- Buy Crypto
- Markets
Futures- Spot
- Copy Trade
Earn- More
LuBian Mining Pool Hacked: Technical Forensic Analysis Report of Massive Bitcoin Theft Event
Article Source: National Computer Virus Emergency Response Center
On December 29, 2020, a major hack occurred in the LuBian mining pool, where a total of 127272.06953176 bitcoins (valued at around 3.5 billion USD at the time, now valued at 15 billion USD) were stolen by the attacker. The holder of this large amount of bitcoin is none other than Chen Zhi, Chairman of the Cambodia Prince Group. After the hack, Chen Zhi and his Prince Group separately posted messages on the blockchain in early 2021 and July 2022, appealing to the hacker to return the stolen bitcoins and offering to pay a ransom, but received no response. Strangely, after the large amount of bitcoins was stolen, it lay dormant in the attacker's controlled bitcoin wallet address for a full 4 years, almost untouched. This behavior clearly does not align with the typical hacker's rush to cash out for profit; rather, it resembles a precise operation orchestrated by a "state-level hacker organization." It wasn't until June 2024 that these stolen bitcoins were moved to a new bitcoin wallet address and remain untouched to this day.
On October 14, 2025, the U.S. Department of Justice announced criminal charges against Chen Zhi and his Prince Group, stating that they seized 127,000 bitcoins from them. Various evidence indicates that the massive amount of bitcoins seized by the U.S. government from Chen Zhi and his Prince Group was actually the LuBian mining pool bitcoins that had been stolen by the hacker using technical means as early as 2020. In other words, the U.S. government had already used hacker techniques to steal the 127,000 bitcoins held by Chen Zhi back in 2020, in a typical "hack-on-hack" event orchestrated by a state-level hacker organization. This report takes a technical perspective, conducts technical tracing, deeply analyzes the key technical details of the event, focuses on the origins of the stolen bitcoins, reconstructs the complete attack timeline at that time, evaluates bitcoin's security mechanisms, and aims to provide valuable security insights for the cryptocurrency industry and users.
1. Background of the Event
The LuBian mining pool was established in early 2020 and quickly rose as a bitcoin mining pool, with China and Iran as its main operational bases. In December 2020, the LuBian mining pool suffered a large-scale hack that resulted in over 90% of its bitcoin holdings being stolen. The total amount stolen was 127272.06953176 BTC, which closely aligns with the 127271BTC mentioned in the U.S. Department of Justice indictment.
The operational model of the LuBian mining pool includes centralized storage and distribution of mining rewards. The bitcoins in the mining pool address are not stored in regulated centralized exchanges but rather in non-custodial wallets. Technically, non-custodial wallets (also known as cold wallets or hardware wallets) are considered the ultimate safe haven for crypto assets. Unlike exchange accounts that can be frozen by a simple court order, they are more like a holder's private bank vault, with the key (private key) solely in the holder's possession.
Bitcoin, as a cryptocurrency, uses on-chain addresses to identify the ownership and flow of Bitcoin assets. Possessing the private key of an on-chain address gives full control over the Bitcoin held in that address. According to reports from on-chain analysis firms, there is a high degree of overlap between a significant amount of Bitcoin controlled by the U.S. government and the LuBian mining pool involved in a hacking incident related to Chen Zhi. On December 29, 2020, UTC, an unusual transfer occurred from LuBian's core Bitcoin wallet address, with a total transfer amount of 127272.06953176 BTC, closely matching the 127271 BTC mentioned in the U.S. Department of Justice indictment. After this stolen Bitcoin was transferred, it remained dormant until June 2024. Between June 22 and July 23, 2024, this stolen Bitcoin was once again moved to new on-chain addresses and has remained untouched since. The well-known U.S. blockchain tracking tool platform ARKHAM has identified these final addresses as being held by the U.S. government. Currently, the U.S. government has not disclosed how they obtained Chen Zhi's substantial Bitcoin on-chain address private key as stated in the indictment.
Figure 1: Key Activity Timeline
II. Attack Chain Analysis
It is well known that in the world of blockchain, randomness is the cornerstone of cryptographic security. Bitcoin uses asymmetric encryption technology, where a Bitcoin private key is a 256-bit binary random number. The theoretical number of attempts to crack it is 2^256 times, making it nearly impossible. However, if this 256-bit binary private key is not generated completely randomly and, for example, 224 bits follow a predictable pattern that can be calculated, with only 32 bits being random, the strength of the private key is significantly reduced, requiring only about 2^32 attempts (approximately 4.29 billion) for brute force cracking. For instance, in September 2022, the UK cryptocurrency market maker Wintermute was hacked of $160 million due to a similar pseudorandom number vulnerability.
In August 2023, a foreign security research team named MilkSad publicly disclosed the discovery of a third-party key generation tool with a pseudorandom number generator (PRNG) vulnerability and successfully obtained a CVE number (CVE-2023-39910). In a research report released by this team, it was mentioned that the LuBian Bitcoin mining pool had a similar vulnerability. Among the LuBian Bitcoin mining pool addresses exposed in the hack disclosed, all 25 Bitcoin addresses mentioned in the U.S. Department of Justice indictment were included.
Figure 2: List of 25 Bitcoin Wallet Addresses from the U.S. Department of Justice Indictment
The LuBian Bitcoin mining pool, as a non-custodial wallet system, relies on a custom private key generation algorithm to manage funds associated with its Bitcoin wallet addresses. The private key generation does not follow the recommended 256-bit binary randomness standard but instead relies on a 32-bit binary randomness. This algorithm has a fatal flaw: it uses a "pseudo-random generator" Mersenne Twister (MT19937-32) that relies solely on a timestamp or weak input as a seed. A pseudo-random number generator (PRNG) equivalent to a 4-byte integer's randomness is susceptible to efficient enumeration in modern computing. Mathematically, the cracking probability is 1/232. For example, assuming an attack script tests 10^6 keys per second, the cracking time would be approximately 4200 seconds (just around 1.17 hours). In practice, optimization tools like Hashcat or custom scripts can further accelerate this process. Exploiting this vulnerability, an attacker managed to steal a significant amount of Bitcoin from the LuBian Bitcoin mining pool.
