Wallet of Mask Network’s founder drained, all assets swapped to Ethereum (ETH)
The wallet of Mask Network’s founder, Suji Yan, has been drained, and the funds have been swapped into Ethereum (ETH). An estimated $4M were stolen from a mobile wallet.
A wallet belonging to Mask Network founder Suji Yan has been drained, with all funds swapped to Ethereum (ETH). The funds were split into six new wallets, which could be a preparation for mixing or further swaps.
Yan later confirmed one of his mobile wallets was affected, possibly while he left his phone unattended for a while, suspecting a manual attack. The funds were stolen from his wallet labeled Sujiyan.eth, or kmt.eth wallet. The hacker only took the largest balances, mostly on the Ethereum network. The fact that the wallet was not drained of all balances was seen as evidence of a manual attack with short-term access to the wallet. Yan has not mentioned any suspicious app usage or other vectors where all tokens could be moved.
I turned 29 yrs old today, 6 hours ago. Around 3 hours ago – one of my public wallet I carried on my phone was hacked and 4m$+ assets was stolen. All the stolen tx seems manual and span 11+ mins.
So either the private key was leaked same day as my birthday and hacker manual tsf… https://t.co/SkuIb2nrPf
— Suji Yan – Mask is BUIDLing (@suji_yan) February 27, 2025
The biggest haul was for 113 ETH, 156 weETH, and 953 WETH, with losses estimated at around $4M. The losses included 48.4K MASK tokens, valued at over $100K.
The hacker created a new wallet six days ago but only used it to withdraw Yan’s holdings on February 27. Yan stored his assets in a multi-chain wallet, but the attacker only picked Ethereum-based assets, abandoning other holdings on Base, BNBChain and some smaller token holdings.
The swap of all assets into ETH and splitting them into wallets has been noted as one of the key moves of the Lazarus group. ZachXBT is investigating the case, though for now, most split funds remain unrecovered. Yan has contacted on-chain investigators in a bid to blacklist the addresses and potentially recover the funds. The final transfers from Yan’s wallet ended up on seven addresses.
Suji Yan warned of social engineering attacks against Web3 projects
The founder of Mask Network was keen on popularizing Web3 while maintaining safety. Just before the wallet attack, he warned of social engineering methods for attacking Web3 infrastructure. Yan claimed North Korea possibly sent ‘swallows’, beautiful female agents who could be part of the social engineering process. The founder also suspected ‘swallows’ could infiltrate project founders and use their influence to steal crypto or find security loops.
‘Web3 is already a highly watched industry. Sovereign states are fighting in a Cold War style,’ wrote Yan in a recent message on X.
His statement comes just days after unravelling the attack against Bybit. The exploit had reportedly relied on access to one of the team’s computers, which spoofed the Safe wallet frontend and built a malicious transaction, presenting it for signing to all multisig key holders.
Mask Network not affected by the wallet attack
Yan’s Web3 project, Mask Network, was not directly affected by the hack. After the attack, MASK tokens traded with limited changes at $2.14. The protocol itself remains safe and has not reported attacks or losses.
Mask Network aims to connect Web2 services and social media with Web3 features, such as encrypted messages and decentralized identities and profiles. Mask Network can connect to X, Facebook, Instagram, Minds, and Mirror, offering additional data and connections to wallet-based identities.
While Web3 has grown its use cases, it was also one of the major doorways to exploits, as some of the apps could obscure the recipient of transactions. A recent example was the exploit on Abstract Chain, where an app permission led to the draining of multiple wallets.
Cryptopolitan Academy: Tired of market swings? Learn how DeFi can help you build steady passive income. Register Now
Recommended Articles
