian, noting that addresses associated with LuBian "received large sums of cryptocurrency from sources unrelated to new mining".

Under this framework, the Bitcoin represents criminal assets legitimately seized through established legal procedures. The US government disputed CVERC's claims, maintaining that the seizure was a legitimate law enforcement action targeting criminal proceeds. CoinDesk reached out to the US Treasury and Department of Justice for comment but hadn't heard back by press time following CVERC's report release.

Federal prosecutors declined to comment on how or when they obtained control of the Bitcoin, leaving a critical gap in the official narrative: if Chen Zhi's operation was entirely criminal, why did it take four years after the hack for the US to move the coins? And how did American authorities gain access to private keys that had been stolen in 2020?

The Chinese Position: State-Sponsored Hack Disguised as Law Enforcement

CVERC's technical report constructs an alternative timeline suggesting US intelligence agencies orchestrated both the original hack and the subsequent seizure.

The agency emphasizes several behavioral patterns inconsistent with typical cybercrime. The quiet and delayed movement of the stolen Bitcoin suggests a government-level action rather than typical criminal behavior. Criminal hackers seeking profit operate on compressed timelines—steal, launder, liquidate. Leaving $3.5 billion (eventually worth over $13 billion) untouched for four years contradicts standard criminal economics.

CVERC's report describes the situation as an "internal showdown among thieves" and argues that only part of the seized funds came from illegal sources, estimating that around 17,800 BTC were mined independently, 2,300 BTC came from pool payments, and the rest originated from exchanges. This directly challenges the DOJ's assertion that all of Chen Zhi's assets were criminal proceeds.

The Chinese report suggests a specific operational model: US intelligence agencies hacked the LuBian pool in 2020, retained control of the private keys, monitored Chen Zhi's activities for years, then executed a legal seizure once sufficient evidence of fraud had accumulated. Under this interpretation, the DOJ's criminal case against Chen Zhi provides legal justification for taking possession of Bitcoin the US government had already accessed through clandestine means.

The Chinese government has recently become increasingly vocal in accusing the American government of hacking campaigns, with earlier accusations this year that the US exploited a flaw in Microsoft Exchange servers to attack Chinese companies, and claims of having "irrefutable evidence" of a US cyber attack against China's National Time Service Center.

The Blockchain Evidence: What Can Be Verified

Both narratives rely on blockchain transaction data, which provides transparent records of Bitcoin movements but cannot reveal who controlled the private keys at any given time or their motivations.

Verifiable facts from blockchain analysis:

• 127,272.06953176 BTC was transferred from LuBian wallet addresses on December 29, 2020
• The transactions occurred in approximately two hours with identical fees, consistent with automated scripting
• The coins remained in the attacker-controlled addresses for nearly four years with minimal movement
• Between June 22 and July 23, 2024, the stolen Bitcoin was transferred again to new on-chain addresses
• Blockchain analytics firm Arkham identified the receiving addresses as controlled by the US government

What blockchain data cannot reveal:

• Who possessed the private keys during the dormancy period (2021-2024)
• Whether control changed hands or remained constant throughout
• The motivation for the four-year delay before movement
• Whether the 2024 transfers represented new seizure activity or movement of previously controlled assets

The technical vulnerability exploited in the hack provides additional context. LuBian used a flawed random number generator with only a 32-bit seed, allowing attackers to predict private keys and drain wallets. This type of cryptographic weakness could be exploited by sophisticated state actors, criminal hacking groups, or security researchers—the technical method doesn't inherently reveal the perpetrator's identity.

Chen Zhi and Prince Group: The Central Figure

Chen Zhi, Chairman of the Cambodia Prince Group, was the holder of the massive amount of Bitcoin stolen from LuBian. His role complicates both narratives.