Figure 3: Comparison Table of LuBian Pool and Industry Security Standard Flaws
Through technical tracing, the complete timeline and details of the hack on the LuBian pool are as follows:
1. Theft Stage: December 29, 2020 (Beijing Time)
Incident: Hackers exploited the pseudo-random number vulnerability in the private key generation of LuBian Bitcoin mining pool wallet addresses to brute force over 5,000 weakly generated wallet addresses (wallet type: P2WPKH-nested-in-P2SH, prefix 3). In about 2 hours, approximately 127,272.06953176 BTC (worth around $3.5 billion at the time) was drained from these wallet addresses, leaving less than 200 BTC remaining. All suspicious transactions shared the same transaction fee, indicating the attack was carried out through automated batch transfer scripts.
Sender: LuBian pool's weakly generated Bitcoin wallet address pool (controlled by the LuBian mining operation entity, a subsidiary of Chen Zhi's Prince Group);
Recipient: Bitcoin wallet address pool controlled by the attacker (addresses not publicly disclosed);
Transfer Path: Weak wallet address pool → Attacker's wallet address pool;
Association Analysis: The total amount stolen was 127272.06953176 BTC, which is essentially the same as the 127271 BTC mentioned in the U.S. Department of Justice indictment.
2. Dormant Phase: From December 30, 2020, to June 22, 2024 (Beijing Time)
Event: These bitcoins, stolen in 2020 through a pseudo-random number vulnerability, were stored in a bitcoin wallet address controlled by the attacker for a period of 4 years in a dormant state, with only less than one-thousandth of dust transactions possibly used for testing.
Association Analysis: These bitcoins remained virtually untouched until June 22, 2024, when they were fully taken over by the U.S. government. This clearly does not align with the typical nature of hackers eager to cash out and pursue profit but rather resembles a precise operation orchestrated by a state-level hacker group.
3. Recovery Attempt Phase: Early 2021, July 4, 2022, July 26, 2022 (Beijing Time)
Event: After the theft of these bitcoins, during the dormant period, in early 2021, the LuBian mining pool sent over 1,500 messages using the Bitcoin OP_RETURN function (costing approximately 1.4 BTC in fees), embedding the messages in the blockchain data area, pleading with the hacker to return the funds. Message example: "Please return our funds, we'll pay a reward." On July 4 and July 26, 2022, the LuBian mining pool once again used the Bitcoin OP_RETURN function to send messages. Message example: "MSG from LB. To the whitehat who is saving our asset, you can contact us through 1228btc@gmail.com to discuss the return of the asset and your reward."
Sender: LuBian's pseudo-random Bitcoin wallet address (controlled by the operational entity of the LuBian mining pool, affiliated with Chen Zhi's Prince Group);
Recipient: A group of bitcoin wallet addresses controlled by the attacker;
Transfer Path: Pseudo-random address group → Attacker's address group (small transactions embedding OP_RETURN);
Association Analysis: Following the theft incident, these messages confirm that the LuBian mining pool, as the sender, has attempted multiple times to contact a "third-party hacker" to request the return of the assets and discuss ransom matters.
4. Activation and Transfer Phase: From June 22 to July 23, 2024 (Beijing Time)
Event: Bitcoin held in dormant state in a wallet address controlled by the attacker was activated and transferred to a final Bitcoin wallet address. The final wallet address was flagged by the well-known blockchain monitoring tool ARKHAM as being held by the U.S. government.
Sender: Wallet address group controlled by the attacker;
Recipient: New consolidated final wallet address group (not publicly disclosed but confirmed to be controlled by the U.S. government)
Transfer Path: Wallet address group controlled by the attacker → Wallet address group controlled by the U.S. government;
Link Analysis: This large amount of stolen Bitcoin, which had been dormant and untouched for nearly 4 years, was ultimately controlled by the U.S. government.
5. Announcement and Seizure Phase: October 14, 2025 (U.S. Local Time)
Event: The U.S. Department of Justice issued an announcement, charging Chen Zhi and "seizing" the 127,000 bitcoins he held.
Simultaneously, through the public mechanism of the blockchain, all Bitcoin transaction records were made publicly traceable. Based on this, this report traced the source of the stolen massive amount of Bitcoin related to the LuBian weak random Bitcoin wallet address (controlled by the entity operating the LuBian mining pool, possibly affiliated with Chen Zhi's Prince Group). The total amount of stolen Bitcoin amounted to 127,272.06953176 coins, including approximately 17,800 coins from independent "mining," about 2,300 coins from mining pool rewards, and 107,100 coins from exchanges and other channels. Preliminary results suggest discrepancies with the U.S. DOJ indictment, which claimed all the Bitcoin originated from illegal income.
III. Vulnerability Technical Details Analysis
1. Bitcoin Wallet Address Private Key Generation:
The core of the LuBian pool vulnerability lies in its private key generator using a flaw similar to "MilkSad" in Libbitcoin Explorer. Specifically, the system uses a Mersenne Twister (MT19937-32) pseudo-random number generator initialized with only a 32-bit seed, resulting in an effective entropy of only 32 bits. This PRNG is not cryptographically secure, making it easy to predict and reverse-engineer. An attacker can enumerate all possible 32-bit seeds (0 to 2^32-1), generate the corresponding private keys, and check if they match the public key hash of a known wallet address.
In the Bitcoin ecosystem, the private key generation process usually follows: Random Seed → SHA-256 Hash → ECDSA Private Key.
The implementation of the LuBian mining pool's core library may be based on custom code or open-source libraries (such as Libbitcoin), but it overlooks the security of entropy. Similar to the MilkSad vulnerability, in the case of the Libbitcoin Explorer, the 'bx seed' command also uses the MT19937-32 random number generator, relying solely on a timestamp or weak input as a seed, making the private key vulnerable to brute-force attacks. In the LuBian attack incident, over 5,000 wallets were affected, indicating that the vulnerability is systematic and may stem from code reuse during bulk wallet generation.
