Mask Founder Suji Yan Faces $4 Million Loss in Offline Crypto Hack

• Suji Yan loses $4 million in crypto after targeted offline attack.
• Stolen assets converted to Ethereum, spread across multiple wallets.
• Experts warn of rising risks in self-custody and mobile storage.

Suji Yan, the founder of the Mask Web 3 browser extension, has confirmed a significant security breach that resulted in a loss of $4 million. The attack targeted his personal wallet which was accessed while he was attending a private gathering. The stolen assets, including ETH, WETH, USDT, and MASK tokens, were converted to Ethereum and transferred across multiple addresses.

Suji Yan loses $4 million in Offline Attack on Mobile Wallet

Yan stated that the attack occurred during a brief period when his phone was left unattended while he used the restroom. The attacker executed the transactions manually over an 11-minute window, raising suspicions of an offline attack. Although the exact method remains unclear, Yan suspects a private key leak may have contributed to the security breach.

Mask Founder Suji Yan Faces $4 Million Loss in Offline Crypto Hack 3

Once the assets were stolen, they were quickly swapped for approximately 1,700 ETH. Blockchain analysts report that the funds were spread across various addresses, making recovery more complex. Yan has launched an investigation into the theft and is working with blockchain security firms like SlowMist and ZachXBT. Additionally, he is collaborating with law enforcement agencies to track down the perpetrators and recover the stolen funds.

In a statement, Yan clarified that the stolen funds were personal and not linked to his company or other investment projects. He expressed frustration over the breach, calling for the attacker to confront him directly if the attack was offline. Yan emphasized that cryptocurrency should not operate like a “dark forest,” where anonymity prevails without accountability.

Hack Exposes Vulnerabilities in Crypto Storage

The hack highlights the growing risks associated with the storage of cryptocurrencies on mobile devices, especially in social settings. Experts warn that the breach exposes vulnerabilities in private key management and self-custody practices. As crypto thefts continue to rise,experts urge users to adopt stronger security measures and carefully consider the social and physical security risks.

The attack comes just a week after the Bybit hack, which was attributed to malicious code that exploited vulnerabilities in the Safe Wallet. Although both incidents resulted in substantial losses, the nature of the Mask hack suggests a different form of attack, possibly an insider threat or a more personal breach. The attack raises concerns about the security of self-custody practices and the growing risk of insider or offline attacks.

As the investigation continues, the crypto community is left to grapple with the implications of security breaches. The incident underscores the need for more secure and reliable methods for managing digital assets amid the growing number of attacks on self-custody solutions. The industry may soon need to develop alternative security models to address these threats because billions of dollars are held in self-custody.