A crypto investor lost $6.9 million after buying a discounted cold wallet through Douyin, the Chinese version of TikTok. Blockchain security firm SlowMist confirmed on June 14 that the wallet’s private key had been exposed during production, leading to the theft of the user’s funds within hours.
This case indicates increasing risks of buying inexpensive or factory-sealed cold wallets from unverified online sources.
Also Read: Crypto Scam Alert: How to Identify Fake Investment Platforms
The victim purchased the cold wallet through a third-party seller with the help of the Douyin Shopping feature. Douyin Shop enables different sellers to sell various products, including cold wallets. In this instance, the wallet looked authentic and “factory sealed,” creating a false impression of safety for the buyer. Nonetheless, the wallet created by SlowMist was later found to have had its private key compromised in the process.
As soon as the victim transferred funds to the wallet, attackers swiftly drained the assets. The loss amounted to nearly $6.9 million, making it one of the largest single-user cold wallet breaches in recent memory. The stolen funds moved quickly through a network tied to Huiwang, a Cambodian-based conglomerate known as the Huione Group.
The organization has several platforms, such as Huione Pay, Huione Crypto, and the Haowang Guarantee marketplace. These platforms are associated with numerous suspicious operations concerning cryptocurrency transactions and facilitate the movement of stolen assets.
Also Read: How to Recover Lost or Stolen Crypto After a Scam
Security analysts at SlowMist emphasized the dangers of buying cold wallets online, especially those sold at steep discounts. In a post on X, SlowMist’s chief information security officer, 23pds, stated that “private keys are often exposed when wallets are tampered with before sale.” He urged crypto users not to risk large sums on devices that are only marginally cheaper, warning that such savings often lead to major losses.
A former Bitmain employee, who knew the victim personally, described the compromised device as a “carefully designed hot trap.” He revealed that the victim’s assets were laundered through Huiwang-linked services within hours, leaving little chance of recovery. The incident is in addition to recent cases in which the hardware or software that is supposed to ensure the safety of crypto assets was compromised during production or packaging.
In May, a Chinese printer company manufactured malware, which spread and resulted in the loss of close to $1 million in Bitcoin. Cybersecurity firm Kaspersky also reported thousands of counterfeit Android smartphones with preinstalled malware targeting crypto holders.