2. Simulated Attack Process:
(1) Identify the target wallet address (through on-chain monitoring of LuBian mining pool activity);
(2) Enumerate the 32-bit seed: for seed in 0 to 4294967295;
(3) Generate private key: private_key = SHA256(seed);
(4) Derive public key and address: using ECDSA SECP256k1 curve calculation;
(5) Match: If the derived address matches the target, use the private key to sign a transaction to steal funds;
Comparison to similar vulnerabilities: This vulnerability is similar to Trust Wallet's 32-bit entropy flaw, which led to the massive decryption of Bitcoin wallet addresses; Libbitcoin Explorer's 'MilkSad' vulnerability also exposed the private key due to low entropy. These cases all stem from legacy issues in early codebases that did not adopt the BIP-39 standard (12-24 word seed phrase, providing high entropy). The LuBian mining pool may have used a custom algorithm aimed at simplifying management but overlooked security.
Defense shortcomings: The LuBian mining pool did not implement multi-signature (multisig), hardware wallets, or Hierarchical Deterministic wallets (HD wallets), all of which could enhance security. On-chain data indicates that the attack covered multiple wallets, indicating a systemic vulnerability rather than a single point of failure.
3. On-Chain Evidence and Recovery Attempts:
OP_RETURN Messages: The LuBian mining pool used Bitcoin's OP_RETURN feature to send over 1,500 messages, spending 1.4 BTC, pleading with the attacker to return the funds. These messages are embedded in the blockchain, proving the actions of the real owner, not a forgery. Example messages include "Please return the funds" or similar pleas, distributed across multiple transactions.
4. Attack Attribution Analysis:
On October 14, 2025, local time in the United States, the U.S. Department of Justice issued a criminal indictment against Zhi Chen (Case No. 1:25-cr-00416), listing 25 Bitcoin wallet addresses holding approximately 127,271 BTC, with a total value of around $15 billion, which have been seized. Through blockchain analysis and official document review, these addresses are highly linked to the LuBian mining pool attack:
Direct Association: Blockchain analysis shows that the 25 addresses in the U.S. Department of Justice indictment are indeed the final holding addresses of the stolen Bitcoin from the LuBian mining pool's 2020 attack. An Elliptic report indicates that this batch of Bitcoin was "stolen" from the mining operation of the LuBian mining pool in 2020. Arkham Intelligence confirms that the funds seized by the U.S. Department of Justice directly originate from the LuBian mining pool theft event.
Indictment Evidence Association: While the U.S. Department of Justice indictment does not directly name the "LuBian hack," it mentions funds originating from a "hacked attack on Bitcoin mining operations in Iran and China," which is consistent with the on-chain analyses of Elliptic and Arkham Intelligence.
Attack Behavior Association: From the perspective of the attack method, after a significant amount of Bitcoin was stolen from the LuBian mining pool due to a technical attack in 2020, it remained dormant for 4 years. During this period, there were only minimal dust transactions, accounting for less than one-ten-thousandth, until almost nothing was moved until the U.S. government fully took over in 2024. This behavior does not align with the typical hacker's nature of quickly cashing out for profit but rather resembles a precise operation orchestrated by a state-level hacker group. Analysis suggests that the U.S. government may have gained control of this batch of Bitcoin as early as December 2020.
IV. Impact and Recommendations
The impact of the 2020 LuBian mining pool hacker attack was profound, leading to the actual dissolution of the pool, with losses equivalent to over 90% of its total assets at the time. The stolen Bitcoin's current value has risen to $15 billion, highlighting the risk of price volatility amplification.
The LuBian mining pool incident exposed a systemic risk in the cryptocurrency toolchain related to random number generation. To mitigate similar vulnerabilities, the blockchain industry should employ Cryptographically Secure Pseudo-Random Number Generators (CSPRNGs), implement multi-layer defenses including multisig, cold storage, and regular audits, avoid custom private key generation algorithms, and integrate real-time on-chain monitoring and alert systems for abnormal transfers. For individual users, it is advisable to avoid using unverified key generation modules from open-source communities. This event also serves as a reminder that despite the high transparency of blockchain, weak security foundations can lead to disastrous consequences, highlighting the importance of cybersecurity in the future of the digital economy and digital currency development.
You may also like
WEEX AI Trading Hackathon Rules & Guidelines
This article explains the rules, requirements, and prize structure for the WEEX AI Trading Hackathon Finals, where finalists compete using AI-driven trading strategies under real market conditions.
From 0 to $1 Million: Five Steps to Outperform the Market Through Wallet Tracking
Token Cannot Compound, Where Is the Real Investment Opportunity?
February 6th Market Key Intelligence, How Much Did You Miss?
