In October 2025, the U.S. government seized approximately 127,271 Bitcoin, valued at $15 billion, linked to a money laundering network associated with the Prince Group of Cambodia.

The Bitcoin was not confiscated by brute-forcing the private keys. Instead, the involved wallets were compromised because they used a flawed pseudorandom number generator (Mersenne Twister MT19937-32) to create their private keys, which contained a randomness vulnerability.

This vulnerability made the private keys susceptible to brute-force enumeration. Between 2019 and 2020, weak-key wallets generated this way accumulated over 50,000 BTC, some of which were linked to the Lubian mining pool.

In December 2020, approximately 136,951 BTC from these weak-key wallets was moved out in a large-scale transfer. This was not clearly identified as theft at the time, and some of the funds may have flowed back into the mining pool.

Similar vulnerabilities have affected other projects, such as Trust Wallet and Libbitcoin Explorer. The connection to the Lubian incident was only discovered retrospectively after security teams publicly disclosed the vulnerabilities in 2023.

This case highlights the critical importance of random number generation in cryptocurrency security. If private keys are generated using weak random algorithms, assets can be at risk of unauthorized access.

---

Summary

Author: BUBBLE

In October 2025, a federal court in the Eastern District of New York unveiled an unprecedented cryptocurrency seizure. The U.S. government confiscated 127,271 Bitcoin, worth approximately $15 billion at market prices.

The Seizure Method: Exploiting a Flaw, Not Brute Force

According to Shenyu, co-founder of Cobo, law enforcement did not obtain the private keys through brute-force attacks or hacking. Instead, they exploited a randomness vulnerability. Some forum discussions suggested that authorities directly seized the mnemonic phrases or private key files from servers and hardware wallets controlled by Prince Group executive Chen Zhi and his family, though the specific facts have not been officially confirmed in public reports.

These hardware wallets were subsequently transferred to a multisignature cold storage vault under the custody of the U.S. Department of the Treasury's U.S. Marshals Service (USMS). The transfer of 9,757 BTC signed by the USMS to an official custody address on October 15, 2025, originated from this seizure. The U.S. Department of Justice described Lubian in its indictment as part of the Prince Group's money laundering network, emphasizing that the criminal organization attempted to use "new coins" mined by the pool to launder proceeds from fraud.

The Lubian Pool and the 'Milk Sad' Incident

Some community members tracking on-chain data believe this is the same batch of Bitcoin stolen from the Lubian mining pool due to a vulnerability in late 2020. The Lubian pool emerged suddenly in 2020 with no public team background or operational model, yet its hash rate skyrocketed within months, briefly ranking among the world's top 10 mining pools and accounting for nearly 6% of the global network hash rate.

The report mentioned that Chen Zhi boasted to other Prince Group members about "considerable profits because there are no costs." It remains unclear whether Chen Zhi founded or later took control of the pool. This case has resurfaced the dormant "whale," prompting a re-examination of the wallet private key security disaster lurking around 2020.

During subsequent investigations, researchers found that the first two words of the first mnemonic phrase generated by the flawed process were "Milk Sad," leading the event to be dubbed the "Milk Sad" incident.

The Hidden Danger of Weak Random Number Generation

The root cause traces back to the Mersenne Twister MT19937-32, a pseudorandom number generator (PRNG).

A Bitcoin private key should consist of a 256-bit random number, theoretically offering 2^256 possible combinations. Generating an identical sequence would require perfectly matching the outcome of 256 "coin flips"—a probability so infinitesimally small it's effectively zero. Wallet security relies not on luck, but on this vast possibility space.

However, the Mersenne Twister MT19937-32 PRNG used by tools like the Lubian pool was not a truly fair "coin-flipping machine." It was more like a malfunctioning device, always selecting numbers from a limited and predictable range.

Once attackers understood this pattern, they could rapidly enumerate all possible weak private keys through brute-force attacks, thereby unlocking the corresponding Bitcoin wallets.

Due to some wallet or pool users misunderstanding security, between 2019 and 2020, many Bitcoin wallets generated using this "weak random algorithm" accumulated staggering wealth, with large amounts of funds flowing into this vulnerable range.

According to the Milk Sad team's statistics, the cumulative Bitcoin balance held by these weak-key wallets一度 exceeded 53,500 BTC at one point between 2019 and 2020.

