Ledger Bought From Seller On Douyin Results In Massive Theft
Notice: This page is a freshly imported case study from an original repository. While the original content had a similar format, some sections may not have been fully completed. Please help fill in any empty sections or any missing information you can find. If you are new here, please read General Tutorial on Wikis or Anatomy of a Case Study for help getting started.
Notice: This page contains sources which are not attributed to any text. The unattributed sources follow the initial description. Please assist by visiting each source, reviewing the content, and placing that reference next to any text it can be used to support. Feel free to add any information that you come across which isn't present already. Sources which don't contain any relevant information can be removed. Broken links can be replaced with versions from the Internet Archive. See General Tutorial on Wikis, Anatomy of a Case Study, and/or Citing Your Sources Guide for additional information. Thanks for your help!
A friend of Twitter user @hella1413 reportedly lost around 500 million RMB (~$6.5 million USD) after using a tampered Ledger hardware wallet purchased through Douyin. The victim's name allegedly includes a zodiac character, though few details are known about how the device was compromised or what actions the user took after receiving it. The incident, shared on Twitter/X, highlights a growing wave of sophisticated scams involving fake wallets, counterfeit firmware, phishing, and social engineering. The stolen funds are still being traced, and it remains uncertain whether recovery is possible.[1][2][3][4][5]
About The Victim
The victim is a friend of Twitter user hella1413.
The name reportedly includes a zodiac character (like “Jun” for horse, “Long” for dragon, “Hu” for tiger...).
About Ledger
Based in France, Ledger is the largest cryptocurrency hardware wallet company." "Ledger is a hardware cryptocurrency wallet that is used to store, manage, and sell cryptocurrency. The funds held in these wallets are secured using a 24-word recovery phrase and an optional secret passphrase that only the owner knows."
"Ledger offers two products, the Nano S and Nano X, that can store the digital keys used to secure crypto wallets. The devices can be used with a variety of cryptocurrencies, are compatible with numerous apps, and are supposed to offer a safe way to manage crypto without compromising too much on convenience. Ledger says on its website that it has sold 1.5 million products to customers in 165 countries to date."
The Reality
This sections is included if a case involved deception or information that was unknown at the time. Examples include:
- When the service was actually started (if different than the "official story").
- Who actually ran a service and their own personal history.
- How the service was structured behind the scenes. (For example, there was no "trading bot".)
- Details of what audits reported and how vulnerabilities were missed during auditing.
What Happened
A user lost approximately $6.5 million in crypto after purchasing a compromised hardware (“cold”) wallet via Douyin.
| Date | Event | Description |
|---|---|---|
| June 13th, 2025 11:06:00 PM MDT | hella1413 Sharing Brutal Lesson | hella1413 shares the brutal lesson of his friend, who bought a cold storage wallet on social media. |
| June 13th, 2025 11:50:00 PM MDT | im23pds Tweet About Situation | im23pds, part of the SlowMist team, shares a story in Chinese about receiving an urgent request for help. It appears that the user was motivated to save some money on the purchase. |
| June 14th, 2025 2:10:00 AM MDT | SlowMist Reports From Last Night | SlowMist reported receiving the information that a user lost $6.5m from a cold wallet the previous night. They report that the private key was compromised at wallet creation. |
| June 17th, 2025 3:11:00 AM MDT | SlowMist Posts Another Tweet | SlowMist again posts a tweet about this situation, referencing their original post. |
Technical Details
Limited information is available as to how the Ledger device was tampered and what specific steps were taken by the user upon receiving the device.
There are a wide range of evolving scams involving fake devices, counterfeit firmware, phishing, and social-engineering tricks.
Total Amount Lost
The losses are reported as 500m RMB, equivalent to $6.5m USD.
The total amount lost has been estimated at $6,500,000 USD.
Immediate Reactions
The incident was shared on Twitter/X.
Ultimate Outcome
Uncertain.
Total Amount Recovered
There is no information as to whether or not any recovery will be possible.
There do not appear to have been any funds recovered in this case.
Ongoing Developments
The funds are still being traced. It is unclear if any recovery will be possible.
Individual Prevention Policies
No specific policies for individual prevention have yet been identified in this case.
For the full list of how to protect your funds as an individual, check our Prevention Policies for Individuals guide.
Platform Prevention Policies
Policies for platforms to take to prevent this situation have not yet been selected in this case.
For the full list of how to protect your funds as a financial service, check our Prevention Policies for Platforms guide.
Regulatory Prevention Policies
No specific regulatory policies have yet been identified in this case.
For the full list of regulatory policies that can prevent loss, check our Prevention Policies for Regulators guide.
References
- ↑ SlowMist - "Last night, We received an emergency report: a user lost $6.5M worth of crypto from a cold wallet. The wallet was bought via Douyin (TikTok China), but the private key was compromised at creation — and funds were drained within hours." - Twitter/X (Accessed Jun 18, 2025)
- ↑ SlowMist - "Recently, a victim suffered a loss of around $6.5 million after purchasing a hardware wallet on Douyin (China’s TikTok). As crypto values soar, attacks on hardware wallets are evolving—from fake devices, counterfeit firmware updates, phishing sites, to sophisticated social engineering traps." - Twitter/X (Accessed Jun 18, 2025)
- ↑ IM23PDS - "Warning! Last night, someone urgently asked for help Overnight, nearly 50 million in assets vanished, all because of buying a “cold wallet” on Douyin!" - Twitter/X (Accessed Jun 18, 2025)
- ↑ [x.com/evilcos/status/1933769072099131774 EvilCos - "$6.5 million stolen, I woke up this morning to a flood of messages and pulled the team to handle it... Scams related to hardware wallets always manage to trap some big players, and this time it’s a scam centered around Ledger hardware wallets. Every year, several people fall for it, and the scammers’ techniques and scripts keep evolving. But the defense is so simple, so simple I don’t even want to say it again..." - Twitter/X] (Accessed Jun 18, 2025)
- ↑ Ledger Live : Most trusted & secure crypto wallet (Accessed Feb 13, 2022)