China's Central Bank and Eight Other Departments' Latest Regulatory Focus: Key Attention to RWA Tokenized Asset Risk
Foreword: Today, the People's Bank of China's website published the "Notice of the People's Bank of China, National Development and Reform Commission, Ministry of Industry and Information Technology, Ministry of Public Security, State Administration for Market Regulation, China Banking and Insurance Regulatory Commission, China Securities Regulatory Commission, State Administration of Foreign Exchange on Further Preventing and Dealing with Risks Related to Virtual Currency and Others (Yinfa [2026] No. 42)", the latest regulatory requirements from the eight departments including the central bank, which are basically consistent with the regulatory requirements of recent years. The main focus of the regulation is on speculative activities such as virtual currency trading, exchanges, ICOs, overseas platform services, and this time, regulatory oversight of RWA has been added, explicitly prohibiting RWA tokenization, stablecoins (especially those pegged to the RMB). The following is the full text:
To the people's governments of all provinces, autonomous regions, and municipalities directly under the Central Government, the Xinjiang Production and Construction Corps:
Recently, there have been speculative activities related to virtual currency and Real-World Assets (RWA) tokenization, disrupting the economic and financial order and jeopardizing the property security of the people. In order to further prevent and address the risks related to virtual currency and Real-World Assets tokenization, effectively safeguard national security and social stability, in accordance with the "Law of the People's Republic of China on the People's Bank of China," "Law of the People's Republic of China on Commercial Banks," "Securities Law of the People's Republic of China," "Law of the People's Republic of China on Securities Investment Funds," "Law of the People's Republic of China on Futures and Derivatives," "Cybersecurity Law of the People's Republic of China," "Regulations of the People's Republic of China on the Administration of Renminbi," "Regulations on Prevention and Disposal of Illegal Fundraising," "Regulations of the People's Republic of China on Foreign Exchange Administration," "Telecommunications Regulations of the People's Republic of China," and other provisions, after reaching consensus with the Cyberspace Administration of China, the Supreme People's Court, and the Supreme People's Procuratorate, and with the approval of the State Council, the relevant matters are notified as follows:
(I) Virtual currency does not possess the legal status equivalent to fiat currency. Virtual currencies such as Bitcoin, Ether, Tether, etc., have the main characteristics of being issued by non-monetary authorities, using encryption technology and distributed ledger or similar technology, existing in digital form, etc. They do not have legal tender status, should not and cannot be circulated and used as currency in the market.
The business activities related to virtual currency are classified as illegal financial activities. The exchange of fiat currency and virtual currency within the territory, exchange of virtual currencies, acting as a central counterparty in buying and selling virtual currencies, providing information intermediary and pricing services for virtual currency transactions, token issuance financing, and trading of virtual currency-related financial products, etc., fall under illegal financial activities, such as suspected illegal issuance of token vouchers, unauthorized public issuance of securities, illegal operation of securities and futures business, illegal fundraising, etc., are strictly prohibited across the board and resolutely banned in accordance with the law. Overseas entities and individuals are not allowed to provide virtual currency-related services to domestic entities in any form.
A stablecoin pegged to a fiat currency indirectly fulfills some functions of the fiat currency in circulation. Without the consent of relevant authorities in accordance with the law and regulations, any domestic or foreign entity or individual is not allowed to issue a RMB-pegged stablecoin overseas.
(II)Tokenization of Real-World Assets refers to the use of encryption technology and distributed ledger or similar technologies to transform ownership rights, income rights, etc., of assets into tokens (tokens) or other interests or bond certificates with token (token) characteristics, and carry out issuance and trading activities.
Engaging in the tokenization of real-world assets domestically, as well as providing related intermediary, information technology services, etc., which are suspected of illegal issuance of token vouchers, unauthorized public offering of securities, illegal operation of securities and futures business, illegal fundraising, and other illegal financial activities, shall be prohibited; except for relevant business activities carried out with the approval of the competent authorities in accordance with the law and regulations and relying on specific financial infrastructures. Overseas entities and individuals are not allowed to illegally provide services related to the tokenization of real-world assets to domestic entities in any form.
(III) Inter-agency Coordination. The People's Bank of China, together with the National Development and Reform Commission, the Ministry of Industry and Information Technology, the Ministry of Public Security, the State Administration for Market Regulation, the China Banking and Insurance Regulatory Commission, the China Securities Regulatory Commission, the State Administration of Foreign Exchange, and other departments, will improve the work mechanism, strengthen coordination with the Cyberspace Administration of China, the Supreme People's Court, and the Supreme People's Procuratorate, coordinate efforts, and overall guide regions to carry out risk prevention and disposal of virtual currency-related illegal financial activities.
The China Securities Regulatory Commission, together with the National Development and Reform Commission, the Ministry of Industry and Information Technology, the Ministry of Public Security, the People's Bank of China, the State Administration for Market Regulation, the China Banking and Insurance Regulatory Commission, the State Administration of Foreign Exchange, and other departments, will improve the work mechanism, strengthen coordination with the Cyberspace Administration of China, the Supreme People's Court, and the Supreme People's Procuratorate, coordinate efforts, and overall guide regions to carry out risk prevention and disposal of illegal financial activities related to the tokenization of real-world assets.
(IV) Strengthening Local Implementation. The people's governments at the provincial level are overall responsible for the prevention and disposal of risks related to virtual currencies and the tokenization of real-world assets in their respective administrative regions. The specific leading department is the local financial regulatory department, with participation from branches and dispatched institutions of the State Council's financial regulatory department, telecommunications regulators, public security, market supervision, and other departments, in coordination with cyberspace departments, courts, and procuratorates, to improve the normalization of the work mechanism, effectively connect with the relevant work mechanisms of central departments, form a cooperative and coordinated working pattern between central and local governments, effectively prevent and properly handle risks related to virtual currencies and the tokenization of real-world assets, and maintain economic and financial order and social stability.
(5) Enhanced Risk Monitoring. The People's Bank of China, China Securities Regulatory Commission, National Development and Reform Commission, Ministry of Industry and Information Technology, Ministry of Public Security, State Administration of Foreign Exchange, Cyberspace Administration of China, and other departments continue to improve monitoring techniques and system support, enhance cross-departmental data analysis and sharing, establish sound information sharing and cross-validation mechanisms, promptly grasp the risk situation of activities related to virtual currency and real-world asset tokenization. Local governments at all levels give full play to the role of local monitoring and early warning mechanisms. Local financial regulatory authorities, together with branches and agencies of the State Council's financial regulatory authorities, as well as departments of cyberspace and public security, ensure effective connection between online monitoring, offline investigation, and fund tracking, efficiently and accurately identify activities related to virtual currency and real-world asset tokenization, promptly share risk information, improve early warning information dissemination, verification, and rapid response mechanisms.
