Crypto User Loses $7M After Buying Fake Cold Wallet on Douyin
Blockchain security firm SlowMist revealed that the private key was already exposed when the wallet was created, which allowed the attackers to drain the funds within hours. The stolen assets were linked to Huiwang, a Cambodian conglomerate that is associated with the notorious darknet market Haowang Guarantee and the crypto exchange Huione. Despite reports of shutdowns, both platforms are still operational and are thriving, with Chainalysis and TRM Labs reporting over $81 billion in crypto transactions linked to Huione since 2021. Meanwhile, Tether froze $12.3 million in USDT on the Tron Network as part of its enforcement efforts against money laundering and sanctioned entities. Stablecoin issuers and law enforcement are working together to help curb illicit crypto transactions.
Crypto Fortune Vanishes…
A crypto user reportedly lost almost $7 million after purchasing a discounted cold wallet through the Chinese social media platform Douyin, which turned out to be compromised. Blockchain security firm SlowMist revealed that the private key associated with the wallet was compromised at the time of its creation, which allowed attackers to drain the funds within just a few hours. The wallet was advertised as ”factory sealed” and sold at a reduced price. Unfortunately, this is tactic often used to lure unsuspecting buyers into scams.
Douyin is the Chinese version of TikTok, and features an e-commerce platform called Douyin Shop, which enables third-party vendors to sell various products, including cold wallets. According to an X user known as Hella, a former team member of Bitcoin mining giant Bitmain, the victim was a close friend who reached out in distress after the theft occurred.
(Source: X)
Hella described the compromised wallet as a ”carefully designed hot trap” and said the stolen assets were quickly funneled through Huiwang, a Cambodian conglomerate linked to several illicit operations, including the crypto exchange Huione Crypto and darknet marketplace Haowang Guarantee.
Despite SlowMist tracking the movement of the stolen funds, recovery is unlikely. Hella and SlowMist’s chief information security officer, 23pds, both explained that purchasing wallets from unofficial or discounted sources is extremely risky. The security expert warned that saving a few hundred dollars could ultimately cost users their entire fortunes, as these devices are often tampered with before shipping. Even well-meaning third-party sellers may unknowingly distribute compromised products as part of broader scam networks.
This incident isn’t isolated. On May 19, a Chinese printer manufacturer was accused of spreading crypto-stealing malware via its official drivers, which led to the theft of close to $1 million worth of Bitcoin. Similarly, cybersecurity firm Kaspersky reported in April that thousands of counterfeit Android phones were sold online with pre-installed malware targeting cryptocurrencies and sensitive user data.
Huione Darknet Market Still Thrives
Thanks to incidents like this cold wallet case, it has become increasingly clear that, despite claims of a shutdown, the major darknet marketplace Huione is not only active but expanding its operations. On May 13, Haowang Guarantee, formerly known as Huione Guarantee, announced it will be closing after Telegram banned thousands of its accounts and channels. However, new research from Chainalysis suggests that the platform’s activity has not decreased and may have even intensified.
Haowang Guarantee website
Chainalysis reported that Huione is continuing to process billions of dollars in transactions, which indicates that its underlying operations are largely unaffected by the loss of its public-facing infrastructure. The firm described Huione’s system as “highly resilient,” capable of sustaining a vast volume of illicit transactions even after facing regulatory pressure.
Earlier, on May 1, the US Treasury’s Financial Crimes Enforcement Network (FinCEN) proposed barring the Huione Group from accessing the American banking system. The agency accused the company of facilitating money laundering for North Korea’s state-sponsored Lazarus Group. Although these announcements typically push US financial institutions to cut ties immediately, Huione showed little sign of slowing down. Chainalysis noticed that instead of declining, Huione’s transaction volume actually increased after the FinCEN notice.
(Source: Chainalysis)
A separate report from TRM Labs that was released on May 30 corroborated Huione’s continued activity, and stated that the group still operates VIP vendor channels and has received over $81 billion in cryptocurrency since 2021. This figure dwarfs the $5 billion associated with Hydra, a now-defunct Russian darknet market. TRM Labs and Chainalysis both pointed to Huione’s involvement in a wide range of cyber-enabled crimes, including pig butchering scams, online fraud, and digital heists.
