Allegation of a $13 B bitcoin hack raises geopolitics in crypto

Author

Taylor Hawes
November 12, 2025

From the Editor’s Desk

This week signals a turning point in how nations judge acceptable behaviour within the cyber-domain. With states dramatically pointing fingers at each other for cyber-theft, one wonders: is the era of “cyber-neutral” zones over, and are we instead moving into a full-blown arena of state-driven asset seizures?

🔎 Deep Brief

Allegation of a $13 B bitcoin hack raises geopolitics in crypto

China National Computer Virus Emergency Response Center (CVERC) has accused the United States of orchestrating the theft of 127 000 BTC (about US $13 billion at current valuation) from the case known as the LuBian Mining Pool heist in December 2020. 

CVERC claims the incident was executed by a “state-level hacking organisation” and not merely a criminal group. 

The U.S. position, by contrast, is that the seizure was part of law-enforcement action targeting illicit funds. 

Takeaway

This case shows how crypto holdings are now firmly part of state security and diplomatic coercion issues, not just financial crime. It also highlights the value of blockchain analytics in tracing large dormant wallets and the timing of fund movements. From a compliance viewpoint, entities holding large crypto exposures must consider the possibility of cross-border legal claims treated as state-theft or seizure.

🧠 Strategy in Action

Securing digital supply chains in logistics networks

Supply-chain cyberattacks have surged by over 400 percent in recent years. Logistics and freight-forwarding companies increasingly rely on cloud services, IoT sensors, automated warehouse controls and global partner networks. This creates a broad attack surface. One case referenced: a ransomware event in 2024 disrupted a freight-forwarder’s tracking system, halting customer visibility across regions. 

In practical terms, the strategy for response involved three key components. 

  1. Rigorous third-party risk management: Regular audits of suppliers, contract clauses requiring cybersecurity standards and least-privilege access. 

  2. Network segmentation and strong access controls: Separating warehouse control systems and ERP from guest networks, deploying multi-factor authentication and identity-access tools. 

  3. Incident-response planning and exercises: Scenario-based drills oriented around logistics-specific threats, like system shutdowns in freight forwarding or IoT manipulation in warehouses. 

Takeaways: 

For cyber-risk leaders, this means you cannot treat logistics cyber risk like standard IT downtime. It needs to be integrated into business continuity, supplier governance and operational-tech readiness.

🕵️ Threat Actor Spotlight

Ke3chang 

Ke3chang has been active since at least 2010, directed at government, defence, energy and diplomatic sectors in Europe, North America, South/Central America and the Caribbean.

Key tactics:

Spear-phishing with credential theft, followed by local file collection and lateral movement inside networks. For organizations that operate across borders or in critical infrastructure, the groups’ pattern means they often exploit trusted business-links and operational technology environments.

Defense strategy:

Defense teams should assume a persistent-threat mindset: monitor for abnormal log-on behaviour, credential misuse, unexpected file-access from non-standard systems, and unusual east-west traffic. A proactive strategy includes 

  • Threat-intelligence sharing

  • Segmentation of networks to inhibit lateral movement

  • Strong credential hygiene (including multi-factor authentication)

  • Incident-response readiness anchored to espionage scenarios rather than purely financial-attack ones.

🛠️ Tool Check

Selecting PC monitoring software

This article provides an evaluation of monitoring tools based on hardware status, endpoint performance, discovery, alerts, and trial options. The methodology emphasises tracking physical hardware status (CPU, disk space, memory), network resource utilisation, device discovery across endpoints, and alerting for anomalies. 

Top tools listed include solutions such as SuperOps RMM (strong for multi-site, agent-based monitoring of PCs/macOS) and ManageEngine Endpoint Central (which adds software version tracking and security monitoring) among others.

Key considerations before selecting:

  • Agent versus agentless: Does your environment support deploying agents across all endpoints?

  • Multi-OS support: Windows, macOS, Linux inclusion matters.

  • Alerting and trending: Ability to detect early indicators of failure (hardware or software) or misuse.

  • Integration with existing security/IT workflows: Does it tie into your broader monitoring/incident response platform?

In sum, PC monitoring tools are no longer just about hardware health—they are increasingly part of the broader security posture.

🗣️ Community Signal

“A huge challenge for cyber professionals is that cyber security is perceived as a necessary evil, or a compliance function. And a board can be useful in driving the company's agenda so that cyber security is seen as an enabler of everything the organisation does, and not just a reaction to a breach.” Jacqueline de Rojas, President of Tech UK and the President of Digital Leaders

📚 Don’t Miss This

Advertise with Comparitech
Does your business offer services or products in cybersecurity? Get your product seen by IT leaders and professionals.

Advertise with us →

Until Friday’s edition - Let’s keep that zero-day count at zero!