TLDR
- Crypto user lost $6.9 million after buying discounted cold wallet from Chinese TikTok (Douyin) that was pre-compromised
- Private key was compromised during creation and funds were drained within hours of wallet setup
- Stolen funds were laundered through Huiwang network and cannot be recovered according to investigators
- Security experts warn against buying “factory sealed” or discounted wallets from unverified sellers
- Similar scams include malware-infected printers and counterfeit Android phones targeting crypto users
A cryptocurrency investor lost nearly $7 million after purchasing a discounted cold wallet through Douyin, the Chinese version of TikTok. The wallet was pre-compromised by scammers who had tampered with the device before sale.
Blockchain security firm SlowMist reported the incident on Saturday, explaining that the private key was compromised during the wallet’s creation process. The victim’s funds were completely drained within hours of setting up the wallet.
🚨 Last night, We received an emergency report: a user lost $6.5M worth of crypto from a cold wallet.
The wallet was bought via Douyin (TikTok China), but the private key was compromised at creation — and funds were drained within hours.
⚠️ Cold wallet ≠ Safe
Avoid “Factory… https://t.co/YDV4EgxD3a
— SlowMist (@SlowMist_Team) June 14, 2025
Crypto investor loses $6.9 million to pre-compromised cold wallet purchased through Chinese TikTok platform.
The attack highlights growing concerns about counterfeit and tampered crypto hardware sold through unofficial channels. Douyin operates an e-commerce platform called Douyin Shop where third-party sellers offer various products at discounted prices.
SlowMist warned that cold wallets advertised as “factory sealed” or offered at reduced prices are often compromised devices. Scammers use lower prices to attract victims looking for bargain hardware wallets.
A former Bitmain team member known as Hella on social media said the victim was a close friend. The friend called late at night, describing how the wallet turned out to be “a carefully designed hot trap.”
Stolen Funds Laundered Through Criminal Network
The stolen cryptocurrency was quickly laundered through Huiwang, also known as the Huione Group. This Cambodian conglomerate operates several illicit businesses including payment services and crypto exchanges.
Huiwang’s network includes Huione Pay PLC, Huione Crypto exchange, and the darknet marketplace Haowang Guarantee. The group specializes in processing payments for criminal activities across Southeast Asia.
SlowMist successfully tracked the stolen funds but confirmed there was little hope of recovery. The security firm’s investigation showed how quickly the funds moved through the criminal network.
The victim lost their entire crypto portfolio in the attack. The case demonstrates how hardware wallet scams can result in complete financial loss for victims.
Warning Against Counterfeit Hardware
SlowMist’s chief information security officer, known as 23pds, warned users not to “gamble your entire fortune on a wallet that’s a few hundred bucks cheaper.” The officer emphasized that buying discounted wallets is “not saving money, it’s throwing your life away.”
The security expert noted these scams are difficult to prevent because devices are shipped by third parties. The people handling shipping and packaging often don’t know they’re part of a criminal operation.
Similar attacks have targeted crypto users through other hardware channels. In May, a Chinese printer manufacturer was accused of distributing crypto-stealing malware alongside official drivers, resulting in over $953,000 in Bitcoin theft.
Cybersecurity firm Kaspersky reported in April that thousands of counterfeit Android smartphones were being sold online with preinstalled malware. These devices were specifically designed to steal cryptocurrency and other sensitive data from users.
The incident occurred as crypto users face increasing threats from compromised hardware and malware attacks targeting digital assets.
