A crypto user has reportedly lost nearly $7 million after purchasing a discounted cold wallet through Douyin, the Chinese version of TikTok — only to discover the device was compromised.
Blockchain security firm SlowMist revealed in a post on X that the wallet’s private key had been exposed at the time of creation. As a result, the user’s funds were drained within hours of being transferred to the wallet.
While buying a bargain cold wallet might appear cost-effective, SlowMist warned that discounted or supposedly “factory-sealed” wallets are often tampered with. The low price, they noted, is frequently used as bait to lure unsuspecting victims into security traps.
Douyin features an integrated e-commerce platform called Douyin Shop, where third-party vendors can list and sell a wide range of products.
Crypto “Wiped Out” in Just Hours
An X user known as Hella — a former team member under Bitmain co-founder Jihan Wu — shared that the victim was a close friend who called late at night in a conversation that “gave me chills.”
According to Hella, the cold wallet was actually a “carefully designed hot trap,” and the stolen crypto was quickly laundered through Huiwang, a shadowy network of businesses run by Cambodia’s Huione Group. A translated version of the Saturday post said the stolen funds were “washed away through Huiwang within a few hours.”
The Huione Group is allegedly tied to several illicit operations, including payment service Huione Pay PLC, crypto platform Huione Crypto, and the darknet marketplace Haowang Guarantee.
“When purchasing a cold wallet, always use a trusted source,” Hella warned. “Most wallets sold online are fake.”
Stolen Funds Likely Gone for Good
SlowMist was able to trace the stolen funds, but Hella noted there was “little hope of recovering” them from the attackers.
In a translated post on X, SlowMist’s chief information security officer, known as 23pds, emphasized the broader lesson: “Don’t gamble your entire fortune on a wallet that’s a few hundred bucks cheaper.” He added, “It’s not saving money — it’s throwing your life away.”
23pds added that scams like these are especially hard to prevent because the devices are typically shipped by third-party sellers — and the individuals involved in packing or delivering them often have no idea they’re participating in a larger scam operation.
Scammers Can Pre-Install Malware on Devices
On May 19, a Chinese printer manufacturer came under fire for allegedly bundling crypto-stealing malware with its official driver software — an attack that led to the theft of over $953,000 worth of Bitcoin.
Earlier, on April 1, cybersecurity firm Kaspersky reported discovering thousands of fake Android smartphones being sold online, each loaded with preinstalled malware aimed at stealing cryptocurrencies and other sensitive personal data.
