In a startling turn of events, the digital wallet of Suji Yan, the founder of Mask Network, has been completely emptied. The hackers made off with an estimated $4 million, snatching the funds from a mobile wallet and swiftly converting them into Ethereum (ETH).

Details emerged revealing that all the stolen funds were indeed swapped to Ethereum (ETH). Adding another layer to the heist, these funds were then fragmented and distributed across six newly created wallets – a classic tactic possibly intended to obscure the trail through mixing or prepare for further transactions and potential cashing out.

Confirming the breach, Yan himself acknowledged that one of his mobile wallets was compromised. He suspects a manual attack, possibly occurring when he briefly left his phone unattended. Intriguingly, the pilfered assets were specifically taken from his wallets labeled ‘Sujiyan.eth’ and ‘kmt.eth,’ with the attacker selectively targeting the largest holdings, primarily on the Ethereum network. Crypto-sleuths note that the fact that smaller balances and tokens on other networks remained untouched suggests a manual operation with limited timeframe access, rather than a sweeping compromise. Interestingly, Yan hasn’t pointed to any suspicious apps or other common attack vectors that could have allowed for a complete drain of all his cryptocurrency holdings.

I turned 29 yrs old today, 6 hours ago. Around 3 hours ago – one of my public wallet I carried on my phone was hacked and 4m$+ assets was stolen. All the stolen tx seems manual and span 11+ mins.

So either the private key was leaked same day as my birthday and hacker manual tsf…

— Suji Yan – Mask is BUIDLing (@suji_yan) February 27, 2025

Looking at the specifics, the largest chunk of the stolen funds consisted of a hefty sum of 113 ETH, along with 156 weETH, and a substantial 953 WETH. Cumulatively, these digital assets, alongside 48.4K MASK tokens (Yan’s own project’s token), add up to the estimated $4 million loss, with the MASK tokens alone accounting for over $100,000 of the total.

Adding another layer of intrigue, blockchain analysis revealed the attacker had set up a fresh wallet address just six days prior to the heist. This wallet remained dormant until February 27th, when it was suddenly activated to drain Yan’s funds. Despite Yan using a multi-chain wallet to store his digital treasure, the perpetrator meticulously selected only Ethereum-based assets. Notably, holdings on other blockchains like Base and BNBChain, as well as smaller token amounts, were deliberately left untouched.

The pattern of swapping assets into ETH and then dispersing them across multiple wallets immediately raised eyebrows within the crypto security community. This particular strategy has been previously linked to the notorious Lazarus Group, raising speculation about their possible involvement. Renowned on-chain investigator ZachXBT has reportedly stepped in to delve into the case. While the investigation unfolds, the majority of the fragmented funds remain unrecovered. Undeterred, Yan has proactively engaged on-chain investigators, taking steps to blacklist the implicated addresses and explore avenues for recovering the stolen assets. It appears the final destinations for the stolen funds are spread across a total of seven different addresses.

Suji Yan warned of social engineering attacks against Web3 projects

Ironically, Suji Yan, a vocal advocate for Web3 adoption, had been actively emphasizing security within the space. In a chilling premonition, just days before falling victim himself, Yan issued a stark warning about the rising threat of sophisticated social engineering attacks targeting Web3 infrastructure. Adding a unique

Source: cryptopolitan.com