What is the TikTok hardware wallet scam?
A person who bought what looked like a “sealed, brand-new” hardware wallet advertised on the Chinese version of TikTok was a victim of a $6.9-million crypto heist, losing all their funds in minutes.
A late-night distress call to blockchain security firm SlowMist revealed one of 2025’s most devastating cryptocurrency thefts. Criminals are now exploiting the very security devices meant to protect users from online threats. It’s a sophisticated new threat in crypto fraud, and honestly, it’s a worry for many users to see hardware wallet tampering result in a multimillion-dollar criminal exploit.
SlowMist chief information security officer 23pds was the first to report the case. Unlike well-known scams using phishing emails, unsolicited messages or spoof websites, this attack hits the victim’s security at the hardware level.
The biggest problem of all for crypto users is that there are minimal warning signs for this type of compromise until it’s too late.
How are counterfeit hardware wallets compromised?
The victim bought what appeared to be a legitimate Ledger hardware wallet from Douyin Shop, the e-commerce platform inside the Chinese social media version of TikTok.
For security, you should never buy a second-hand, unsealed hardware wallet in case it has been compromised. But in this case, the buyer was tricked by the packaging. It appeared to be a factory-sealed, authentic product, complete with the original holographic stickers and a professional finish. To the unassuming users, there was nothing different or alarming about this Ledger wallet.
In this case, when the victim set up their new wallet, it functioned completely normally, generating the usual random 24-word recovery phrase. Unfortunately, investigators would eventually determine that this was the moment the wallet was compromised before it was sold.
In reality, the attackers had already predetermined the secret phrase or compromised the process for generating numbers. This gave them complete access to the wallet and its private keys. So, when funds were transferred to the wallet, the attackers were able to drain it instantly.
Unfortunately, the victim had deposited around 50 million Chinese yuan ($6.9 million) into the wallet address, thinking everything was secure in cold storage. However, within hours, the criminals had emptied the wallet.
Did you know? The global hardware wallet market was valued at over $460 million in 2024, and it is predicted to grow to over $3 billion by 2033. This makes hardware wallets, which users trust heavily, a prime target for crypto theft.
SlowMist team’s crypto investigation trail
As reported on the SlowMist X account, the victim filed an emergency report regarding the theft on June 13, 2025.
SlowMist is a blockchain security firm that offers a number of services, including security audits and threat information and works extensively in cryptocurrency crime investigations. Its work often extends to large organizations and government bodies.
On this occasion, it was able to trace the stolen funds, revealing they were immediately funneled through Huiwang, a shadowy entity in Cambodia. This operation was using a financial network called Huione Group, which operates “a node for laundering proceeds of cyber heists,” according to the Financial Crimes Enforcement Network, or FinCEN.
Huiwang crypto laundering is a popular financial move for criminals, as multiple layers of obfuscation, coupled with no Anti-Money Laundering (AML) or Know Your Customer (KYC) controls, make recovery virtually impossible. So, while SlowMist could track the stolen funds, there is little hope of recovery after the cold wallet key leak.
Did you know? TikTok and similar social media platforms are hotbeds for crypto scams. The fraud ranges from fake investment opportunities, viral video scams, unsolicited messages and compromised hardware wallet sales — all designed to con unsuspecting users out of their crypto stash.
The growing sealed wallet crypto theft problem
The cold wallet scam shows how quickly you can lose an entire crypto stash in seconds. SlowMist’s chief security officer, 23pds, explained on X that crypto users shouldn’t gamble their “entire fortune on a ‘wallet’ that’s a few hundred bucks cheaper.” He went on to say, “This isn’t saving money, it’s throwing away your lifeline.”
Incidents like these are part of a broad surge in cryptocurrency-related fraud that is plaguing 2025. The first half of the year has seen over $2.1 billion in crypto losses across infrastructure-level attacks.
Hardware wallet manipulation is another…
cointelegraph.com