(6) Strengthened Oversight of Financial Institutions, Intermediaries, and Technology Service Providers. Financial institutions (including non-bank payment institutions) are prohibited from providing account opening, fund transfer, and clearing services for virtual currency-related business activities, issuing and selling financial products related to virtual currency, including virtual currency and related financial products in the scope of collateral, conducting insurance business related to virtual currency, or including virtual currency in the scope of insurance liability. Financial institutions (including non-bank payment institutions) are prohibited from providing custody, clearing, and settlement services for unauthorized real-world asset tokenization-related business and related financial products. Relevant intermediary institutions and information technology service providers are prohibited from providing intermediary, technical, or other services for unauthorized real-world asset tokenization-related businesses and related financial products.
(7) Enhanced Management of Internet Information Content and Access. Internet enterprises are prohibited from providing online business venues, commercial displays, marketing, advertising, or paid traffic diversion services for virtual currency and real-world asset tokenization-related business activities. Upon discovering clues of illegal activities, they should promptly report to relevant departments and provide technical support and assistance for related investigations and inquiries. Based on the clues transferred by the financial regulatory authorities, the cyberspace administration, telecommunications authorities, and public security departments should promptly close and deal with websites, mobile applications (including mini-programs), and public accounts engaged in virtual currency and real-world asset tokenization-related business activities in accordance with the law.
(8) Strengthened Entity Registration and Advertisement Management. Market supervision departments strengthen entity registration and management, and enterprise and individual business registrations must not contain terms such as "virtual currency," "virtual asset," "cryptocurrency," "crypto asset," "stablecoin," "real-world asset tokenization," or "RWA" in their names or business scopes. Market supervision departments, together with financial regulatory authorities, legally enhance the supervision of advertisements related to virtual currency and real-world asset tokenization, promptly investigating and handling relevant illegal advertisements.
(IX) Continued Rectification of Virtual Currency Mining Activities. The National Development and Reform Commission, together with relevant departments, strictly controls virtual currency mining activities, continuously promotes the rectification of virtual currency mining activities. The people's governments of various provinces take overall responsibility for the rectification of "mining" within their respective administrative regions. In accordance with the requirements of the National Development and Reform Commission and other departments in the "Notice on the Rectification of Virtual Currency Mining Activities" (NDRC Energy-saving Building [2021] No. 1283) and the provisions of the "Guidance Catalog for Industrial Structure Adjustment (2024 Edition)," a comprehensive review, investigation, and closure of existing virtual currency mining projects are conducted, new mining projects are strictly prohibited, and mining machine production enterprises are strictly prohibited from providing mining machine sales and other services within the country.
(X) Severe Crackdown on Related Illegal Financial Activities. Upon discovering clues to illegal financial activities related to virtual currency and the tokenization of real-world assets, local financial regulatory authorities, branches of the State Council's financial regulatory authorities, and other relevant departments promptly investigate, determine, and properly handle the issues in accordance with the law, and seriously hold the relevant entities and individuals legally responsible. Those suspected of crimes are transferred to the judicial authorities for processing according to the law.
(XI) Severe Crackdown on Related Illegal and Criminal Activities. The Ministry of Public Security, the People's Bank of China, the State Administration for Market Regulation, the China Banking and Insurance Regulatory Commission, the China Securities Regulatory Commission, as well as judicial and procuratorial organs, in accordance with their respective responsibilities, rigorously crack down on illegal and criminal activities related to virtual currency, the tokenization of real-world assets, such as fraud, money laundering, illegal business operations, pyramid schemes, illegal fundraising, and other illegal and criminal activities carried out under the guise of virtual currency, the tokenization of real-world assets, etc.
(XII) Strengthen Industry Self-discipline. Relevant industry associations should enhance membership management and policy advocacy, based on their own responsibilities, advocate and urge member units to resist illegal financial activities related to virtual currency and the tokenization of real-world assets. Member units that violate regulatory policies and industry self-discipline rules are to be disciplined in accordance with relevant self-regulatory management regulations. By leveraging various industry infrastructure, conduct risk monitoring related to virtual currency, the tokenization of real-world assets, and promptly transfer issue clues to relevant departments.
(XIII) Without the approval of relevant departments in accordance with the law and regulations, domestic entities and foreign entities controlled by them may not issue virtual currency overseas.
(XIV) Domestic entities engaging directly or indirectly in overseas external debt-based tokenization of real-world assets, or conducting asset securitization activities abroad based on domestic ownership rights, income rights, etc. (hereinafter referred to as domestic equity), should be strictly regulated in accordance with the principles of "same business, same risk, same rules." The National Development and Reform Commission, the China Securities Regulatory Commission, the State Administration of Foreign Exchange, and other relevant departments regulate it according to their respective responsibilities. For other forms of overseas real-world asset tokenization activities based on domestic equity by domestic entities, the China Securities Regulatory Commission, together with relevant departments, supervise according to their division of responsibilities. Without the consent and filing of relevant departments, no unit or individual may engage in the above-mentioned business.
(15) Overseas subsidiaries and branches of domestic financial institutions providing Real World Asset Tokenization-related services overseas shall do so legally and prudently. They shall have professional personnel and systems in place to effectively mitigate business risks, strictly implement customer onboarding, suitability management, anti-money laundering requirements, and incorporate them into the domestic financial institutions' compliance and risk management system. Intermediaries and information technology service providers offering Real World Asset Tokenization services abroad based on domestic equity or conducting Real World Asset Tokenization business in the form of overseas debt for domestic entities directly or indirectly venturing abroad must strictly comply with relevant laws and regulations. They should establish and improve relevant compliance and internal control systems in accordance with relevant normative requirements, strengthen business and risk control, and report the business developments to the relevant regulatory authorities for approval or filing.
(16) Strengthen organizational leadership and overall coordination. All departments and regions should attach great importance to the prevention of risks related to virtual currencies and Real World Asset Tokenization, strengthen organizational leadership, clarify work responsibilities, form a long-term effective working mechanism with centralized coordination, local implementation, and shared responsibilities, maintain high pressure, dynamically monitor risks, effectively prevent and mitigate risks in an orderly and efficient manner, legally protect the property security of the people, and make every effort to maintain economic and financial order and social stability.