In addition to the ongoing operations of Haowang Guarantee, Huione’s crypto exchange resurfaced under a new domain, but with its old branding. The exchange is still active across multiple social media platforms and Telegram channels. This means that Huione’s public communications apparatus is still functional, albeit under different guises.
Huione Group is based in Cambodia, and runs a complex network of entities including Huione Pay PLC, Huione Crypto, and the illicit marketplace Haowang Guarantee.
Tether Freezes $12 Million in Fresh Crackdown
Meanwhile, Tether froze over $12.3 million in USDT on the Tron Network as part of its ongoing mission to combat illicit activity in the crypto space. The freeze occurred at 9:15 am UTC on Sunday, according to data from Tronscan.
(Source: Tronscan)
Although Tether has not officially commented on this specific action, it aligns with the company’s strict policy on wallet freezing, which targets money laundering, terrorist financing, and compliance with US sanctions lists, particularly the Office of Foreign Assets Control (OFAC) Specially Designated Nationals (SDN) List.
This is not the first time Tether took such action. On March 6, Tether froze $27 million in USDT that was associated with the Russian crypto exchange Garantex. This led to the exchange halting operations and accusing Tether of targeting the Russian crypto market. OFAC previously sanctioned Garantex in April of 2022 for failing to meet anti-money laundering standards. Despite this, more than $15 million in reserves linked to the exchange were still identified as active on June 5.
(Source: Tether)
Tether’s wallet-freezing capabilities have drawn a lot of criticism from decentralization advocates, but they have also proven quite effective when it comes to stopping criminal activity. The company, in collaboration with the Tron Network and blockchain analytics firm TRM Labs, formed the T3 Financial Crimes Unit (FCU), which successfully froze $126 million worth of USDT in its first six months of operation. The FCU assists law enforcement globally by identifying and halting illicit crypto transactions.
The need for such enforcement was made especially clear by the actions of the Lazarus Group, which laundered more than $200 million in stolen crypto between 2020 and 2023. Tether blacklisted over $374,000 in stolen funds in November of 2023, and together with other stablecoin issuers, helped block an additional $3.4 million tied to addresses linked to Lazarus.
Crypto User Loses $7M After Buying Fake Cold Wallet on Douyin
Blockchain security firm SlowMist revealed that the private key was already exposed when the wallet was created, which allowed the attackers to drain the funds within hours. The stolen assets were linked to Huiwang, a Cambodian conglomerate that is associated with the notorious darknet market Haowang Guarantee and the crypto exchange Huione. Despite reports of shutdowns, both platforms are still operational and are thriving, with Chainalysis and TRM Labs reporting over $81 billion in crypto transactions linked to Huione since 2021. Meanwhile, Tether froze $12.3 million in USDT on the Tron Network as part of its enforcement efforts against money laundering and sanctioned entities. Stablecoin issuers and law enforcement are working together to help curb illicit crypto transactions.
Crypto Fortune Vanishes…
A crypto user reportedly lost almost $7 million after purchasing a discounted cold wallet through the Chinese social media platform Douyin, which turned out to be compromised. Blockchain security firm SlowMist revealed that the private key associated with the wallet was compromised at the time of its creation, which allowed attackers to drain the funds within just a few hours. The wallet was advertised as ”factory sealed” and sold at a reduced price. Unfortunately, this is tactic often used to lure unsuspecting buyers into scams.
Douyin is the Chinese version of TikTok, and features an e-commerce platform called Douyin Shop, which enables third-party vendors to sell various products, including cold wallets. According to an X user known as Hella, a former team member of Bitcoin mining giant Bitmain, the victim was a close friend who reached out in distress after the theft occurred.
(Source: X)
Hella described the compromised wallet as a ”carefully designed hot trap” and said the stolen assets were quickly funneled through Huiwang, a Cambodian conglomerate linked to several illicit operations, including the crypto exchange Huione Crypto and darknet marketplace Haowang Guarantee.
Despite SlowMist tracking the movement of the stolen funds, recovery is unlikely. Hella and SlowMist’s chief information security officer, 23pds, both explained that purchasing wallets from unofficial or discounted sources is extremely risky. The security expert warned that saving a few hundred dollars could ultimately cost users their entire fortunes, as these devices are often tampered with before shipping. Even well-meaning third-party sellers may unknowingly distribute compromised products as part of broader scam networks.
