A crypto investor lost RMB 50 million after buying a “backdoor cold wallet” on Douyin
The "cold wallet" purchased by a crypto investor through Douyin had a pre-embedded backdoor, and 50 million yuan in assets were stolen instantly. SlowMist Information Security Chang 23pds repeatedly reminded: Only official purchase and self-initialization can minimize the risk.
(Preliminary information: Attention cold wallet users! The ESP32 chip has a vulnerability that can steal Bitcoin private keys. How to check whether the device is risky?)
(Background supplement: New regulations of the Financial Supervisory Commission: 70~80% of Taiwan VASP customer assets must be stored in cold wallets)
Heartbreaking! Cryptocurrency worth 50 million yuan disappeared from the cold wallet overnight. According to a post on X by SlowMist Information Security Manager 23pds on the 6th, a crypto investor came to him for help, saying that he purchased an uncertified hardware wallet through Douyin, and his assets were devoured by a wallet that was "tampered with before leaving the factory."
The police have not disclosed the details yet, but they have re-awakened investors in the currency circle that the cold wallet purchase method is very important!
⚠️Attention! Someone asked for urgent help in the middle of last night
Nearly 50 million in assets disappeared overnight, all because of buying a "cold wallet" on Douyin! 💥
🚨 Remember:
Purchasing cold wallets must go through official formal channels!
99% of the so-called "new and unopened" and "special price flash sale" cold wallets on the Internet are fake and may have been manipulated!Don’t gamble your entire fortune on a “wallet” that’s hundreds of dollars cheaper—this is not saving, it’s costing your life! 💸… https://t.co/785t52A0SE
— 23pds (山哥) (@im23pds) June 14, 2025
Be careful when purchasing cold wallets online
Unofficial channel sellers There are three common hidden traps in hardware wallets for sale: first, the device is physically unpacked, allowing attackers to preload malicious firmware; second, the recovery seed phrase is transcribed in advance, and once the buyer activates it, it is equivalent to handing over the private key; third, the lack of original firmware updates allows hackers to penetrate known vulnerabilities.
23pds Warning:
"99% of the so-called "new and unopened" and "special price flash sale" cold wallets on the Internet are fake and may have been manipulated."
Even if the device is intact, if the user accidentally leaks the seed phrase, the assets will also evaporate. Offline storage can isolate cyber attacks, but it cannot prevent physical theft and social engineering.
Official purchase and initialization by yourself are the bottom line
Dongzhi recommends that you only purchase from official websites or authorized channels of brands such as Ledger, Trezor, CoolWallet, etc., and immediately initialize and upgrade the firmware by yourself after receiving it to ensure that the private key is generated locally. Official channels can also enjoy warranty and updates, reducing the risk of software and hardware being "abandoned".
Safety habits are equally important: avoid buying second-hand wallets; handwrite seed phrases offline and store them in two or more safe locations; check firmware versions regularly; spread large assets across multiple wallets. Although these basic actions are not enough to guarantee absolute safety, they at least prevent the attacker from winning at the starting point.
Although it is less popular for Taiwanese users to use Taobao and Douyin e-commerce to purchase cold wallets, Taiwan is still a common shopping website selling "second-hand unopened", "30% off the original price" and "limited time flash sale" hardware wallets. Compared with the official price, it is only a few hundred yuan cheaper, but it may result in the loss of all your wealth. You should be careful before buying.
