Crypto User Swindled of $6.9 Million in Compromised Cold Wallet Heist
Please note that we are not authorised to provide any investment advice. The content on this page is for information purposes only.
On June 14, security researchers at SlowMist uncovered a shocking case in which a cryptocurrency user lost $6.9 million after purchasing a tampered cold wallet on Douyin, China’s version of TikTok.
The cold wallet was advertised as “factory-sealed” and sold at a steep discount. However, it arrived with a compromised private key, allowing hackers to drain the funds within hours of setup.
https://twitter.com/SlowMist_Team/status/1933799086106538101
The High Cost of Cheap Crypto Security
The theft highlights the risks associated with purchasing hardware wallets from unverified sellers.
SlowMist’s Chief Information Security Officer, 23pds, explained that the private key was stolen during the device’s creation.
The stolen funds were quickly funneled through a money-laundering service tied to Huione Group, a Cambodian conglomerate linked to illegal activities. Despite tracing the assets, recovery is unlikely.
An X user named Hella, who had previously worked with Bitmain’s co-founder Wu Jihan, revealed that the victim was a close friend. Hella described the fake wallet as “a carefully designed trap” and confirmed the stolen crypto moved through Huione Group’s networks in hours.
https://twitter.com/hella1413/status/1933753001195585779
SlowMist warned that over 99% of discounted cold wallets are either counterfeit or preconfigured to steal private keys during manufacturing or shipping.
This theft is one of the most significant hardware wallet–related heists in recent memory. It follows other incidents, such as a Chinese printer company’s compromised driver that led to over $953,000 in losses, and counterfeit Android phones with pre-installed malware targeting crypto apps.
The Hidden Economy Powering Crypto Crime
The wallet scam is part of a much larger problem. On May 1, 2025, the U.S. Treasury’s Financial Crimes Enforcement Network (FinCEN) labeled Huione Group as a “primary money laundering concern.”
Authorities linked the group to over $4 billion in suspicious transactions since 2021, including ties to North Korea’s Lazarus Group and “pig butchering” romance scams.
Huione’s operations span multiple platforms with little to no anti-money laundering oversight. These include Huione Pay, Huione Crypto, and a darknet marketplace called Haowang.
https://twitter.com/chainalysis/status/1933155558514651193
The group also promoted an unfreezable stablecoin (USDH) to facilitate illegal transactions. Cambodia’s central bank revoked Huione Pay’s license, and U.S. banks are now barred from dealing with the group, cutting it off from the global financial system.
In a related case, five men pleaded guilty in June to laundering nearly $37 million from American victims through crypto scams tied to Cambodia.
https://twitter.com/DOJCrimDiv/status/1932220122745143645
They used social media and dating apps to lure targets, moved funds through shell companies and offshore banks, and converted the proceeds into USDT before routing them through wallets in Sihanoukville—a region increasingly linked to scam operations.
Blockchain forensic firms, such as Elliptic and Chainalysis, continue to track these laundering networks.
Elliptic reports that Huione’s platforms processed over $28 billion in largely unregulated crypto transactions.
Meanwhile, the FBI’s 2024 Internet Crime Report noted $9 billion in U.S. crypto scam losses, a 66% increase from 2023. This figure is expected to rise in 2025 as cybercrime becomes more sophisticated.
