Arkham has published analysis data linking wallets to the theft of 127,425 BTC from the LuBian mining pool in 2020. Worth $3.5 billion at the time and over $14 billion today.
OP_RETURN was introduced in 2014 to allow small pieces of data to be written into Bitcoin transactions. In 2025, Bitcoin Core removed the size limit. That change now makes it possible to inscribe entire identity claims directly into blocks.
In 2020 LuBian used OP_RETURN to send public messages to the hacker, such as please return our funds, in an effort to reach them via the blockchain.
Today Arkham is using the same function to post bounty returns containing detailed claims about who controls specific wallets. These bounty returns can include names, wallet addresses, and on-chain heuristics that point to likely ownership or intent. The data is embedded directly into the Bitcoin blockchain.
LuBian never publicly disclosed the theft. The hacker never came forward. Arkham’s post is the first public attribution of what may be the largest Bitcoin theft in history.
According to Arkham’s top holders list, the LuBian hacker still controls over 127,425 BTC, more than the Mt. Gox hacker and most major entities.
In a system where data cannot be changed or removed, these developments raise questions about how privacy should be protected. It also points to a growing role for tools, such as eCash or other privacy layers.
In a week where state surveillance powers are expanding and companies are embedding identity claims directly into public blockchains, the role of privacy preserving tools like eCash has never been more urgent.
Privacy is a normal and necessary part of everyday life. That expectation should extend to our digital and financial systems, especially as they become more focused on monitoring, identification, and control.
The case for privacy tools is only getting stronger.