(17) Widely carry out publicity and education. All departments, regions, and industry associations should make full use of various media and other communication channels to disseminate information through legal and policy interpretation, analysis of typical cases, and education on investment risks, etc. They should promote the illegality and harm of virtual currencies and Real World Asset Tokenization-related businesses and their manifestations, fully alert to potential risks and hidden dangers, and enhance public awareness and identification capabilities for risk prevention.
(18) Engaging in illegal financial activities related to virtual currencies and Real World Asset Tokenization in violation of this notice, as well as providing services for virtual currencies and Real World Asset Tokenization-related businesses, shall be punished in accordance with relevant regulations. If it constitutes a crime, criminal liability shall be pursued according to the law. For domestic entities and individuals who knowingly or should have known that overseas entities illegally provided virtual currency or Real World Asset Tokenization-related services to domestic entities and still assisted them, relevant responsibilities shall be pursued according to the law. If it constitutes a crime, criminal liability shall be pursued according to the law.
(19) If any unit or individual invests in virtual currencies, Real World Asset Tokens, and related financial products against public order and good customs, the relevant civil legal actions shall be invalid, and any resulting losses shall be borne by them. If there are suspicions of disrupting financial order and jeopardizing financial security, the relevant departments shall deal with them according to the law.
This notice shall enter into force upon the date of its issuance. The People's Bank of China and ten other departments' "Notice on Further Preventing and Dealing with the Risks of Virtual Currency Trading Speculation" (Yinfa [2021] No. 237) is hereby repealed.
Former Partner's Perspective on Multicoin: Kyle's Exit, But the Game He Left Behind Just Getting Started
Why Bitcoin Is Falling Now: The Real Reasons Behind BTC's Crash & WEEX's Smart Profit Playbook
Bitcoin's ongoing crash explained: Discover the 5 hidden triggers behind BTC's plunge & how WEEX's Auto Earn and Trade to Earn strategies help traders profit from crypto market volatility.
Wall Street's Hottest Trades See Exodus
Vitalik Discusses Ethereum Scaling Path, Circle Announces Partnership with Polymarket, What's the Overseas Crypto Community Talking About Today?
Believing in the Capital Markets - The Essence and Core Value of Cryptocurrency
Polymarket's 'Weatherman': Predict Temperature, Win Million-Dollar Payout
$15K+ Profits: The 4 AI Trading Secrets WEEX Hackathon Prelim Winners Used to Dominate Volatile Crypto Markets
How WEEX Hackathon's top AI trading strategies made $15K+ in crypto markets: 4 proven rules for ETH/BTC trading, market structure analysis, and risk management in volatile conditions.
A nearly 20% one-day plunge, how long has it been since you last saw a $60,000 Bitcoin?
Raoul Pal: I've seen every single panic, and they are never the end.
Key Market Information Discrepancy on February 6th - A Must-Read! | Alpha Morning Report
2026 Crypto Industry's First Snowfall
The Harsh Reality Behind the $26 Billion Crypto Liquidation: Liquidity Is Killing the Market
Why Is Gold, US Stocks, Bitcoin All Falling?
WEEX AI Trading Hackathon Rules & Guidelines
This article explains the rules, requirements, and prize structure for the WEEX AI Trading Hackathon Finals, where finalists compete using AI-driven trading strategies under real market conditions.
From 0 to $1 Million: Five Steps to Outperform the Market Through Wallet Tracking
Token Cannot Compound, Where Is the Real Investment Opportunity?
February 6th Market Key Intelligence, How Much Did You Miss?
China's Central Bank and Eight Other Departments' Latest Regulatory Focus: Key Attention to RWA Tokenized Asset Risk
Foreword: Today, the People's Bank of China's website published the "Notice of the People's Bank of China, National Development and Reform Commission, Ministry of Industry and Information Technology, Ministry of Public Security, State Administration for Market Regulation, China Banking and Insurance Regulatory Commission, China Securities Regulatory Commission, State Administration of Foreign Exchange on Further Preventing and Dealing with Risks Related to Virtual Currency and Others (Yinfa [2026] No. 42)", the latest regulatory requirements from the eight departments including the central bank, which are basically consistent with the regulatory requirements of recent years. The main focus of the regulation is on speculative activities such as virtual currency trading, exchanges, ICOs, overseas platform services, and this time, regulatory oversight of RWA has been added, explicitly prohibiting RWA tokenization, stablecoins (especially those pegged to the RMB). The following is the full text:
To the people's governments of all provinces, autonomous regions, and municipalities directly under the Central Government, the Xinjiang Production and Construction Corps:
Recently, there have been speculative activities related to virtual currency and Real-World Assets (RWA) tokenization, disrupting the economic and financial order and jeopardizing the property security of the people. In order to further prevent and address the risks related to virtual currency and Real-World Assets tokenization, effectively safeguard national security and social stability, in accordance with the "Law of the People's Republic of China on the People's Bank of China," "Law of the People's Republic of China on Commercial Banks," "Securities Law of the People's Republic of China," "Law of the People's Republic of China on Securities Investment Funds," "Law of the People's Republic of China on Futures and Derivatives," "Cybersecurity Law of the People's Republic of China," "Regulations of the People's Republic of China on the Administration of Renminbi," "Regulations on Prevention and Disposal of Illegal Fundraising," "Regulations of the People's Republic of China on Foreign Exchange Administration," "Telecommunications Regulations of the People's Republic of China," and other provisions, after reaching consensus with the Cyberspace Administration of China, the Supreme People's Court, and the Supreme People's Procuratorate, and with the approval of the State Council, the relevant matters are notified as follows:
(I) Virtual currency does not possess the legal status equivalent to fiat currency. Virtual currencies such as Bitcoin, Ether, Tether, etc., have the main characteristics of being issued by non-monetary authorities, using encryption technology and distributed ledger or similar technology, existing in digital form, etc. They do not have legal tender status, should not and cannot be circulated and used as currency in the market.
