In brief
- Chinese state cybersecurity watchdog CVERC has alleged that the U.S. unlawfully seized 127,271 BTC from a mining pool hack instead of criminal proceeds.
- The Bitcoin stash in question was allegedly tied to Chen Zhi, a Cambodian businessman accused of running “pig-butchering” scams.
- The coins stayed dormant for four years before being moved to wallets tagged as U.S.-controlled.
A Chinese state cybersecurity watchdog has accused the U.S. government of unlawfully seizing billions of dollars worth of Bitcoin, alleging the assets originated from a 2020 mining pool hack instead of being sourced from criminal proceeds tied to Cambodian businessman Chen Zhi.
A technical report issued Sunday by the China National Computer Virus Emergency Response Center (CVERC), a national cybersecurity agency, challenges the U.S. Department of Justice’s account of the seizure.
CVERC claims LuBian, a mining pool, was hacked on December 29, 2020, losing 127,272.06 BTC—then worth about $3.5 billion, and since having risen in value to $13.2 billion—allegedly held by Chen Zhi’s Prince Group.
Chen, who chairs the group, is accused by U.S. prosecutors of running a large-scale “pig-butchering” scam operation involving forced labor and crypto fraud.
After the theft, Chen’s team reportedly sent blockchain messages in 2021 and 2022 offering a ransom for the return of the funds, which stayed untouched for four years before being moved in mid-2024.
In its report, CVERC further alleged that the U.S. government “may have already stolen the 127,000 bitcoins held by Chen Zhi through hacking techniques back in 2020, making [the seizure] a typical ‘black-eats-black’ operation orchestrated by a state-level hacking organization,” the analysis reads, as machine-translated from Mandarin.
CVERC argues the addresses listed in the DOJ’s indictment of Chen Zhi correspond to those from the 2020 LuBian breach, citing analyses from Elliptic and Arkham Intelligence to support its claim that the seized funds originated from compromised mining operations in China and Iran.
A week after the DOJ’s October 14 announcement, some $2 billion worth of Bitcoin were moved to new wallets.
The allegations of theft were first reported by the Global Times, an English-language tabloid run by the People’s Daily, the official state newspaper of the Chinese Communist Party.
Decrypt has reached out to CVERC, the U.S. Treasury, and the U.S. DOJ for comment. Separate confirmation requests were sent to Elliptic and Arkham Intelligence.
Insider theft?
TRM Labs, a blockchain intelligence firm, confirmed with Decrypt that the seized Bitcoin “originated from 25 unhosted wallets controlled by Chen as of 2020,” according to their research.
“While we don’t know for sure how or why they were moved from Chen’s wallets, the DOJ forfeiture complaint hints at one theory of what happened, at least from the perspective of the Prince Group: an insider stole the money,” Angela Ang, head of policy and strategic partnerships for Asia Pacific at TRM Labs, told Decrypt.
Ang added that on-chain activity indicates the next major movement of these funds were between June and July 2024.
The funds are now in U.S. government custody, Ang noted, suggesting that “the 2024 transactions likely represent the transfer of those assets into their possession.”
Asked whether their findings included documentation on how U.S. authorities gained access to or control of the wallets identified in its report, Ang acknowledged limitations.
“Right now we don’t have hard answers as to how the funds came to be in U.S. government custody, but it is plausibly connected to the earlier chain of movements,” Ang said.
Daily Debrief Newsletter
Start every day with the top news stories right now, plus original features, a podcast, videos and more.
Post Comment