The fund sources included whale-level concentrated transfers – four weak wallets received about 24,999 BTC in a short period in April 2019 – and daily mining rewards. Certain addresses received over 14,000 BTC marked as "lubian.com" miner rewards over a year. It's now known that 220,000 such wallets exist, and their holders, evidently unaware of the private key generation flaw, continued to deposit assets into them.

The Great Drain of Late 2020

The long-lurking security risk erupted in late 2020. On December 28, 2020, anomalous on-chain transactions appeared. A vast number of wallets within the Lubian weak-key range were drained within hours, with approximately 136,951 BTC transferred out in one sweep. Valued at around $26,000 per BTC then, this amounted to roughly $3.7 billion.

The transaction fees were fixed at 75,000 sats, regardless of the amount, indicating the operator was highly familiar with Bitcoin network operations. Some funds subsequently flowed back to the Lubian pool for future mining rewards, suggesting not all transferred assets ended up with hackers. But for the victims, the loss was real.

More bizarrely, some on-chain transactions carried messages, such as "To the white hat who saved our assets, please contact 1228btc@gmail.com." Since the weak private key addresses were exposed, anyone could send transactions with messages to these addresses; these notes didn't necessarily come from the actual victims.

Whether it was hacker mockery or victim pleas for help remains unknown. Crucially, this massive transfer was not immediately recognized as theft at the time.

Milk Sad researchers later admitted in their analysis that, given Bitcoin's price surge and the cessation of pool payouts, they were uncertain whether it was a hack or the Lubian management selling at a high and reorganizing wallets. They noted, "If a theft occurred in 2020, it would predate the confirmed timeline of Mersenne Twister weak-key attacks, but we cannot rule out the possibility."

Because of this uncertainty, the fund exodus in late 2020 failed to trigger an industry-wide alarm. The massive Bitcoin hoard remained dormant on the blockchain for years, becoming an unresolved mystery.

Other Victims and a Delayed Alarm

Lubian wasn't the only casualty. Older versions of Trust Wallet were also affected. On November 17, 2022, the security research team Ledger Donjon first disclosed a random number vulnerability in Trust Wallet to Binance. The team reacted swiftly, pushing a fix to GitHub the next day, and began notifying affected users.

However, it wasn't until April 22, 2023, that Trust Wallet officially publicized the vulnerability details and compensation measures. During this period, hackers exploited the flaw to launch several attacks, including one on January 11, 2023, that stole about 50 BTC.

Meanwhile, a vulnerability was brewing in another project.

The bx seed command in Libbitcoin Explorer version 3.x used the MT19937 PRNG algorithm seeded with a 32-bit system timestamp, resulting in a key space of only 2^32 combinations.

Hackers soon began probing attacks. From May 2023 onward, multiple small thefts appeared on-chain. The assault intensified, culminating on July 12, 2023, with numerous wallets generated by bx being swept clean. On July 21, 2023, Milk Sad researchers, while helping a user investigate losses, identified the root cause: the weak randomness in bx seed made private keys brute-force enumerable. They promptly reported it to the Libbitcoin team.

However, as the command was considered a testing tool by the official team, initial communication was challenging. The researchers eventually bypassed the project maintainers and publicly disclosed the vulnerability on August 8, 2023, applying for a CVE ID.

It was this discovery in 2023 that prompted the Milk Sad team to retrospectively analyze historical data. They were astonished to find the connection between the weak-key range that accumulated massive funds from 2019 to 2020 and Lubian, and they identified the huge transfer that occurred on December 28, 2020.

At that time, about 136,951 BTC resided in these weak wallets. The large-scale withdrawal that day was worth about $3.7 billion, and the last known movement was a wallet consolidation in July 2024.

In other words, the suspicious nature of the Lubian incident only surfaced after the weak random vulnerability was exposed. The missed alarm window from years prior was gone, and the trail for the Bitcoin's whereabouts had gone cold. It took five years, until the joint lawsuit by the U.S. DOJ and UK authorities against the Prince Group and Chen Zhi, for clues to reemerge.

For the rest of us, the adage "Not your keys, not your crypto" now crucially depends on the premise of true randomness to be fully effective.