The business activities related to virtual currency are classified as illegal financial activities. The exchange of fiat currency and virtual currency within the territory, exchange of virtual currencies, acting as a central counterparty in buying and selling virtual currencies, providing information intermediary and pricing services for virtual currency transactions, token issuance financing, and trading of virtual currency-related financial products, etc., fall under illegal financial activities, such as suspected illegal issuance of token vouchers, unauthorized public issuance of securities, illegal operation of securities and futures business, illegal fundraising, etc., are strictly prohibited across the board and resolutely banned in accordance with the law. Overseas entities and individuals are not allowed to provide virtual currency-related services to domestic entities in any form.
A stablecoin pegged to a fiat currency indirectly fulfills some functions of the fiat currency in circulation. Without the consent of relevant authorities in accordance with the law and regulations, any domestic or foreign entity or individual is not allowed to issue a RMB-pegged stablecoin overseas.
(II)Tokenization of Real-World Assets refers to the use of encryption technology and distributed ledger or similar technologies to transform ownership rights, income rights, etc., of assets into tokens (tokens) or other interests or bond certificates with token (token) characteristics, and carry out issuance and trading activities.
Engaging in the tokenization of real-world assets domestically, as well as providing related intermediary, information technology services, etc., which are suspected of illegal issuance of token vouchers, unauthorized public offering of securities, illegal operation of securities and futures business, illegal fundraising, and other illegal financial activities, shall be prohibited; except for relevant business activities carried out with the approval of the competent authorities in accordance with the law and regulations and relying on specific financial infrastructures. Overseas entities and individuals are not allowed to illegally provide services related to the tokenization of real-world assets to domestic entities in any form.
(III) Inter-agency Coordination. The People's Bank of China, together with the National Development and Reform Commission, the Ministry of Industry and Information Technology, the Ministry of Public Security, the State Administration for Market Regulation, the China Banking and Insurance Regulatory Commission, the China Securities Regulatory Commission, the State Administration of Foreign Exchange, and other departments, will improve the work mechanism, strengthen coordination with the Cyberspace Administration of China, the Supreme People's Court, and the Supreme People's Procuratorate, coordinate efforts, and overall guide regions to carry out risk prevention and disposal of virtual currency-related illegal financial activities.
The China Securities Regulatory Commission, together with the National Development and Reform Commission, the Ministry of Industry and Information Technology, the Ministry of Public Security, the People's Bank of China, the State Administration for Market Regulation, the China Banking and Insurance Regulatory Commission, the State Administration of Foreign Exchange, and other departments, will improve the work mechanism, strengthen coordination with the Cyberspace Administration of China, the Supreme People's Court, and the Supreme People's Procuratorate, coordinate efforts, and overall guide regions to carry out risk prevention and disposal of illegal financial activities related to the tokenization of real-world assets.
(IV) Strengthening Local Implementation. The people's governments at the provincial level are overall responsible for the prevention and disposal of risks related to virtual currencies and the tokenization of real-world assets in their respective administrative regions. The specific leading department is the local financial regulatory department, with participation from branches and dispatched institutions of the State Council's financial regulatory department, telecommunications regulators, public security, market supervision, and other departments, in coordination with cyberspace departments, courts, and procuratorates, to improve the normalization of the work mechanism, effectively connect with the relevant work mechanisms of central departments, form a cooperative and coordinated working pattern between central and local governments, effectively prevent and properly handle risks related to virtual currencies and the tokenization of real-world assets, and maintain economic and financial order and social stability.
(5) Enhanced Risk Monitoring. The People's Bank of China, China Securities Regulatory Commission, National Development and Reform Commission, Ministry of Industry and Information Technology, Ministry of Public Security, State Administration of Foreign Exchange, Cyberspace Administration of China, and other departments continue to improve monitoring techniques and system support, enhance cross-departmental data analysis and sharing, establish sound information sharing and cross-validation mechanisms, promptly grasp the risk situation of activities related to virtual currency and real-world asset tokenization. Local governments at all levels give full play to the role of local monitoring and early warning mechanisms. Local financial regulatory authorities, together with branches and agencies of the State Council's financial regulatory authorities, as well as departments of cyberspace and public security, ensure effective connection between online monitoring, offline investigation, and fund tracking, efficiently and accurately identify activities related to virtual currency and real-world asset tokenization, promptly share risk information, improve early warning information dissemination, verification, and rapid response mechanisms.
(6) Strengthened Oversight of Financial Institutions, Intermediaries, and Technology Service Providers. Financial institutions (including non-bank payment institutions) are prohibited from providing account opening, fund transfer, and clearing services for virtual currency-related business activities, issuing and selling financial products related to virtual currency, including virtual currency and related financial products in the scope of collateral, conducting insurance business related to virtual currency, or including virtual currency in the scope of insurance liability. Financial institutions (including non-bank payment institutions) are prohibited from providing custody, clearing, and settlement services for unauthorized real-world asset tokenization-related business and related financial products. Relevant intermediary institutions and information technology service providers are prohibited from providing intermediary, technical, or other services for unauthorized real-world asset tokenization-related businesses and related financial products.
(7) Enhanced Management of Internet Information Content and Access. Internet enterprises are prohibited from providing online business venues, commercial displays, marketing, advertising, or paid traffic diversion services for virtual currency and real-world asset tokenization-related business activities. Upon discovering clues of illegal activities, they should promptly report to relevant departments and provide technical support and assistance for related investigations and inquiries. Based on the clues transferred by the financial regulatory authorities, the cyberspace administration, telecommunications authorities, and public security departments should promptly close and deal with websites, mobile applications (including mini-programs), and public accounts engaged in virtual currency and real-world asset tokenization-related business activities in accordance with the law.
(8) Strengthened Entity Registration and Advertisement Management. Market supervision departments strengthen entity registration and management, and enterprise and individual business registrations must not contain terms such as "virtual currency," "virtual asset," "cryptocurrency," "crypto asset," "stablecoin," "real-world asset tokenization," or "RWA" in their names or business scopes. Market supervision departments, together with financial regulatory authorities, legally enhance the supervision of advertisements related to virtual currency and real-world asset tokenization, promptly investigating and handling relevant illegal advertisements.