This incident isn’t isolated. On May 19, a Chinese printer manufacturer was accused of spreading crypto-stealing malware via its official drivers, which led to the theft of close to $1 million worth of Bitcoin. Similarly, cybersecurity firm Kaspersky reported in April that thousands of counterfeit Android phones were sold online with pre-installed malware targeting cryptocurrencies and sensitive user data.
Huione Darknet Market Still Thrives
Thanks to incidents like this cold wallet case, it has become increasingly clear that, despite claims of a shutdown, the major darknet marketplace Huione is not only active but expanding its operations. On May 13, Haowang Guarantee, formerly known as Huione Guarantee, announced it will be closing after Telegram banned thousands of its accounts and channels. However, new research from Chainalysis suggests that the platform’s activity has not decreased and may have even intensified.
Haowang Guarantee website
Chainalysis reported that Huione is continuing to process billions of dollars in transactions, which indicates that its underlying operations are largely unaffected by the loss of its public-facing infrastructure. The firm described Huione’s system as “highly resilient,” capable of sustaining a vast volume of illicit transactions even after facing regulatory pressure.
Earlier, on May 1, the US Treasury’s Financial Crimes Enforcement Network (FinCEN) proposed barring the Huione Group from accessing the American banking system. The agency accused the company of facilitating money laundering for North Korea’s state-sponsored Lazarus Group. Although these announcements typically push US financial institutions to cut ties immediately, Huione showed little sign of slowing down. Chainalysis noticed that instead of declining, Huione’s transaction volume actually increased after the FinCEN notice.
(Source: Chainalysis)
A separate report from TRM Labs that was released on May 30 corroborated Huione’s continued activity, and stated that the group still operates VIP vendor channels and has received over $81 billion in cryptocurrency since 2021. This figure dwarfs the $5 billion associated with Hydra, a now-defunct Russian darknet market. TRM Labs and Chainalysis both pointed to Huione’s involvement in a wide range of cyber-enabled crimes, including pig butchering scams, online fraud, and digital heists.
In addition to the ongoing operations of Haowang Guarantee, Huione’s crypto exchange resurfaced under a new domain, but with its old branding. The exchange is still active across multiple social media platforms and Telegram channels. This means that Huione’s public communications apparatus is still functional, albeit under different guises.
Huione Group is based in Cambodia, and runs a complex network of entities including Huione Pay PLC, Huione Crypto, and the illicit marketplace Haowang Guarantee.
Tether Freezes $12 Million in Fresh Crackdown
Meanwhile, Tether froze over $12.3 million in USDT on the Tron Network as part of its ongoing mission to combat illicit activity in the crypto space. The freeze occurred at 9:15 am UTC on Sunday, according to data from Tronscan.
(Source: Tronscan)
Although Tether has not officially commented on this specific action, it aligns with the company’s strict policy on wallet freezing, which targets money laundering, terrorist financing, and compliance with US sanctions lists, particularly the Office of Foreign Assets Control (OFAC) Specially Designated Nationals (SDN) List.
This is not the first time Tether took such action. On March 6, Tether froze $27 million in USDT that was associated with the Russian crypto exchange Garantex. This led to the exchange halting operations and accusing Tether of targeting the Russian crypto market. OFAC previously sanctioned Garantex in April of 2022 for failing to meet anti-money laundering standards. Despite this, more than $15 million in reserves linked to the exchange were still identified as active on June 5.
(Source: Tether)
Tether’s wallet-freezing capabilities have drawn a lot of criticism from decentralization advocates, but they have also proven quite effective when it comes to stopping criminal activity. The company, in collaboration with the Tron Network and blockchain analytics firm TRM Labs, formed the T3 Financial Crimes Unit (FCU), which successfully froze $126 million worth of USDT in its first six months of operation. The FCU assists law enforcement globally by identifying and halting illicit crypto transactions.
The need for such enforcement was made especially clear by the actions of the Lazarus Group, which laundered more than $200 million in stolen crypto between 2020 and 2023. Tether blacklisted over $374,000 in stolen funds in November of 2023, and together with other stablecoin issuers, helped block an additional $3.4 million tied to addresses linked to Lazarus.