A user bought a compromised cold wallet on Douyin E-commerce and lost $6.9 million overnight, revealing the risks of hardware supply chain attacks. (Background: A crypto investor lost 50 million RMB after buying a 'backdoor cold wallet' on Douyin) (Additional context: Cold wallet users beware! ESP32 chip vulnerability revealed that 'Bitcoin private keys can be stolen.' How to check if your device is at risk?) On the 16th, a crypto investor acquired a cold wallet with 'original factory seal, low-price flash sale' through Douyin Shop, only to find their account emptied of $6.9 million the next day. SlowMist tracked on-chain data and indicated that the private key leaked during manufacturing, with hackers funneling the funds into a channel controlled by the Cambodian Huiwang group, completing the money laundering in just a few hours. The incident highlights that the firepower of hardware supply chain attacks is shifting towards the wallet market. Malicious firmware targets private key generation. SlowMist's technical team extracted the wallet firmware and found an additional 4KB of code compared to the original factory image, used to transmit the Seed Phrase. The investigation report shows that the malicious program includes a fixed IP list, and the stolen assets were also routed through the same nodes to the Huiwang address. Former Bitmain member Hella revealed that victims described the wallet as 'a meticulously designed hot trap' during calls. 'Don't risk your life savings just to save a few hundred dollars,' cautioned SlowMist's CISO '23pds.' Supply chain attacks are not limited to wallets. Analysts pointed out that hackers have long embedded corresponding trojans in printer drivers and counterfeit Android phones. In another case in June, a printer driver theft incident and a trojan pre-installed in counterfeit phones employed similar methods, implanting malicious programs early in the production line. Cybersecurity researchers noted that as hardware products become more modular, replacing a single component can open a backdoor. Official purchases and offline initialization are the only reliable methods. Cybersecurity experts recommend: First, purchase directly from the manufacturer or authorized distributors to avoid unknown discounts. Second, generate the Seed Phrase in an offline environment after unboxing and add Passphrase strength. Third, keep firmware updated, enable multi-factor authentication, and regularly monitor asset changes. Cold wallets can reduce the risk of online attacks, but if the private key 'runs naked' on the production line, no vault can keep it safe. Related reports: Vitalik Buterin calls 'multi-signature + cold wallet the safest' only to be contradicted by hackers; experts: The Bybit incident impacts many institutions, and cybersecurity restructuring may take up to six months. Are hardware cold wallets 100% safe? You need to understand two types of fraud traps. Is Bitcoin's crash related to the Los Angeles fire? Internet users lament: cold wallets, mnemonic phrases, and houses are all burned down… 'Douyin sells cold wallets and suffers a theft of $6.9 million,' SlowMist analyzes: private key leaked during generation. This article was first published on BlockTempo (the most influential blockchain news media).