(IX) Continued Rectification of Virtual Currency Mining Activities. The National Development and Reform Commission, together with relevant departments, strictly controls virtual currency mining activities, continuously promotes the rectification of virtual currency mining activities. The people's governments of various provinces take overall responsibility for the rectification of "mining" within their respective administrative regions. In accordance with the requirements of the National Development and Reform Commission and other departments in the "Notice on the Rectification of Virtual Currency Mining Activities" (NDRC Energy-saving Building [2021] No. 1283) and the provisions of the "Guidance Catalog for Industrial Structure Adjustment (2024 Edition)," a comprehensive review, investigation, and closure of existing virtual currency mining projects are conducted, new mining projects are strictly prohibited, and mining machine production enterprises are strictly prohibited from providing mining machine sales and other services within the country.
(X) Severe Crackdown on Related Illegal Financial Activities. Upon discovering clues to illegal financial activities related to virtual currency and the tokenization of real-world assets, local financial regulatory authorities, branches of the State Council's financial regulatory authorities, and other relevant departments promptly investigate, determine, and properly handle the issues in accordance with the law, and seriously hold the relevant entities and individuals legally responsible. Those suspected of crimes are transferred to the judicial authorities for processing according to the law.
(XI) Severe Crackdown on Related Illegal and Criminal Activities. The Ministry of Public Security, the People's Bank of China, the State Administration for Market Regulation, the China Banking and Insurance Regulatory Commission, the China Securities Regulatory Commission, as well as judicial and procuratorial organs, in accordance with their respective responsibilities, rigorously crack down on illegal and criminal activities related to virtual currency, the tokenization of real-world assets, such as fraud, money laundering, illegal business operations, pyramid schemes, illegal fundraising, and other illegal and criminal activities carried out under the guise of virtual currency, the tokenization of real-world assets, etc.
(XII) Strengthen Industry Self-discipline. Relevant industry associations should enhance membership management and policy advocacy, based on their own responsibilities, advocate and urge member units to resist illegal financial activities related to virtual currency and the tokenization of real-world assets. Member units that violate regulatory policies and industry self-discipline rules are to be disciplined in accordance with relevant self-regulatory management regulations. By leveraging various industry infrastructure, conduct risk monitoring related to virtual currency, the tokenization of real-world assets, and promptly transfer issue clues to relevant departments.
(XIII) Without the approval of relevant departments in accordance with the law and regulations, domestic entities and foreign entities controlled by them may not issue virtual currency overseas.
(XIV) Domestic entities engaging directly or indirectly in overseas external debt-based tokenization of real-world assets, or conducting asset securitization activities abroad based on domestic ownership rights, income rights, etc. (hereinafter referred to as domestic equity), should be strictly regulated in accordance with the principles of "same business, same risk, same rules." The National Development and Reform Commission, the China Securities Regulatory Commission, the State Administration of Foreign Exchange, and other relevant departments regulate it according to their respective responsibilities. For other forms of overseas real-world asset tokenization activities based on domestic equity by domestic entities, the China Securities Regulatory Commission, together with relevant departments, supervise according to their division of responsibilities. Without the consent and filing of relevant departments, no unit or individual may engage in the above-mentioned business.
(15) Overseas subsidiaries and branches of domestic financial institutions providing Real World Asset Tokenization-related services overseas shall do so legally and prudently. They shall have professional personnel and systems in place to effectively mitigate business risks, strictly implement customer onboarding, suitability management, anti-money laundering requirements, and incorporate them into the domestic financial institutions' compliance and risk management system. Intermediaries and information technology service providers offering Real World Asset Tokenization services abroad based on domestic equity or conducting Real World Asset Tokenization business in the form of overseas debt for domestic entities directly or indirectly venturing abroad must strictly comply with relevant laws and regulations. They should establish and improve relevant compliance and internal control systems in accordance with relevant normative requirements, strengthen business and risk control, and report the business developments to the relevant regulatory authorities for approval or filing.
(16) Strengthen organizational leadership and overall coordination. All departments and regions should attach great importance to the prevention of risks related to virtual currencies and Real World Asset Tokenization, strengthen organizational leadership, clarify work responsibilities, form a long-term effective working mechanism with centralized coordination, local implementation, and shared responsibilities, maintain high pressure, dynamically monitor risks, effectively prevent and mitigate risks in an orderly and efficient manner, legally protect the property security of the people, and make every effort to maintain economic and financial order and social stability.
(17) Widely carry out publicity and education. All departments, regions, and industry associations should make full use of various media and other communication channels to disseminate information through legal and policy interpretation, analysis of typical cases, and education on investment risks, etc. They should promote the illegality and harm of virtual currencies and Real World Asset Tokenization-related businesses and their manifestations, fully alert to potential risks and hidden dangers, and enhance public awareness and identification capabilities for risk prevention.
(18) Engaging in illegal financial activities related to virtual currencies and Real World Asset Tokenization in violation of this notice, as well as providing services for virtual currencies and Real World Asset Tokenization-related businesses, shall be punished in accordance with relevant regulations. If it constitutes a crime, criminal liability shall be pursued according to the law. For domestic entities and individuals who knowingly or should have known that overseas entities illegally provided virtual currency or Real World Asset Tokenization-related services to domestic entities and still assisted them, relevant responsibilities shall be pursued according to the law. If it constitutes a crime, criminal liability shall be pursued according to the law.
(19) If any unit or individual invests in virtual currencies, Real World Asset Tokens, and related financial products against public order and good customs, the relevant civil legal actions shall be invalid, and any resulting losses shall be borne by them. If there are suspicions of disrupting financial order and jeopardizing financial security, the relevant departments shall deal with them according to the law.
This notice shall enter into force upon the date of its issuance. The People's Bank of China and ten other departments' "Notice on Further Preventing and Dealing with the Risks of Virtual Currency Trading Speculation" (Yinfa [2021] No. 237) is hereby repealed.
App