If Chen Zhi operated solely as a legitimate mining pool operator whose assets were stolen by hackers, the US seizure appears problematic. But if Chen Zhi's mining operations primarily laundered proceeds from fraud schemes, his victimhood becomes questionable—criminals who steal from other criminals complicate attribution and legal frameworks.

A lawyer for Chen filed a letter with a US court asking for more time to allow Chen to trace the stolen Bitcoin from LuBian, calling the government's allegations about Chen "seriously misguided". Chen is not in US custody, and his legal team is working with cryptocurrency experts to establish the provenance of the seized Bitcoin.

The Prince Group's operations span multiple jurisdictions with varying regulatory frameworks. The DOJ charged Chen Zhi with directing Prince Group's operation of forced-labor scam compounds across Cambodia, suggesting an extensive criminal enterprise. Yet establishing jurisdiction, gathering evidence, and proving criminal enterprise across borders involves complex international cooperation—or unilateral action that other nations might characterize as overreach.

The Attribution Problem: Cyber Operations Without Clear Fingerprints

Cyber attribution remains one of the hardest problems in international security. Unlike kinetic weapons that leave physical evidence, digital attacks can be routed through proxies, employ stolen tools, and mimic other actors' techniques.

China's allegations tend to be broad and lack the forensic details that are sometimes included when the US accuses a foreign adversary of hacking. CVERC's report provides blockchain transaction analysis and timing arguments but doesn't present technical evidence linking specific US intelligence capabilities to the 2020 hack.

The US, conversely, hasn't explained how it obtained control of the private keys if the coins were truly stolen by external hackers in 2020. Standard law enforcement cryptocurrency seizures involve cooperation from exchanges, court orders for hosted wallets, or arrests of suspects who provide access. Federal prosecutors declined to comment on how or when they obtained control of the Bitcoin, leaving the mechanism of US access unexplained.

Three scenarios could explain the facts:

Scenario One - Chinese narrative: US intelligence agencies hacked LuBian in 2020 using advanced techniques, maintained control of private keys for four years while building a criminal case against Chen Zhi, then executed legal seizure using the fraud investigation as justification.

Scenario Two - US narrative: External hackers stole the Bitcoin in 2020. Through investigation of Chen Zhi's fraud operations, US authorities discovered Chen had obtained or controlled the stolen coins through criminal channels. The US legitimately seized criminal proceeds through standard forfeiture procedures.

Scenario Three - Mixed attribution: External hackers stole the coins in 2020. US intelligence subsequently gained access to the private keys through signals intelligence, informants, or technical means. The criminal case against Chen Zhi provided legal framework for taking formal custody of Bitcoin the US had already accessed through other channels.

Each scenario has different legal, diplomatic, and precedential implications. The opacity of the situation reflects broader challenges in cyber conflict—actions occur in shadow, attribution remains contested, and international legal frameworks lag behind operational capabilities.

Geopolitical Context: Cryptocurrency as Strategic Asset

The dispute occurs against escalating US-China technological competition spanning semiconductors, artificial intelligence, quantum computing, and digital infrastructure. Cryptocurrency represents another domain where strategic advantage, legal jurisdiction, and technical capabilities intersect.

US President Donald Trump recently declared that the US is "far ahead of China and everybody else" in cryptocurrency adoption, noting that "China is getting into it in a very big way right now". Both nations recognize digital assets as economically significant and potentially strategically valuable.

The batch of LuBian-derived Bitcoin holdings accounts for at least 39% of all 326.5 BTC ($34.2 billion) held in US government-associated addresses. This represents substantial value on national balance sheets, but more importantly, establishes precedent for state control and seizure of decentralized assets.

China banned cryptocurrency mining and trading in 2021, forcing operations to relocate and disrupting domestic blockchain infrastructure. The LuBian hack occurred in December 2020, just months before these regulatory changes took effect. Whether this timing is coincidental or connected remains unclear.

