Crypto Investor Loses $7M After Using a Rigged Cold Wallet Purchased from Douyin

The wallet was developed to give attackers access to the private key.

A crypto investor lost nearly $7 million after buying a compromised cold wallet through Douyin, China’s version of TikTok. Cold wallets are physical hardware devices used to store cryptocurrencies offline, away from internet-connected systems, providing higher security. Unlike hot wallets, cold wallets isolate private keys from online risks, making them a safer option for long-term holders.

In this case, the victim purchased a seemingly factory-sealed cold wallet at a discount from a Douyin Shop listing, only to have the private key compromised at production. SlowMist, a blockchain security firm, revealed that the entire balance was drained within hours of use. The low cost was used as bait to sell pre-tampered wallets to unsuspecting buyers.

Hella, a former team member of Bitmain co-founder Jihan Wu, identified the victim as a close friend. The stolen funds were funneled through Huione Group, a Cambodia-based corporation with alleged ties to illegal financial services, making recovery challenging. Scams involving compromised devices distributed through third-party sellers can be hard to detect and prevent.

Buying hardware wallets from reputable manufacturers may reduce tampering risks but doesn’t eliminate all threats. For instance, Moonlock Laboratory reported a phishing campaign targeting Ledger wallet users, while Trezor faced a vulnerability issue in its Safe models. Users are advised to be cautious and prioritize security when dealing with cryptocurrency wallets.

The post Crypto investor loses $7M after using a rigged cold wallet purchased from Douyin appeared first on Invezz.