Major Losses in Cryptocurrency Due to Compromised Cold Wallets
A user of cryptocurrency has suffered a staggering loss of approximately $7 million due to a compromised cold wallet purchased through Douyin, the Chinese equivalent of TikTok. According to SlowMist, a prominent blockchain security company, it was revealed that the private key of the wallet was compromised right from its creation, leading to a swift depletion of the user’s assets within mere hours.
Recurring Issues in the Crypto Market
The situation highlights a recurrent issue in the crypto market, where enticing deals on cold wallets, especially those marketed as ‘factory sealed’ or available at discounted prices, are often traps set by hackers. This warning comes as Douyin has integrated e-commerce capabilities into its platform, enabling various third-party vendors to sell products.
A Chilling Recount
In a chilling recount from an individual known as Hella, a former member of the team led by Jihan Wu—the co-founder of Bitcoin mining powerhouse Bitmain—the victim, a close acquaintance, reached out with distressing news late at night. Hella characterized the wallet as an intricately designed “hot trap,” asserting that the stolen cryptocurrency was swiftly funneled through a network connected to the Huione Group, a Cambodian business conglomerate engaged in various illicit transactions, including crypto exchanges and darknet operations.
Hella emphasized the necessity of prudently selecting trustworthy sources when purchasing cold wallets, warning that the majority available online are fraudulent. While SlowMist succeeded in tracing the stolen assets, Hella expressed skepticism about the possibility of recovering the lost funds from the perpetrators.
Warnings from Security Experts
Moreover, the chief information security officer from SlowMist, posting under the handle 23pds, took to social media to underline the risks associated with attempting to save money by purchasing cheaper wallets, stating:
“It’s not saving money, it’s throwing your life away.”
They pointed out that these scams are particularly challenging to thwart since the devices are often dispatched by third parties who might be oblivious to their involvement in a scam.
Similar Incidents in the Industry
Additionally, this incident is not isolated; just weeks prior, a Chinese printer manufacturer faced allegations of distributing malware designed to steal cryptocurrencies along with its legitimate software drivers, resulting in considerable financial losses. Similarly, Kaspersky, a global cybersecurity firm, reported discovering numerous counterfeit Android smartphones online pre-loaded with malware aimed at capturing not only crypto but other sensitive information.
