On October 14, 2025, a federal court in Brooklyn, New York, unsealed an indictment revealing that the U.S. Department of Justice had recently conducted the largest cryptocurrency seizure operation in history, confiscating approximately 127,000 Bitcoin, valued at over $150 billion.

But the more shocking detail is that U.S. law enforcement obtained the private keys not by cracking or hacking the system, but by discovering an absurd fact—the generation of these private keys was not "random" from the very beginning.

It can be said that this multi-billion dollar storm triggered by private key flaws instantly shifted the industry's focus from macro narratives back to the most fundamental technical detail of wallet security: randomness.

The "Theft" Rashomon of 127,000 Bitcoin

Upon closer inspection, this major case involving approximately 127,271 Bitcoin (worth about $150 billion) is actually a Rashomon story involving "mining pool theft."

There are two key phrases in the entire event: pig butchering scam and Lubian mining pool.

The origin of everything is related to a complex chain for laundering illegal proceeds. A pig butchering organization in Cambodia invested its fraud proceeds into a seemingly legitimate, self-controlled crypto mining operation, the Lubian mining pool. The continuously generated new Bitcoin from the mining pool converted the originally tainted black money into newly minted "clean" BTC, thus thoroughly laundering it.

Interestingly, Lubian was once one of the world's largest mining pools in 2020, controlling nearly 6% of Bitcoin's total hash rate at its peak. Such a high-profile Bitcoin mining entity became the key hub for the entire illegal money laundering network.

However, bizarrely, LuBian was suddenly suspected of being hacked for 127,426 Bitcoin in December 2020.

Why "suspected"? Because neither LuBian nor the hacker publicly acknowledged this hack. Only the on-chain intelligence platform Arkham initially reported it publicly. Moreover, Lubian vanished shortly after the incident, abruptly shutting down its mining pool business in February 2021.

Therefore, speculation persisted: were the funds stolen by an external hacker, or was it an inside job by the pig butchering scammers, transferring the illicit funds out of the pool while attempting to create a "theft" illusion? Regardless, this fortune in Bitcoin lay dormant on the chain for over three years, becoming an unsolved mystery.

Until July 2024, approximately 127,000 BTC suddenly underwent a large-scale consolidation and aggregation. Comparison showed these addresses were precisely the destination of the funds "stolen" from Lubian in 2020. The timing is particularly微妙—it happened just before a coordinated takedown by law enforcement agencies from the U.S., Cambodia, and several Southeast Asian countries.

Furthermore, the 25 wallet addresses listed in the U.S. Department of Justice's civil forfeiture complaint highly matched the hacker addresses from the Lubian pool theft case. In other words, the U.S. government determined that these BTC were not stolen by hackers but were proceeds laundered by the fraud group and its accomplices through Lubian.

The real mystery, of course, is that although the alleged mastermind behind the fraud group remains theoretically at large, the U.S. government already possesses the relevant private keys. Cobo co-founder Shenyu believes that law enforcement did not obtain the keys through brute force or intrusion, but because Lubian used a severely flawed pseudo-random algorithm during its operations, resulting in predictable private keys generated by Lubian wallets.

In short, the "seizure" of these astronomical assets was due to vulnerabilities in the random number generation for the private keys, not a problem with Bitcoin's underlying mechanism.

Randomness: The Digital Order Behind Crypto Security

So what exactly is randomness?

In the blockchain world, a private key is essentially a 256-bit binary number. This number is so large it's almost abstract—the theoretical size is 2 to the power of 256, far exceeding the number of atoms in the universe. This is precisely what ensures the theoretical possibility of brute-forcing a private key approaches zero.

Randomness is the "unpredictability" in generating this gigantic number for keys, seeds, or mnemonics. In other words, a secure private key must be generated completely randomly, meaning it is truly randomly and uniformly selected from the 2^256 possibilities.

If this selection process is completely random, it is nearly impossible for an attacker to guess or collide with your private key through enumeration, guessing, or repeated generation. However, the problem is that when randomness is insufficient, predictability increases significantly, the brute-force range shrinks, making private keys easier to guess.

