A user lost $6.5 million in crypto after unknowingly purchasing a compromised cold wallet through TikTok China.
In a recent post on X, blockchain security firm SlowMist reported that a user lost $6.5 million worth of crypto after purchasing a compromised cold crypto wallet through Douyin, the Chinese version of TikTok. The wallet, though seemingly factory sealed, had its private key compromised at creation. Just hours after the user transferred funds into it, the assets were drained.
“Avoid “Factory sealed” or “Discounted cold wallets” — 99% are tampered,” the firm warned.
The incident mirrors the Trezor Model T incident investigated by Kaspersky in 2023, where a perfectly sealed but counterfeit wallet contained altered firmware and pre-generated seed phrases, allowing attackers to silently drain funds weeks after the user unknowingly activated the compromised device. That device was also bought from an unofficial online seller, who marketed it as brand new and factory sealed.
User @hella, who identified themselves as a close friend of the victim, said that although SlowMist was contacted and began tracing the transaction flow, recovery is unlikely.
“When buying a cold wallet, you must choose a reliable channel. Most of the ones on the internet are fake,” @hella wrote.
He also explained that once the funds were stolen, they were funneled through a laundering network suspected to be linked to Huiwang.
Huiwang (aka Huione Group) is a Cambodian conglomerate linked to the massive crypto-powered, Telegram-based black market and money laundering network known as Haowang Guarantee. Despite reports of a recent shutdown and the removal of its official channels, the network has recently resurfaced under a new domain and remains fully operational. According to Chainalysis, its transaction volumes have even increased after Huione Group’s designation as a primary money laundering concern by FinCEN.
