Close Menu
    #image_title
    Security & Scams

    Fake Cold Wallet Scam: Chinese TikTok Purchase Costs User…

    Sam Boolman | Crypto Enthusiast and WriterBy

    Fake Cold Wallet Bought on Chinese TikTok Expenses User $6.9 M in Crypto

    A cryptocurrency investor has lost almost $7 million after purchasing what seemed a genuine cold wallet through Douyin, the Chinese version of TikTok, in an advanced scam that compromised the device’s private key generation process. The victim, known as a friend of former Bitmain employee Hella, fell prey to a carefully designed hot trap that compromised the wallet’s private key at the moment of creation. Within hours of the theft being discovered, the stolen cryptocurrency had been laundered through Huiwang, a Cambodian-based network operated by the Huione Group that facilitates illicit financial activities, including crypto exchange services and darknet market operations.

    How Chinese Crypto Hardware Takes Millions in Crypto

    Criminals are now adopting a growing, dangerous trend where traditional phishing methods are aimed at hardware wallets, which users trust implicitly for enhanced security features. A SlowMist investigation revealed that the compromised wallet was marketed through Douyin’s e-commerce platform, Douyin Shop, which allows third-party sellers to offer various products, including cryptocurrency hardware. The fraudsters exploited this legitimate marketplace to distribute devices that appeared authentic and factory-sealed, often promoting them at discounted prices to attract cost-conscious buyers.

    Unlike software-based scams that rely on users making mistakes during transactions, this hardware compromise occurred at the fundamental level of private key generation. When the victim initialized their new wallet, the pre-compromised device generated keys already known to the attackers. This created an illusion of security while granting criminals complete access to funds transferred to the wallet. Within hours of the theft, the criminals had successfully moved the stolen cryptocurrency through multiple layers of obfuscation, making recovery nearly impossible. This speed and efficiency suggest coordination between hardware scammers and money laundering networks.

    Most recently, they executed a large-scale corporate social engineering campaign targeting crypto developers by conducting fake job interviews and infiltrating open-source software packages.

    Crypto Security Crisis Remains a Growing Threat

    The cold wallet scam is just one facet of an expanding organized threat towards crypto users. Criminals are moving beyond traditional fake websites and phishing emails to compromise the very tools and devices that users trust for security. Notably, this latest crypto loss occurs against a backdrop of escalating crypto security risks, with CertiK’s May 2025 Security Report revealing over $302 million lost across Web3 through various attack vectors. It exploits users’ trust in hardware security devices that are traditionally considered the gold standard for cryptocurrency storage.

    Share.
    Sam Boolman | Crypto Enthusiast and Writer

    Sam Boolman is a contributing writer at ChainIntel.org with a long-standing interest in cryptocurrency, blockchain technology, and emerging financial trends. A self-directed trader who actively invests his own capital, Sam follows the markets closely and brings a hands-on perspective to the fast-paced world of crypto journalism. With a background in business and digital media, Sam has written across a variety of sectors including tech, startups, and online finance. His curiosity and enthusiasm for the evolving digital economy fuel his exploration of Web3, decentralised finance, and market developments. Sam is passionate about making complex topics more accessible to everyday readers and continues to expand his knowledge through research, trading experience, and industry engagement.

    Related Posts

    Add A Comment
    Leave A Reply