The $15 Billion Bitcoin Seizure: Inside the Lubian Mining Pool, Weak Randomness, and the 5-Year-Old Milk Sad Mystery

The largest Bitcoin seizure case in American history

In October 2025, the U.S. District Court for the Eastern District of New York disclosed that the U.S. government had seized 127,271 Bitcoins, valued at approximately $15 billion at market price. These Bitcoins were identified as significant assets in the money laundering network of the Cambodian Prince Group. The U.S. Marshals Service (USMS) has now taken over these Bitcoins and completed the transfer of 9,757 BTC to the official custody address on October 15.

Community analysis suggests that this batch of Bitcoin is closely related to the Lubian Mining Pool that mysteriously disappeared in 2020 - that security disaster known as the ‘Milk Sad incident’ may have been a precursor to this seizure.

From Lubian to Prince Group: The Flow of Funds Comes to Light

Lubian Mining Pool suddenly rose in 2020, with no background and no official website, yet quickly occupied about 6% of global hash power. It was later discovered that its private key generation mechanism had serious randomness vulnerabilities. Server controlled by Chen Zhi, an executive of the Prince Group, and his family allegedly stored some wallet mnemonics or private key files. The indictment from the U.S. Department of Justice pointed out that Lubian Mining Pool was used to “launder newly mined cryptocurrency assets.”

Mersenne Twister: A time bomb buried in the wallet generator

The random number algorithm Mersenne Twister MT19937-32 used by Lubian is not a cryptographically secure random source. Its output has periodic patterns that can be exploited by hackers through brute force enumeration to deduce private keys. The Milk Sad research team pointed out that at least 53,500 BTC were stored in such “weak private key wallets” between 2019 and 2020, including whale-level addresses and miner reward wallets.

The outbreak and concealment of weak random number attacks

On December 28, 2020, a large number of Lubian-related addresses were emptied within a few hours, with approximately 136,951 BTC (about 3.7 billion USD) transferred out. The transaction fees were consistent, and the operations were precise, demonstrating a high level of technical proficiency. However, the incident was not initially viewed as a hacking attack; some in the community even considered it a mining pool reorganization. It wasn’t until a few years later that the Milk Sad team reverse-engineered the random number vulnerability, revealing this chain disaster.

From Trust Wallet to bx seed: Reproducing the chain vulnerability

This randomness vulnerability is not an isolated case. Between 2022 and 2023, Trust Wallet and Libbitcoin Explorer 3.x were both found to use the same MT19937 algorithm, resulting in the theft of hundreds of BTC. In August 2023, after the Milk Sad team publicly disclosed the bx seed vulnerability, it was found that its historical victim timeframe overlapped with that of the Lubian wallet, and the timing of large on-chain fund transfers also matched perfectly with the events at the end of 2020.

The truth five years later: randomness is the final line of defense.

The latest case disclosed by the U.S. Department of Justice has finally brought this dormant whale, which has been asleep for 5 years, back to the surface. These Bitcoins are considered to come from wallets with “randomness failure,” ultimately falling into the control of money laundering groups. As researchers say: “Not your keys, not your coins—but the premise is that this key really needs to be random.”