Mask Network Founder Suji Yan’s Personal Wallet Hacked for $4 Million

Last updated:

Author

Hongji Feng

Author

Hongji Feng

About Author

Hongji is a crypto and tech reporter. He graduated from Northwestern University’s Medill School of Journalism with a Bachelor’s and a Master’s. He has previously interned at HTX (Huobi Global),…

Last updated:

Why Trust Cryptonews

Cryptonews has covered the cryptocurrency industry topics since 2017, aiming to provide informative insights to our readers. Our journalists and analysts have extensive experience in market analysis and blockchain technologies. We strive to maintain high editorial standards, focusing on factual accuracy and balanced reporting across all areas – from cryptocurrencies and blockchain projects to industry events, products, and technological developments. Our ongoing presence in the industry reflects our commitment to delivering relevant information in the evolving world of digital assets. Read more about Cryptonews

hack

Key Takeaways:

  • Suji Yan’s crypto wallet was compromised, with stolen assets later transferred and converted into approximately 1,700 ETH.
  • The theft occurred while Yan attended a private gathering on his 29th birthday, raising alerts about offline attacks and unauthorized access to personal devices.
  • Blockchain security firms and law enforcement are investigating the breach to determine how the attack was carried out.
  • The incident exposes the risks of managing private keys on mobile devices and the vulnerabilities in self-custody security practices.
  • As crypto thefts increase, the need for stronger asset protection measures and alternative security models continues to grow.

Suji Yan, founder of Mask Network, reported the theft of over $4 million in cryptocurrency from his personal wallet on February 27, the same day as his 29th birthday.

In a social media post, he stated that the funds were personal and unrelated to his company or investment projects.

Yan Seeks Investigation as Stolen Funds Are Moved

Yan revealed that the theft occurred while he attended a private gathering with close friends.

His phone was briefly unattended during the event, raising concerns about a possible offline attack.

The transactions, carried out manually over an 11-minute period, suggest that the attacker had direct access to his private key.

Yan has contacted blockchain security firms and independent investigators to trace the stolen funds and determine how the breach occurred.

He is also cooperating with authorities and awaiting expert analysis before providing further updates.

Yan called on the perpetrator to confront him directly if the attack was conducted offline.

He stated that the crypto industry should not operate as a “dark forest” and expressed his determination to hold those responsible accountable.

“Thus, when Heaven is about to confer a great office on any man, it first exercises his mind with suffering, and his sinews and bones with toil. It exposes his body to hunger, and subjects him to extreme poverty,” Yan responded to the hack, quoting Mencius.

“It confounds his undertakings. By all these methods it stimulates his mind, hardens his nature, and supplies his incompetencies,” posted Yan.

According to lmk.fun, the assets have been transferred to a new address and swapped for about 1,700 ETH.

Evolving Threats Challenge Self-Custody Practices

The incident stresses the risks associated with storing digital assets on mobile devices, particularly in social settings.

While the exact attack method remains unclear, the case exposes security vulnerabilities in private key management and self-custody.

As crypto thefts become more frequent, concerns over asset security continue to grow.

Self-custody offers financial independence but comes with significant risks, especially when private keys are stored on easily accessible devices.

With attacks becoming more sophisticated, users must balance accessibility with stronger security measures.

Beyond technical vulnerabilities, social risks such as physical access to devices, insider threats, and targeted attacks are often overlooked.

As billions in assets remain in self-custody, the industry may increasingly explore alternative security models to address evolving threats.

Frequently Asked Questions (FAQs):

What security risks are unique to storing crypto on mobile devices?

Mobile wallets provide convenience but also expose users to risks like malware, phishing attacks, and physical theft. Unlike hardware wallets, mobile wallets keep private keys on internet-connected devices, making them more vulnerable to unauthorized access, especially in social settings where a phone could be briefly unattended.

How do offline attacks on crypto wallets typically happen?

Offline attacks occur when someone gains physical access to a user’s device, extracts private keys, or installs malware. This can happen through direct tampering, spyware, or social engineering. In cases where a phone is left unattended, even briefly, attackers may exploit vulnerabilities to compromise stored crypto assets.

Can stolen crypto be recovered once it has been moved?

Recovery is difficult, as transactions on blockchain networks are irreversible. However, tracking services and law enforcement can monitor stolen funds if they move through centralized exchanges. If the attacker attempts to cash out through regulated platforms, authorities may intervene.

What steps can be taken to prevent unauthorized access to crypto wallets?

Using hardware wallets, keeping private keys offline, enabling multi-signature security, and avoiding storage on mobile devices are key precautions. Users should also avoid reusing passwords, implement strong authentication, and remain cautious about storing wallets on easily accessible devices like smartphones.

You May Also Like