In October 2025, the U.S. government seized approximately 127,271 Bitcoin, valued at $15 billion, linked to a money laundering network associated with the Prince Group of Cambodia.

The Bitcoin was not confiscated by brute-forcing the private keys. Instead, the involved wallets were compromised because they used a flawed pseudorandom number generator (Mersenne Twister MT19937-32) to create their private keys, which contained a randomness vulnerability.

This vulnerability made the private keys susceptible to brute-force enumeration. Between 2019 and 2020, weak-key wallets generated this way accumulated over 50,000 BTC, some of which were linked to the Lubian mining pool.

In December 2020, approximately 136,951 BTC from these weak-key wallets was moved out in a large-scale transfer. This was not clearly identified as theft at the time, and some of the funds may have flowed back into the mining pool.

Similar vulnerabilities have affected other projects, such as Trust Wallet and Libbitcoin Explorer. The connection to the Lubian incident was only discovered retrospectively after security teams publicly disclosed the vulnerabilities in 2023.

This case highlights the critical importance of random number generation in cryptocurrency security. If private keys are generated using weak random algorithms, assets can be at risk of unauthorized access.

---

Summary

Author: BUBBLE

In October 2025, a federal court in the Eastern District of New York unveiled an unprecedented cryptocurrency seizure. The U.S. government confiscated 127,271 Bitcoin, worth approximately $15 billion at market prices.

The Seizure Method: Exploiting a Flaw, Not Brute Force

According to Shenyu, co-founder of Cobo, law enforcement did not obtain the private keys through brute-force attacks or hacking. Instead, they exploited a randomness vulnerability. Some forum discussions suggested that authorities directly seized the mnemonic phrases or private key files from servers and hardware wallets controlled by Prince Group executive Chen Zhi and his family, though the specific facts have not been officially confirmed in public reports.

These hardware wallets were subsequently transferred to a multisignature cold storage vault under the custody of the U.S. Department of the Treasury's U.S. Marshals Service (USMS). The transfer of 9,757 BTC signed by the USMS to an official custody address on October 15, 2025, originated from this seizure. The U.S. Department of Justice described Lubian in its indictment as part of the Prince Group's money laundering network, emphasizing that the criminal organization attempted to use "new coins" mined by the pool to launder proceeds from fraud.

The Lubian Pool and the 'Milk Sad' Incident

Some community members tracking on-chain data believe this is the same batch of Bitcoin stolen from the Lubian mining pool due to a vulnerability in late 2020. The Lubian pool emerged suddenly in 2020 with no public team background or operational model, yet its hash rate skyrocketed within months, briefly ranking among the world's top 10 mining pools and accounting for nearly 6% of the global network hash rate.

The report mentioned that Chen Zhi boasted to other Prince Group members about "considerable profits because there are no costs." It remains unclear whether Chen Zhi founded or later took control of the pool. This case has resurfaced the dormant "whale," prompting a re-examination of the wallet private key security disaster lurking around 2020.

During subsequent investigations, researchers found that the first two words of the first mnemonic phrase generated by the flawed process were "Milk Sad," leading the event to be dubbed the "Milk Sad" incident.

The Hidden Danger of Weak Random Number Generation

The root cause traces back to the Mersenne Twister MT19937-32, a pseudorandom number generator (PRNG).

A Bitcoin private key should consist of a 256-bit random number, theoretically offering 2^256 possible combinations. Generating an identical sequence would require perfectly matching the outcome of 256 "coin flips"—a probability so infinitesimally small it's effectively zero. Wallet security relies not on luck, but on this vast possibility space.

However, the Mersenne Twister MT19937-32 PRNG used by tools like the Lubian pool was not a truly fair "coin-flipping machine." It was more like a malfunctioning device, always selecting numbers from a limited and predictable range.

Once attackers understood this pattern, they could rapidly enumerate all possible weak private keys through brute-force attacks, thereby unlocking the corresponding Bitcoin wallets.

Due to some wallet or pool users misunderstanding security, between 2019 and 2020, many Bitcoin wallets generated using this "weak random algorithm" accumulated staggering wealth, with large amounts of funds flowing into this vulnerable range.

According to the Milk Sad team's statistics, the cumulative Bitcoin balance held by these weak-key wallets一度 exceeded 53,500 BTC at one point between 2019 and 2020.

