Crypto investor loses $7M after using a rigged cold wallet purchased from Douyin

A crypto investor lost nearly $7 million after purchasing a compromised cold wallet through Douyin, China’s version of TikTok. For those unaware, cold wallets are physical hardware devices used to store cryptocurrencies offline, away from internet-connected systems. This makes them a preferred choice for long-term holders seeking to protect their digital assets from online hacks, malware, and phishing attacks. Unlike hot wallets, which are connected to the internet and allow faster access to funds, cold wallets offer greater protection by isolating the private keys from online threats. However, they are only secure when sourced through trusted and verified channels. $7M lost to tampered wallet In this case, the victim had purchased what appeared to be a factory-sealed cold wallet at a discount from a Douyin Shop listing. Shortly after use, the wallet was compromised. Blockchain security firm SlowMist revealed in a post on X that the “private key was compromised at creation” and that the user’s entire balance was “drained within hours.” SlowMist researchers warned that the discounted price itself is often the bait, used to sell wallets that have been pre-tampered with to target unsuspecting buyers. An X user posting under the handle Hella, a former team member of Bitmain co-founder Jihan Wu, identified the victim as a close friend. According to Hella, the wallet was a “carefully designed hot trap,” and the stolen funds were laundered through Huiwang, also known as the Huione Group, a Cambodia-based conglomerate with alleged ties to illicit financial services. Huione Group operates platforms such as Huione Pay PLC, Huione Crypto, and Haowang Guarantee, services reportedly linked to criminal networks. The stolen crypto was “washed away” through this infrastructure within hours, making recovery difficult. Although SlowMist has been able to trace the stolen funds, Hella speculated that the chances of recovery were unlikely. Notably, these scams can be difficult to detect and prevent, as the compromised devices are often distributed through third-party sellers. According to 23pds, SlowMist’s chief information security officer, individuals involved in the shipping or packaging process are often unaware that the products they’re handling have been tampered with. Warning against the risks of buying discounted wallets, SlowMist’s CISO 23pds said users shouldn’t “gamble [their] entire fortune on a wallet that’s a few hundred bucks cheaper.” Risks beyond the hardware While buying a hardware wallet from a prominent manufacturer may alleviate concerns about tampered devices, it does not eliminate risks completely, as other attack vectors can still put users at risk. For instance, Cybersecurity firm Moonlock Lab recently reported an ongoing phishing campaign targeting Ledger wallet users. In this scheme, attackers distributed fake versions of the Ledger Live app for macOS, designed to trick users into entering their 24-word recovery phrases. Once entered, the seed phrases were sent to attacker-controlled servers, allowing them to empty the users’ wallets almost instantly. Meanwhile, Trezor found itself under the spotlight in March 2025 after Ledger researchers flagged a critical flow in its Safe 3 and Safe 5 models that could lead to potential losses. The vulnerability involved a voltage glitching exploit that could bypass microcontroller safeguards, provided the attacker had physical control of the device. Trezor acknowledged the issue and has since issued firmware patches that reportedly address the vulnerability. The post Crypto investor loses $7M after using a rigged cold wallet purchased from Douyin appeared first on Invezz

Source: Invezz