How a Ledger user lost $6.9 million after trusting a sealed wallet from TikTok.

What is the TikTok hardware wallet scam?

A person who bought what looked like a “sealed, brand-new” hardware wallet advertised on the Chinese version of TikTok was a victim of a $6.9-million crypto heist, losing all their funds in minutes.

A late-night distress call to blockchain security firm SlowMist revealed one of 2025’s most devastating cryptocurrency thefts. Criminals are now exploiting the very security devices meant to protect users from online threats. It’s a sophisticated new threat in crypto fraud, and honestly, it’s a worry for many users to see hardware wallet tampering result in a multimillion-dollar criminal exploit.

SlowMist chief information security officer 23pds was the first to report the case. Unlike well-known scams using phishing emails, unsolicited messages or spoof websites, this attack hits the victim’s security at the hardware level.

The biggest problem of all for crypto users is that there are minimal warning signs for this type of compromise until it’s too late. 

How are counterfeit hardware wallets compromised?

The victim bought what appeared to be a legitimate Ledger hardware wallet from Douyin Shop, the e-commerce platform inside the Chinese social media version of TikTok. 

For security, you should never buy a second-hand, unsealed hardware wallet in case it has been compromised. But in this case, the buyer was tricked by the packaging. It appeared to be a factory-sealed, authentic product, complete with the original holographic stickers and a professional finish. To the unassuming users, there was nothing different or alarming about this Ledger wallet. 

In this case, when the victim set up their new wallet, it functioned completely normally, generating the usual random 24-word recovery phrase. Unfortunately, investigators would eventually determine that this was the moment the wallet was compromised before it was sold. 

In reality, the attackers had already predetermined the secret phrase or compromised the process for generating numbers. This gave them complete access to the wallet and its private keys. So, when funds were transferred to the wallet, the attackers were able to drain it instantly. 

Unfortunately, the victim had deposited around 50 million Chinese yuan ($6.9 million) into the wallet address, thinking everything was secure in cold storage. However, within hours, the criminals had emptied the wallet. 

Did you know? The global hardware wallet market was valued at over $460 million in 2024, and it is predicted to grow to over $3 billion by 2033. This makes hardware wallets, which users trust heavily, a prime target for crypto theft.

SlowMist team’s crypto investigation trail

As reported on the SlowMist X account, the victim filed an emergency report regarding the theft on June 13, 2025. 

SlowMist is a blockchain security firm that offers a number of services, including security audits and threat information and works extensively in cryptocurrency crime investigations. Its work often extends to large organizations and government bodies. 

On this occasion, it was able to trace the stolen funds, revealing they were immediately funneled through Huiwang, a shadowy entity in Cambodia. This operation was using a financial network called Huione Group, which operates “a node for laundering proceeds of cyber heists,” according to the Financial Crimes Enforcement Network, or FinCEN. 

Huiwang crypto laundering is a popular financial move for criminals, as multiple layers of obfuscation, coupled with no Anti-Money Laundering (AML) or Know Your Customer (KYC) controls, make recovery virtually impossible. So, while SlowMist could track the stolen funds, there is little hope of recovery after the cold wallet key leak. 

Did you know? TikTok and similar social media platforms are hotbeds for crypto scams. The fraud ranges from fake investment opportunities, viral video scams, unsolicited messages and compromised hardware wallet sales — all designed to con unsuspecting users out of their crypto stash. 

The growing sealed wallet crypto theft problem

The cold wallet scam shows how quickly you can lose an entire crypto stash in seconds. SlowMist’s chief security officer, 23pds, explained on X that crypto users shouldn’t gamble their “entire fortune on a ‘wallet’ that’s a few hundred bucks cheaper.” He went on to say, “This isn’t saving money, it’s throwing away your lifeline.”

Incidents like these are part of a broad surge in cryptocurrency-related fraud that is plaguing 2025. The first half of the year has seen over $2.1 billion in crypto losses across infrastructure-level attacks. 

Hardware wallet manipulation is another sophisticated vulnerability that crypto holders need to be aware of. No matter how “legitimate” a wallet product may appear, this case highlights the importance of purchasing brand-new devices directly from suppliers. It’s critical to avoid other sources, especially discount or marketplace platforms. 

Security experts have also identified multiple ways criminals can compromise hardware wallets further:

• Firmware modification: Attackers replace legitimate firmware with malicious versions that leak private keys.
• Manual replacement: Criminals include fake setup instructions directing users to pre-generated addresses.
• Supply chain infiltration: Wallets are intercepted and modified during shipping or retail distribution.
• Counterfeit manufacturing: Complete fake devices that mimic legitimate hardware wallets.

Did you know? Even one of the world’s biggest crypto firms, Coinbase, is susceptible to cyberattacks, with the company recently admitting that criminals had accessed data that was used to trick people into handing over their crypto. The criminals demanded $20 million to keep it quiet, but they refused to pay and promised to refund any person who got scammed.

How to protect against hardware crypto wallet scams

With the cryptocurrency industry worth over $3 trillion, it has become an attractive target for criminals, particularly hardware wallets, where users trust these devices to store significant funds for long periods of time. 

This means users need to take precautions to buy a crypto wallet safely and protect against private key theft:

• Packaging inconsistencies: Legitimate hardware wallet packaging uses ultrasonic welding in conjunction with tamper-proof seals. Devices held together with glue, missing exterior security packaging or preopened are major red flags.
• Cheap pricing: Wallets sold for less than the official retail price, especially on social media platforms or through unofficial channels, are likely counterfeit or compromised.
• Pre-filled information: Any wallet that comes with preset PINs, recovery phrases or setup instructions should be immediately destroyed.
• Unofficial marketplaces and retailers: Purchasing from anywhere other than the manufacturer’s official website significantly increases risk.