Fake Cold Wallet Bought on Chinese TikTok Costs User $6.9M in Crypto

Crypto Journalist

Anas Hassan

Crypto Journalist

Anas Hassan

About Author

Anas is a crypto native journalist and SEO writer with over five years of writing experience covering blockchain, crypto, DeFi, and emerging tech.

Author Profile

Share

Copied

Last updated: 

June 16, 2025

Why Trust Cryptonews

Cryptonews has covered the cryptocurrency industry topics since 2017, aiming to provide informative insights to our readers. Our journalists and analysts have extensive experience in market analysis and blockchain technologies. We strive to maintain high editorial standards, focusing on factual accuracy and balanced reporting across all areas - from cryptocurrencies and blockchain projects to industry events, products, and technological developments. Our ongoing presence in the industry reflects our commitment to delivering relevant information in the evolving world of digital assets. Read more about Cryptonews

A crypto investor has lost nearly $7 million after purchasing what appeared to be a legitimate cold wallet through Douyin, the Chinese version of TikTok, only to discover the device was a sophisticated trap designed to steal digital assets.

The victim, described as a close friend of former Bitmain team member Hella, fell prey to what security experts call a “carefully designed hot trap” that compromised the wallet’s private key at the moment of creation.

Within hours of the theft being discovered, the stolen cryptocurrency had been laundered through Huiwang, a Cambodian-based network operated by the Huione Group that facilitates illicit financial activities, including crypto exchange services and darknet marketplace operations.

How Chinese Crypto Hardware Stole Millions in Crypto

Criminals are now adopting a growing, dangerous trend where traditional phishing techniques are targeted at hardware wallets, which users trust implicitly for enhanced security features.

A SlowMist investigation revealed that the compromised wallet was marketed through Douyin’s e-commerce platform, Douyin Shop, which allows third-party sellers to offer various products, including cryptocurrency hardware.

The scammers exploited this legitimate marketplace to distribute devices that appeared factory-sealed and authentic, often advertising them at discounted prices to attract cost-conscious buyers.

Unlike software-based scams that rely on users making mistakes during transactions, this hardware compromise occurred at the fundamental level of private key generation.

When the victim initialized their new wallet, the pre-compromised device generated keys already known to the attackers. This created an illusion of security while providing criminals complete access to funds transferred to the wallet.

Within hours of the theft, the criminals had successfully moved the stolen cryptocurrency through multiple layers of obfuscation, making recovery virtually impossible.

This speed and efficiency suggest coordination between hardware scammers and money laundering networks. North Korea hackers are well known for these types of large-scale organized crimes.

Most recently, they executed a large-scale corporate social engineering campaign targeting crypto developers by conducting fake job interviews and infiltrating open-source software packages.

Crypto Security Crisis Remains a Growing Threat

The cold wallet scam is just one facet of an expanding organized threat towards crypto users. Criminals are moving beyond traditional phishing emails and fake websites to compromise the very tools and devices that users trust for security.

Recent months have witnessed a surge in similar attacks, including the distribution of malware-infected Ledger Live applications targeting macOS users and the revelation that Chinese printer manufacturer Procolored had been distributing Bitcoin-stealing malware alongside official drivers, resulting in the theft of 9.3 BTC worth over $953,000.

The Atomic macOS Stealer, discovered embedded across at least 2,800 compromised websites, was a convincing fake version of legitimate applications like Ledger Live, with authentic interfaces that trick users into revealing their seed phrases.

The increasing sophistication of these attacks has prompted major technology companies to take decisive action.

Microsoft recently collaborated with international law enforcement to disrupt the Lumma Stealer malware operation, seizing nearly 2,300 websites linked to the criminal infrastructure.

Notably, this latest crypto loss occurs against a backdrop of escalating crypto security threats, with CertiK’s May 2025 Security Report revealing over $302 million lost across Web3 through various attack vectors.

The report showed a dramatic 4,483% increase in losses from code vulnerabilities, totaling $229.6 million in May alone, while phishing attacks continued to plague the ecosystem with $47.6 million in losses.

The cold wallet scam represents a particularly insidious evolution in crypto crime. It exploits users’ trust in hardware security devices that are traditionally considered the gold standard for cryptocurrency storage.