China’s CVERC Says U.S. Took $13.2B in Bitcoin From 2020 Mining-Pool Hack, Not Chen Zhi’s Crime Proceeds

The fight over who legitimately controls one of Bitcoin’s largest stashes has become an information war. China’s National Computer Virus Emergency Response Center (CVERC) alleges the U.S. government did not seize criminal proceeds, but rather took 127,271 BTC tied to a 2020 mining-pool breach—coins now worth about $13.2 billion after sitting dormant for years.

What CVERC claims - In a technical report published Sunday, CVERC says the LuBian mining pool was hacked on December 29, 2020, losing 127,272.06 BTC. At the time, the haul was roughly $3.5 billion; today, it’s multiples higher. - The watchdog asserts those coins were held by entities linked to Cambodian businessman Chen Zhi’s Prince Group. U.S. prosecutors accuse Chen of running large-scale “pig-butchering” scams involving forced labor and crypto fraud. - After the theft, Chen’s team allegedly broadcast on-chain ransom messages in 2021 and 2022. The coins then remained untouched for four years before moving in mid-2024 to wallets widely tagged as U.S.-controlled. - CVERC goes further, suggesting a state-backed “black-eats-black” operation—arguing the U.S. may have used hacking techniques in 2020 and later reframed the assets as seized criminal proceeds. The analysis is based on a machine translation from Mandarin.

The on-chain overlap - CVERC says wallet addresses cited in the U.S. Department of Justice’s indictment of Chen align with those implicated in the LuBian breach. Their report references analyses by Elliptic and Arkham Intelligence to support the claim that the Bitcoin originated from compromised mining operations in China and Iran. - One week after the DOJ’s October 14 announcement, roughly $2 billion worth of BTC moved again into new wallets.

What independent forensics say - TRM Labs told reporters the seized Bitcoin “originated from 25 unhosted wallets controlled by Chen as of 2020,” based on their research. While the precise trigger remains unclear, TRM notes the DOJ forfeiture complaint hints at an insider-theft narrative from the Prince Group’s perspective. - TRM flags the next major movements occurring between June and July 2024 and says the funds now appear to be in U.S. government custody—suggesting the 2024 transfers likely consolidated the assets under official control. - TRM also acknowledges gaps: there are no definitive public details on how U.S. authorities obtained keys or leverage over the wallets. Related inquiries have been sent to CVERC, the U.S. Treasury, and the DOJ, with separate confirmation requests to Elliptic and Arkham. The allegations were first reported by the Global Times, an English-language outlet tied to China’s state media.

The real issue: attribution vs. custody The crux isn’t whether the coins passed through Chen-linked clusters or a mining-pool hack—they may have touched both. The core question is how the U.S. gained custody and on what legal basis. On-chain tagging can show co-movement, clustering, and consolidation into wallets associated with U.S. agencies, but it does not, by itself, disclose the method of acquisition. Governments typically secure crypto through private-key capture, cooperation with insiders or service providers, or lawful process after arrests and forfeiture actions. Coercive or covert tactics also exist; the chain won’t tell you which tool was used.

This ambiguity is fertile ground for dueling narratives. Beijing’s framing turns a seizure into state-on-state cyber predation. Washington’s case positions the Bitcoin as fraud proceeds tied to Chen. For investors and builders, the takeaway is discipline: track the wallets, the timing, and the legal documents, and avoid over-indexing on headlines. Four years of dormancy followed by mid-2024 consolidation and a post-announcement $2 billion shuffle look consistent with a jurisdiction asserting control, yet the insider-theft thread suggests weak internal controls at the source. Mining pools and conglomerates that centralize keys create single points of failure; when those fail, attribution gets messy and politics fill the void.

Until there’s public disclosure on key recovery or cooperation, the dispute will hinge on confidence in forensic heuristics and the credibility of each side’s story. In a market that prizes transparency, this episode is a reminder: the blockchain is immutable, but the interpretation is contested.