For example, if the random source (i.e., the seed) used during private key generation is too weak, coming from predictable sources (like timestamps, fixed hardware counters, easily inferable variables), it can reduce the generated private key range to a predictable, enumerable tiny set. A mainstream wallet was once exposed in an early version where a library used in its iOS version relied solely on timestamps for initial entropy in the production environment, making some wallet private keys easily recoverable via brute-force search.

In fact, losses of crypto assets due to weak random numbers are not new. As early as 2015, the hacker group Blockchain Bandit exploited faulty random number generators and code vulnerabilities to systematically search for weakly secured private keys, successfully sweeping over 700,000 vulnerable wallet addresses and stealing more than 50,000 ETH from them.

According to Milk Sad research, looking comprehensively at the wallet history within the 256-bit range is simply staggering—at the historical high on November 5, 2020, the cumulative amount of Bitcoin stored in wallets with weak randomness in this range once exceeded 53,500 BTC!

Even more absurdly, even after the vulnerability was disclosed, people continue to transfer funds to these known weak addresses...

Overall, such incidents are not due to the fragility of the Bitcoin protocol itself, but rather the implementation layer (wallets, mining pools, key management systems) failing to adhere to cryptographic-grade entropy requirements when generating private keys or mistakenly migrating test code to the production environment, thereby turning the originally inexhaustible safe into a searchable target.

How to Build a Strong Security Defense?

Based on the above, for wallets, the key to security lies in whether it is "pseudo-random." As long as it uses cryptographic-grade random algorithms equivalent to bank-level security, like imToken does, achieving unpredictability, non-reproducibility, and irreversibility, it can be secure.

It is worth mentioning that imToken's private key generation logic has been completely open source (TokenCore codebase) since October 2018. On both Android and iOS systems, it directly calls the secure random number generator provided by the operating system's底层.

Taking iOS as an example, the system entropy comes from statistical data of system kernel events over a period, including touch input, CPU interrupts, clock jitter, sensor noise, etc.—these parameters differ every millisecond, making them impossible for even the system itself to reproduce.

Therefore, the private keys generated by imToken possess the characteristics of being "unpredictable, non-reproducible, and irreversible," eliminating pseudo-random risks at the entropy source level. This is the fundamental reason why imToken users are not affected by vulnerabilities like the Lubian incident.

Of course, technical security is just the foundation. To further understand and avoid security risks, the following points are also crucial:

• Prioritize using non-custodial wallets that have stood the test of time, are community-verified, open source, and audited (like imToken). Users with the means should prioritize hardware wallets (like imKey) to further isolate private key generation from network risks.

• For example, with the hardware wallet imKey, randomness security goes a step further—its private keys are generated directly by the physical True Random Number Generator (TRNG) inside the secure chip. The Infineon SLE 78CLUFX5000PH secure chip (SLE78 series) used is even certified for German BSI AIS 31 PTG.2 level, a top-tier security evaluation for physical entropy sources requiring random sources to undergo statistical tests, entropy modeling, and online health checks to ensure the quality of randomness used for cryptographic key generation.

• In other words, imKey's private keys are generated, stored, and never leave the secure chip boundary. Their random source is based on physical noise, not relying on any software or external seeds. This means even if an attacker fully controls the device system, they cannot predict or reproduce its private keys.

• Additionally, do not screenshot, copy-paste, or store mnemonic phrases and private keys in cloud storage or chat logs. Never disclose your mnemonic phrase or private key to anyone. It is also recommended to handwrite the mnemonic phrase and store it in a secure offline location. Using a stainless steel mnemonic phrase plate can protect against moisture, fire, and corrosion, and make multiple backups in at least 2-3 secure locations.

• Finally, remain vigilant against phishing and malicious plugins. Public keys can be公开, but always verify links when accessing wallets or signing transactions. Avoid installing plugins or Apps from unknown sources on your devices.

Conclusion

Objectively speaking, in the glamorous world of Crypto, every major security incident is an expensive public lesson.

It can even be said that Web3 security itself is a long-term race against time and a game of probability; we can never make risks completely disappear.

But we can continuously push the security boundary forward—every line of code, every random number, every user's security habit is an indispensable line of defense in this war.