For cryptocurrency advocates, the dispute highlights vulnerability to state power regardless of blockchain's decentralized design. Governments can seize coins through legal process, technical exploitation, or jurisdictional claims. The ideal of "censorship-resistant money" confronts reality when superpowers apply their full intelligence and law enforcement apparatus.

Legal Frameworks: Where International Law Breaks Down

Traditional international law developed for physical territory, conventional warfare, and established diplomatic norms. Cryptocurrency exists in jurisdictional limbo—simultaneously everywhere and nowhere, subject to competing legal claims without clear hierarchical resolution.

The US Department of Justice filed a civil forfeiture case seeking control of approximately 127,271 Bitcoin, valued at over $15 billion, saying the move was coordinated with international partners to compensate victims of Chen's network. Civil forfeiture allows governments to seize assets believed connected to criminal activity without necessarily convicting the owner of crimes.

China's position challenges not just the factual basis of the US seizure but its legal legitimacy. If the original hack was state-sponsored by the US, subsequent legal proceedings would constitute retroactive justification for government theft disguised as law enforcement.

No international framework adjudicates such disputes. The International Court of Justice handles cases between consenting nations. The International Criminal Court addresses individual criminal responsibility, not state-sponsored cyber operations. Cryptocurrency theft across borders falls into a governance vacuum where power, rather than established legal principles, determines outcomes.

Market Implications: Cryptocurrency Neutrality Under Question

At Bitcoin's October 2025 peak of $126,000, the seized coins were worth over $16 billion. Current valuations place the holdings at approximately $13.3 billion. Price fluctuation affects the nominal value of the dispute but doesn't alter its fundamental character.

More significant than dollar amounts: the case demonstrates that blockchain transparency cuts both ways. According to Arkham data, transactions from "LuBian.com Hacker" addresses to "US Government: Chen Zhi Seized Funds" are publicly visible and permanently recorded. This allows for post-hoc analysis, attribution, and dispute—but also enables sophisticated state actors to track, trace, and potentially seize cryptocurrency assets.

Investors face uncomfortable questions about cryptocurrency's risk profile when major powers clash. If the US can seize $13 billion in Bitcoin from a Cambodian citizen based on blockchain forensics and fraud allegations, what protections exist for others? If China's allegations prove accurate and the US orchestrated the hack then legalized the theft, how does that affect trust in cryptocurrency as neutral, apolitical money?

The decentralization of Bitcoin's network doesn't prevent centralization of wealth through seizure. Private keys stored in hardware wallets or cold storage remain vulnerable to legal compulsion, technical exploitation, or physical coercion. Blockchain immutability preserves transaction records but cannot protect assets from state power.

Technical Security Lessons: Weak Randomness as Critical Vulnerability

Beyond geopolitics, the LuBian hack highlights enduring security challenges in cryptocurrency infrastructure.

The system used a flawed random number generator called Mersenne Twister with only a 32-bit seed, making it vulnerable to brute-force attacks, allowing attackers to predict the private keys and drain the wallets. This represents a catastrophic implementation failure—using a pseudo-random number generator designed for simulations and games, not cryptographic security.

The defect made it possible for attackers to brute-force thousands of wallet keys within hours, draining more than 90% of LuBian's holdings. Similar vulnerabilities have affected other platforms: Wintermute lost $160 million in 2022 due to similar weak random number generation issues.

Cryptographic security depends on entropy—genuine randomness in key generation. When systems use predictable pseudo-randomness, sophisticated attackers can reverse-engineer private keys by narrowing the search space. A 32-bit seed provides only 4.3 billion possible values, trivial to exhaust with modern computing power when billions of dollars are at stake.

The technical lesson transcends the US-China dispute: cryptocurrency security requires rigorous implementation of cryptographic best practices. Weak randomness, poor key management, and inadequate security audits create vulnerabilities that state actors or advanced criminal groups can exploit at scale.

