In a combination of cyber forensics and espionage, the U.S. Department of Justice (DOJ) completed the largest financial seizure in history, totaling approximately 127,000 Bitcoins (worth approximately $15 billion).
What makes this extraordinary is not just the amount of money, but how the US acquired its digital assets. A report by analysts has revealed a shocking fact that there was a flaw in the way thousands of Bitcoin wallet addresses were created.
Last week, the Department of Justice confirmed the seizure of approximately 127,000 BTC allegedly linked to Prince Holdings Group, a large international fraud and fraud organization.
This seizure connects two stories that have shocked the Bitcoin community. The mysterious disappearance of the Lubian Bitcoin mining pool in 2020 and 2021, and the US government’s recent crackdown on Cambodia’s Prince Group, allegedly run by “pig slaughter kingpin” Cheng Gyi.
According to the Department of Justice, Cheng Jie’s Prince Group ran a vast forced labor fraud empire in Cambodia. Victims were lured into a fake digital asset investment scheme known as the pig butchering scam.
The US government has accused Chen and his associates of laundering billions of dollars in profits through shell companies, real estate projects and even a Bitcoin mining operation.
Related: US seizes 127,000 BTC from Cambodian fraud ring in largest financial raid
Among these operations was Rubian Mining, a once prominent Bitcoin mining pool that reportedly has facilities in China and Iran. At its peak, Lubian controlled about 6% of Bitcoin’s total network hash rate.
In early 2021, Rubian suddenly went dark, with reports surfacing years later that 127,000 BTC of its funds had been stolen. The stash was worth about $3.5 billion at the time. The incident baffled the Bitcoin world, and the stolen coins disappeared from public view for years.
New research suggests that Rubian’s loss was not caused by hacking in the traditional sense. Instead, researchers discovered that Lubian’s cryptographic key generation process was flawed, making Bitcoin wallets dangerously predictable.
Cobo and F2Pool co-founder Shenyu, who first reported the issue, explained that the vulnerability stems from a flaw in the pseudorandom number generator (PRNG) used to create private keys.
“The key new trick is that the creator of the P2WPKH wallet nested in the P2SH wallet generated multiple private keys from the Mersenne Twister PRNG output stream before reseeding the PRNG.” Shenyu writes in a research update:
This predictability compromised the randomness of the keys, making them vulnerable to prediction.
Simply put, the software Lubian used to generate Bitcoin wallet keys did not create truly random numbers. This made it possible for someone (and in some cases law enforcement) to calculate the private key and access the funds.
Shenyu’s findings showed that over 220,000 Bitcoin addresses were affected by the same flaw. He highlighted that despite the disclosure, some users are still sending funds to these vulnerable addresses.
When the Lubian wallet was emptied on December 28, 2020, blockchain analysts noticed some strange details. Many of the suspicious transactions used the same flat fee of 75,000 satoshis, which experts described as “unusual.”
Shenyu’s subsequent investigation revealed that approximately 136,951 BTC was transferred during the two-hour withdrawal spree, with most of the funds going to a few major addresses. These wallets remained dormant for years until the coin suddenly started moving again in mid-2024.
Now, in October 2025, the Department of Justice announced that it would seize 127,271 BTC from Chen Zhi and his network. The same address listed in the indictment matched the address in the 2020 LeBian case.
Elliptic and Arkham Intelligence, two leading blockchain analysis companies, have confirmed that these are indeed the same coins that were previously linked to the Rubian mining pool. As Arkham pointed out, the wallet had long been tagged as belonging to Rubian, but now belongs to the Prince Group’s cleaning network.
US authorities have not officially explained how they obtained the private key, but multiple reports suggest it was not through brute force hacking. Instead, as Shenyu pointed out, investigators may have discovered a randomness flaw that existed when the keys were created.
The seizure not only exposed Chen Zhi’s alleged criminal empire, but also revealed important lessons about the dangers of weak cryptography in the Bitcoin space.
The Justice Department’s indictment outlines how Chen laundered the proceeds of the fraud by operating a Bitcoin mine that produced “clean” coins.
As it turns out, Rubian’s mining operations were part of that laundering network. But that wallet was generated with flawed code, so your private keys were never truly secure.
The discovery proved to be a powerful weapon for U.S. law enforcement authorities. By exploiting a flaw in key generation, U.S. authorities could have taken control of a large stash of Bitcoin without any traditional hacking.