Beware: Chinese Crypto Investor Loses $7M Due to Compromised Cold Wallet

• A Chinese crypto investor has lost almost US$7 million worth of crypto assets after buying a discounted cold wallet through an online marketplace, which turned out to be compromised.
• Blockchain security firm SlowMist believes the victims assets were funnelled through the notorious Huiwang, a company notorious for facilitating cybercrime.
• SlowMist has warned people not to buy discounted cold wallets through unofficial channels.

News Flash! Buying a bargain-basement crypto cold wallet from a dodgy website or a social media marketplace may not be a great financial decision.

A Chinese crypto investor learnt this lesson the hard way after losing almost US$7 million (AUD$10.7m) worth of crypto assets as a result of buying a discounted, and compromised, cold wallet through Douyin, the Chinese version of TikTok. Douyin has a marketplace where users can buy and sell products, similar to Facebook Marketplace.

Blockchain security firm, SlowMist, said the wallets private key was compromised at creation and the users US$6.5 million in digital assets were drained within hours.

SlowMist warned its followers that simply using a cold wallet doesnt necessarily mean their digital assets are safe, cautioning against buying discounted wallets through unofficial channels:  

Advertisement

Avoid Factory sealed or Discounted cold wallets 99% are tampered.

Related: USChina Tariffs Shake Markets as Australian Analysts Weigh In on Handshake Agreement

A Chinese X/Twitter user who goes by the handle Hella claimed the victim was a close friend whod contacted him the previous night to inform him of the theft. In his post, (translated from Mandarin to English using Google Translate) Hella said:

Nearly 50 million evaporated overnight! Just because I bought a cold wallet on Douyin? A bloody lesson! A late night phone call gave me chills! A close friend of mine had just experienced the darkest moment of his life nearly 50 million RMB worth of cryptocurrency he held was stolen!

Hella described the theft as a carefully designed hot trap, adding that the stolen assets were washed away through Huiwang within a few hours. According to Hella, the stolen assets were traced to Huiwang by SlowMist after the victim contacted the blockchain security firm for help recovering their assets.

Huiwang, also known as Huione Group, is a Cambodian-based group of companies which offers a variety of services including payment processing, largely servicing the scamster and fraudster markets. The conglomerate has a rich history of being widely used by cybercriminals for money laundering. Earlier this year the US Treasury Department sought to blacklist Huione Group from the US financial system over concerns surrounding its facilitation of cybercrime.

SlowMists chief information security officer, posting on X / Twitter under the handle 23pds, reiterated the risks of buying cold wallets through unofficial channels: Purchase of cold wallets must be done through official channels! 23pds said. 

Dont gamble your entire fortune on a wallet thats a few hundred bucks cheaper thats not saving money, its throwing your life away!

While this particular scam hit a Chinese investor, Aussies are also very much at risk.

Advertisement

In April, the Federal Court ruled that the Australian Securities and Investments Commission (ASIC) could proceed with its plan to shut down 95 companies engaged in crypto and romance scams known colloquially as pig butchering.

Related: Crypto ATM Scams Rip Off Aussies: Seniors Bear the Brunt

ASICs Deputy Chair, Sarah Court, said eliminating the risk posed by these dodgy companies is very difficult and urged Aussies to continue to be on the look out for these kinds of scams:

These scams are like hydras: you shut down one and two more take its place. Thats why were warning consumers that the threat of scams and identity fraud remains high. We remind consumers to be vigilant.