- A woman lost 4.35 BTC after transferring her crypto to a compromised wallet bought from a third-party store on JD.com.
- The user failed to reset the wallet and used a preloaded seed phrase, giving the scammer full access to her funds.
- The incident highlights continued risks of buying hardware wallets from unofficial sources, which scammers exploit through pre-recorded credentials.
A woman recently lost 4.35 Bitcoin, valued at approximately $250,000, after transferring the funds to a compromised hardware wallet. Blockchain security firm SlowMist reported the incident, which highlights an ongoing threat tied to preloaded wallets sold through unauthorized sellers.
The victim bought that wallet on a third-party platform on the well-known e-commerce platform JD.com in China. The shop that had sold the gadget was already closed, and there was also no record of the businessman. It was a hardware imToken wallet, which is a well-known offline digital asset wallet.
Funds Moved After Withdrawal from Exchange
On July 26, the woman moved her Bitcoin in several batches from the OKX cryptocurrency exchange to her new wallet. Two days later, she noticed that her wallet balance had dropped to zero. After reviewing the wallet’s history, it became clear that the funds had been transferred out by an unknown party shortly after the deposits were made.
Researchers found out that the woman typed the seed phrase that was pre-installed in the wallet. This gave the scammers access to steal the funds, as they had the private keys to the wallet. In this case, the attacker could identify and redirect the Bitcoin to several external addresses since she failed to reset the device or create a new seed phrase.
Scam Method Continues to Affect Users
This method of fraud is not new. Criminals distribute tampered wallets with recorded seed phrases. Once the unsuspecting user transfers crypto into the wallet, the attacker drains the balance. Security experts say this tactic has affected many users who fail to follow basic wallet security protocols.
SlowMist emphasized the importance of purchasing hardware wallets only from official websites. Users are also urged to reset devices and generate their seed phrases before use. Sending a test transaction before moving large amounts is also recommended.
