A recent incident has drawn attention to the security issues of crypto wallets, as a user lost a significant amount due to the purchase of a compromised device through TikTok.
Incident with Cold Wallet
A user lost $6.5 million in cryptocurrency after purchasing a cold wallet that turned out to be compromised. According to blockchain security firm SlowMist, the wallet was bought through Douyin and, although it appeared sealed, its private key was compromised at the manufacturing stage. Soon after the user transferred funds into the wallet, all crypto assets were drained.
Expert Warnings
SlowMist cautioned users against purchasing "factory-sealed" or "discounted cold wallets," stating that 99% of such devices may be tampered. This warning is particularly relevant following an investigation by Kaspersky, which outlined a similar case with a counterfeit Trezor Model T wallet that was also under the control of attackers.
Connection to Money Laundering Network
User @hella, who identified themselves as a close friend of the victim, mentioned that after the theft, the funds were funneled through a laundering network suspected to be linked to Huiwang, a known Cambodian conglomerate. This group had previously been associated with a black market and money laundering network used for cryptocurrency schemes. According to Chainalysis, the transaction volumes in this network increased even after recent attempts to shut down its channels.
This incident highlights the importance of caution when selecting providers of cryptocurrency solutions and warns users against purchasing cold wallets through unreliable channels.
