Mask Network Founder Confirms $4M Exploit

As the crypto industry reels from a series of high-profile breaches, Mask Network founder Suji Yan has become the latest victim.

Yan confirmed a $4 million loss from his public wallet, with the stolen assets converted to Ethereum and dispersed across multiple addresses.

The attack, which appears to have been manually executed over 11 minutes, raises concerns of a possible private key leak.

Yan noted that the transactions occurred during a brief absence on his birthday, suggesting direct access by the attacker.

To uncover the breach’s origins, Yan has enlisted blockchain security firms SlowMist and ZachXBT while also cooperating with law enforcement.

He refrained from speculating on the exact cause, stating that further details will emerge following a thorough investigation.

However, he hinted that unlike previous exploits involving malicious code—such as the recent Bybit hack—his case likely involves an offline security lapse or a breach of trust.

In a bold statement, Yan challenged the perpetrator to confront him in person, emphasizing the need for accountability in the crypto space.

Citing the Chinese philosopher Mencius, he underscored resilience in adversity, stressing that the industry cannot operate in a lawless “dark forest”:

“I hope if this is the offline case – you should confront me directly. Crypto is not a dark forest and I will not let it be.”

Investigation and Recovery Ongoing

Blockchain analytics firms Cyvers Alerts and ZachXBT have traced the stolen funds, identifying them as a mix of ETH, WETH, MASK, and USDT.

The assets were consolidated into a new wallet, where their value quickly grew to approximately 1,690 ETH before being dispersed across six addresses.

Cyvers flagged additional wallets linked to the breach, revealing they collectively received around $4 million in crypto, primarily in Ether-based tokens.

The stolen assets include 113 ETH ($265,000), 923 WETH, 301 ezETH, 156 weETH, 90 pufETH, 48,400 MASK, 50,000 USDT, and 15 swETH.

Following the breach, the funds were swiftly converted to ETH and funnelled through six different wallets, one of which ends in “df7.”

Meir Dolev, co-founder of Cyvers, explained:

“Our system has identified a suspicious $4 million transfer linked to an address associated with Suji Ya, founder of Mask Network. The stolen assets were swiftly converted to ETH and dispersed across multiple addresses, indicating a well-coordinated laundering attempt. This incident underscores the increasing sophistication of threat actors in the Web3 space and highlights the urgent need for real-time transaction monitoring, preemptive prevention, and rapid incident response.”

As investigations continue, further details are expected to emerge.

This attack follows a wave of recent high-profile breaches, including the $1.4 billion Bybit hack on 21 February and the Pump.fun social media exploit on 26 February, highlighting the persistent security risks plaguing the crypto space.