Information Gaps: What Remains Unknown

Despite extensive blockchain data and competing official reports, critical facts remain undetermined:

Technical access: How did whoever controlled the private keys after the 2020 hack obtain them? Through brute-force attack exploiting weak randomness? Through insider access? Through signals intelligence targeting Chen Zhi's infrastructure? The method matters for attribution.

Custody timeline: Did control of the private keys change hands between December 2020 and July 2024? Or did the same entity maintain possession throughout? Blockchain shows coin movements but cannot reveal who controlled addresses during dormancy.

US knowledge: When did American authorities first become aware of the LuBian hack? If before 2024, why did they wait years to take custody? If only in 2024, how did they locate and access coins that had been stolen and hidden for years?

Chen Zhi's operations: What proportion of LuBian's Bitcoin came from legitimate mining versus proceeds from fraud schemes? CVERC estimates around 17,800 BTC were mined independently and 2,300 BTC came from pool payments, but verification requires forensic accounting of all input sources.

International cooperation: Did any other nations participate in or have knowledge of the US seizure operation? Were Cambodian authorities involved given Chen Zhi's location? International law enforcement cooperation norms suggest coalition actions for cross-border cases, but no partners have been publicly identified.

Precedent and Future Implications

The dispute establishes concerning precedents regardless of which narrative proves accurate.

If China's allegations are correct—the US hacked the LuBian pool then retroactively legalized the seizure—it demonstrates that major powers can weaponize cryptocurrency theft and use legal processes to legitimize state-sponsored cybercrime. Other nations might adopt similar tactics: hack, wait, then seize through constructed legal justification.

If the US narrative is accurate—criminal proceeds were legitimately seized through standard law enforcement—it still demonstrates that blockchain transparency enables governments to track and seize cryptocurrency at scale across jurisdictions. The largest forfeiture in US history sends clear signals about state capacity to enforce claims over digital assets regardless of intended decentralization.

The broader implications of CVERC's report go beyond the cryptocurrency industry. Accusing a foreign government of orchestrating a multi-year cyber theft introduces a new front in global cybersecurity disputes. Future conflicts might increasingly involve competing claims over digital asset ownership, with each side framing their actions as lawful and the opponent's as criminal.

Without coordination, major powers apply their own version of justice, turning crypto seizures into instruments of statecraft rather than effective crime prevention. The case illustrates how cryptocurrency's borderless nature collides with territorial sovereignty, creating zones where power rather than law determines outcomes.

Conclusion: Contested Facts in the Blockchain Era

The LuBian Bitcoin dispute demonstrates how blockchain transparency fails to resolve fundamental attribution questions. Every transaction is visible, permanently recorded, and independently verifiable—yet disagreement remains about who controlled addresses, why coins stayed dormant for years, and whether the US seizure represents legitimate law enforcement or something more complex.

China and the United States agree on basic facts: 127,000 Bitcoin were transferred from LuBian addresses in December 2020, remained dormant for nearly four years, then moved to US government control in 2024. Beyond this chronology, narratives diverge completely. China sees state-sponsored cyber theft disguised as legal process. America sees criminal asset forfeiture following fraud investigation.

The dispute likely won't be resolved through diplomatic channels, international courts, or blockchain forensics. Each side possesses information the other cannot independently verify. No neutral arbiter commands authority to compel disclosure or adjudicate claims. The coins sit in US custody; China objects; life continues.

For cryptocurrency's future, the case poses difficult questions. If Bitcoin remains vulnerable to state-level exploitation despite cryptographic security, what does decentralization actually protect? If the largest forfeiture in history involved contested attribution and opaque government access to supposedly secure wallets, how do other holders protect themselves from similar fate?

Blockchain provides perfect record-keeping for transactions that occurred. It cannot reveal intentions behind them, legitimate authority to execute them, or appropriate resolution when nations clash over digital assets worth billions. The LuBian case suggests that cryptocurrency's governance challenge isn't technical—it's political, legal, and ultimately about power rather than protocol.