A crypto investor lost $6.5 million after purchasing a fake cold wallet at a discount through Douyin, the Chinese version of TikTok. The incident occurred because the device was compromised during production, allowing scammers to gain access to the private key in advance, enabling them to quickly transfer all funds to their accounts immediately after the wallet was activated.
This is reported by Бізнес • Медіа
How the Cold Wallet Scam Worked
The victim purchased the wallet from Douyin Shop — a marketplace where third-party sellers can offer their products. The appearance of the device raised no suspicions, as it came in “factory-sealed packaging.” However, this was part of the scam: the private key had already been compromised, rendering all subsequent actions by the investor defenseless against the criminals.
“When buying a cold wallet, choose a reliable channel. Most of those available online are fake,” warned a former member of Jihan Wu’s team, co-founder of Bitmain, under the pseudonym Hella.
Expert Hella reported that the victim — a close acquaintance of his — contacted him in shock during the night. In his post, he referred to the device as a “carefully designed trap” and added that the funds from the wallet were laundered through Huiwang within a few hours.
Money Laundering Through an International Conglomerate
Huiwang (Huione Group) is a Cambodian business conglomerate operating in a gray legal area. The group includes the payment system Huione Pay PLC, the cryptocurrency exchange Huione Crypto, and the darknet marketplace Haowang Guarantee. According to analysts at Elliptic, by early 2025, Huione Guarantee became the largest illegal marketplace with transactions totaling $24 billion.
Experts from SlowMist emphasized the dangers of purchasing suspiciously cheap hardware wallets. The head of the information security department at SlowMist, under the pseudonym 23pds, noted:
“This is not saving money — it’s throwing your life in the trash. Don’t play with your wealth by buying a wallet that is only a few hundred dollars cheaper,” he wrote.
Experts add that hardware wallet fraud is difficult to trace, as logistics are often carried out through third parties who are not even aware of their involvement in the scheme. Although SlowMist managed to trace the movement of the stolen funds, the chances of recovery, according to Hella, are almost nonexistent.
In June 2024, SlowMist noted in its report that phishing schemes and careless wallet usage are among the main reasons for the loss of crypto assets among investors.