Nearly $7M Crypto Funds Lost via Compromised Discounted Cold Wallet
A crypto investor reportedly lost approximately $7 million worth of cryptocurrency after purchasing a factory-discounted cold wallet on Douyin, the Chinese version of TikTok. According to blockchain security firm SlowMist, the wallet’s private key was compromised during its creation, leading to the full depletion of the assets within hours. This incident serves as a stark warning about the risks of sourcing hardware wallets from third-party online marketplaces at discounted prices.
Source: SlowMist
Cold Wallet Compromise Mechanism
The compromised wallet was advertised at a discounted rate, likely by third-party sellers utilizing Douyin’s e-commerce functionality, specifically the Douyin Shop feature allowing third-party sales.
SlowMist identified that the vulnerability occurred “at creation” of the private key, implying the device itself was tampered with before reaching the buyer. This is a common tactic where thieves create a counterfeit or compromised hardware wallet using legitimate-looking packaging and branding to appear factory-sealed or discounted.
Security expert Hella (@Hella), formerly associated with Bitmain co-founder Jihan Wu, confirmed receiving a panicked call from an affected friend minutes after it occurred. Hella’s X (formerly Twitter) posts, subsequently translated, indicated the stolen assets were laundered via Huiwang (Huione Group), a known Cambodian firm linked to illicit crypto infrastructure, including a payment network and a darknet exchange.
The stolen funds were effectively irrecoverable. SlowMist’s chief information security officer, 23pds (@23pds), emphasized in a translated warning, “Ultimately, it’s not saving money, it’s throwing your life away,” cautioning against purchasing significantly discounted cold wallets online.
Source: 23pds
Broadening the Threat Landscape
Security researcher 23pds highlighted a critical vulnerability: these scams are challenging to prevent because devices can be shipped by third parties completely unaware they are facilitating fraud. Sellers, lacking knowledge of the scam plot, simply fulfill the transaction.
Related Malware Attacks Highlight Supply Chain Risks
While this incident involved compromised hardware directly before sale, other reports this month underscore supply chain risks for crypto assets:
- On May 19: A Chinese printer manufacturer was accused of distributing crypto-stealing malware bundled with its official software/drivers.
- On April 1: Kaspersky uncovered thousands of counterfeit Android smartphones sold online preloaded with malware targeting crypto theft and sensitive personal information.