The fund sources included whale-level concentrated transfers – four weak wallets received about 24,999 BTC in a short period in April 2019 – and daily mining rewards. Certain addresses received over 14,000 BTC marked as "lubian.com" miner rewards over a year. It's now known that 220,000 such wallets exist, and their holders, evidently unaware of the private key generation flaw, continued to deposit assets into them.

The Great Drain of Late 2020

The long-lurking security risk erupted in late 2020. On December 28, 2020, anomalous on-chain transactions appeared. A vast number of wallets within the Lubian weak-key range were drained within hours, with approximately 136,951 BTC transferred out in one sweep. Valued at around $26,000 per BTC then, this amounted to roughly $3.7 billion.

The transaction fees were fixed at 75,000 sats, regardless of the amount, indicating the operator was highly familiar with Bitcoin network operations. Some funds subsequently flowed back to the Lubian pool for future mining rewards, suggesting not all transferred assets ended up with hackers. But for the victims, the loss was real.

More bizarrely, some on-chain transactions carried messages, such as "To the white hat who saved our assets, please contact 1228btc@gmail.com." Since the weak private key addresses were exposed, anyone could send transactions with messages to these addresses; these notes didn't necessarily come from the actual victims.

Whether it was hacker mockery or victim pleas for help remains unknown. Crucially, this massive transfer was not immediately recognized as theft at the time.

Milk Sad researchers later admitted in their analysis that, given Bitcoin's price surge and the cessation of pool payouts, they were uncertain whether it was a hack or the Lubian management selling at a high and reorganizing wallets. They noted, "If a theft occurred in 2020, it would predate the confirmed timeline of Mersenne Twister weak-key attacks, but we cannot rule out the possibility."

Because of this uncertainty, the fund exodus in late 2020 failed to trigger an industry-wide alarm. The massive Bitcoin hoard remained dormant on the blockchain for years, becoming an unresolved mystery.

Other Victims and a Delayed Alarm

Lubian wasn't the only casualty. Older versions of Trust Wallet were also affected. On November 17, 2022, the security research team Ledger Donjon first disclosed a random number vulnerability in Trust Wallet to Binance. The team reacted swiftly, pushing a fix to GitHub the next day, and began notifying affected users.

However, it wasn't until April 22, 2023, that Trust Wallet officially publicized the vulnerability details and compensation measures. During this period, hackers exploited the flaw to launch several attacks, including one on January 11, 2023, that stole about 50 BTC.

Meanwhile, a vulnerability was brewing in another project.

The bx seed command in Libbitcoin Explorer version 3.x used the MT19937 PRNG algorithm seeded with a 32-bit system timestamp, resulting in a key space of only 2^32 combinations.

Hackers soon began probing attacks. From May 2023 onward, multiple small thefts appeared on-chain. The assault intensified, culminating on July 12, 2023, with numerous wallets generated by bx being swept clean. On July 21, 2023, Milk Sad researchers, while helping a user investigate losses, identified the root cause: the weak randomness in bx seed made private keys brute-force enumerable. They promptly reported it to the Libbitcoin team.

However, as the command was considered a testing tool by the official team, initial communication was challenging. The researchers eventually bypassed the project maintainers and publicly disclosed the vulnerability on August 8, 2023, applying for a CVE ID.

It was this discovery in 2023 that prompted the Milk Sad team to retrospectively analyze historical data. They were astonished to find the connection between the weak-key range that accumulated massive funds from 2019 to 2020 and Lubian, and they identified the huge transfer that occurred on December 28, 2020.

At that time, about 136,951 BTC resided in these weak wallets. The large-scale withdrawal that day was worth about $3.7 billion, and the last known movement was a wallet consolidation in July 2024.

In other words, the suspicious nature of the Lubian incident only surfaced after the weak random vulnerability was exposed. The missed alarm window from years prior was gone, and the trail for the Bitcoin's whereabouts had gone cold. It took five years, until the joint lawsuit by the U.S. DOJ and UK authorities against the Prince Group and Chen Zhi, for clues to reemerge.

For the rest of us, the adage "Not your keys, not your crypto" now crucially depends on the premise of true randomness to be fully effective.