$160M in stolen funds puts Sui’s decentralization to the test

Response to the DEX exploit reveals tensions between credible neutrality and crimefighting

article-image

VERSUSstudio/Shutterstock and Adobe modified by Blockworks

share

This is a segment from the 0xResearch newsletter. To read full editions, subscribe.


Sui’s largest decentralized exchange, Cetus, was exploited on May 22 for over $220 million — the most severe DeFi incident in the network’s short history. It raised difficult questions about validator power, decentralization and reactive governance.

The attacker exploited faulty math in Cetus’ smart contracts by using spoofed tokens and miscalculated liquidity ratios. By injecting near-zero value assets into pools and then withdrawing large amounts of real tokens like SUI and USDC, the exploiter drained about $223 million before the protocol was paused. As Mysten Labs co-founder Adeniyi Abiodun clarified in an X space, “it’s not a bug in Sui consensus, it’s not a bug in Move,” thus isolating the issue to Cetus’ application logic.

But the response drew nearly as much attention as the attack itself. In coordination with the Sui Foundation, validators quickly updated a configuration file in the code powering the network, tailored to reject transactions from the attacker’s wallet. This off-chain coordination didn’t require a vote or protocol-level upgrade, but has resulted in $160 million in stolen assets being frozen.

A brief GitHub pull request from Mysten Labs proposed going a step further: adding an “allow list” feature to execute a pre-chosen “recovery” transaction that would bypass signature checks. The PR was withdrawn within hours after community backlash, and validators have so far limited their action to censorship, not confiscation.

“Sui is a decentralized network, so neither Mysten Labs nor Sui Foundation has the ability to block addresses or transactions, ‘control’ validators, or otherwise dictate the behavior of independent actors on Sui,” a Sui Foundation rep told Blockworks.

Still, the episode has reopened a fundamental debate about decentralization: Should a blockchain’s validators ever freeze or seize funds, even in cases of clear theft?

Critics argue that such ad hoc measures threaten Sui’s credibility as a decentralized base layer. “Taking a heavily opinionated stance to censor due to a third-party app exploit is a slippery slope,” warned Blockworks Advisory’s David Rodriguez. Others pointed out the danger of setting a precedent that could be abused in future incidents — or compelled by regulators.

Without onchain checks or governance processes, any validator coordination hinges entirely on informal consensus and the economic gravity of Sui Foundation signals. After all, validators require a 30 million SUI bond, so strong suggestions from on high might well be the same as “a $114m gun pointing at their heads.”

Move is not a silver bullet

The incident also exposed broader risk beyond Cetus. According to security firm Verichains, three other major Sui protocols — Kriya, FlowX and Turbo Finance — were previously vulnerable to the same math flaw exploited from the latest attack. While Kriya and FlowX patched their contracts, Verichains warned that Turbo Finance still contains the vulnerable code, albeit not actively in use.

“Dead code is not safe code,” Verichains mused.

Verichains’ findings reinforce the idea that while Move-based smart contracts and VM offer stronger technical primitives, in practice, security still depends on shared libraries, developer diligence and tooling maturity.

Looking ahead, several developers and researchers have called for a formal, transparent policy on validator powers and emergency responses.

Aave governance lead Marc Zeller expressed the view that the centralized powers on display would make DeFi protocols wary, writing “[you] can be sure Aave will never deploy on Sui.”

Sui may have preserved some value this time (the hacker still exfiltrated some $60 million), but its long-term reputation will depend on whether it can set clear limits — and build credible neutrality — into the system itself.


Get the news in your inbox. Explore Blockworks newsletters:

Tags

Decoding crypto and the markets. Daily, with Byron Gilliam.

Upcoming Events

Old Billingsgate

Mon - Wed, October 13 - 15, 2025

Blockworks’ Digital Asset Summit (DAS) will feature conversations between the builders, allocators, and legislators who will shape the trajectory of the digital asset ecosystem in the US and abroad.

Industry City | Brooklyn, NY

TUES - THURS, JUNE 24 - 26, 2025

Permissionless IV serves as the definitive gathering for crypto’s technical founders, developers, and builders to come together and create the future.If you’re ready to shape the future of crypto, Permissionless IV is where it happens.

Brooklyn, NY

SUN - MON, JUN. 22 - 23, 2025

Blockworks and Cracked Labs are teaming up for the third installment of the Permissionless Hackathon, happening June 22–23, 2025 in Brooklyn, NY. This is a 36-hour IRL builder sprint where developers, designers, and creatives ship real projects solving real problems across […]

recent research

Research Report Templates (10).png

Research

Kamino has evolved into a full-stack asset scaling suite with V2: unlocking new markets, improving capital efficiency, and catering to various risk profiles. We believe it is best positioned to become the credit backbone of Solana as the ecosystem matures. Simply put, KMNO remains our highest-conviction bet in the Solana ecosystem. This report lays out our thesis.

article-image

EigenCloud wants to make crypto-economic guarantees a plug-and-play primitive

article-image

In a new letter, Gemini alleges that the CFTC’s DOE had ulterior motives for 2022 suit

article-image

Sponsored

Neitec’s Debita platform is closing the credit gap by unlocking high-yield private debt in markets that need it most

article-image

From bank porters to stablecoins, the history of money is a story of acceleration

article-image

The Byreal DEX will use both centralized and decentralized liquidity sources to route trades

article-image

Last week’s solana ETF amendments points to “some sort of push from the SEC to get things organized,” a person familiar tells Blockworks.