Sui Chain DEX Cetus Protocol Hacked, Sui Team Freezes Part of Assets, Demands Full Asset Repayment Commitment from Cetus, Sparking Community Debate on Repaying Assets and Decentralization
(Background: The Cetus hacking incident has a “reward of $5 million”; on-chain detective ZachXBT stated: the reward is too low, which expert would want to take it?)
(Context: Following the $220 million hack of Cetus: a $6 million bounty is offered for negotiations with the hacker, while Sui ecosystem meme coins suffer significant damage)
Incident Overview
Two days ago, the Sui chain DEX Cetus Protocol was attacked by hackers. Although the Sui team urgently froze the majority of the stolen assets, the question of how to safely and transparently return these assets to users has become a point of contention regarding decentralization.
Details of the Attack
On May 22, Cetus Protocol suffered a hacking incident, with estimated losses ranging from $220 million to $260 million. The attack stemmed from a mathematical flaw in the smart contract, which allowed hackers to manipulate liquidity ratios using counterfeit tokens. In response, Cetus quickly collaborated with Sui developers and validators, successfully freezing approximately $160 million of the stolen assets on the Sui chain.
Asset Repayment Plan
To return the frozen funds, Cetus Protocol proposed a community voting plan aimed at safely repaying assets through a protocol upgrade, avoiding on-chain record rollbacks or transaction reversals. The Sui officials expressed conditional support for this proposal, with the following statement:
- Each validator has a configuration file that allows it to ignore transactions from specific addresses.
- Whether to add addresses to this file is entirely at the discretion of each validator, and this setting can be revoked at any time.
- If more than one-third of the staked-weight validators choose to ignore transactions from the two addresses suspected of being related to the attack, this effectively freezes those funds.
- The ability for validators to ignore transactions from specific addresses is not unique to Sui—validators on any blockchain can choose to do so, whether due to their risk tolerance or legal compliance.
Cetus initiated a community vote proposing a protocol upgrade to return the frozen funds, without rolling back on-chain history or reversing transactions that have already occurred. The Sui officials will remain neutral regarding the voting results and will forgo their official voting rights. Cetus must publicly commit to utilizing all financial resources to recover the assets until all users are fully compensated. The Sui team views this as an emergency measure in a special situation to ensure the safety of Cetus users’ assets. Currently, Sui co-founders have confirmed that they will assist in repaying the $160 million of frozen funds to Cetus Protocol to restore liquidity and stabilize the SUI DeFi market.
On Wednesday, the Sui validator community acted quickly to freeze $162M of the stolen funds. Here’s how that happened:
- Each validator has a configuration file that allows it to ignore transactions from a specific address.
- Adding addresses to this file is at the discretion…https://t.co/pVLTItN0MH
— Sui (@SuiNetwork) May 23, 2025
Debate on Decentralization Continues
The rapid push for Cetus to conduct a vote reflects the Sui officials’ urgency in handling the crisis, but the issue of blacklisting validators has again sparked discussions within the community regarding the blockchain’s “principle of decentralization.” The swift asset freezing by Sui validators and the potential introduction of a “whitelist” mechanism for specific transactions have drawn criticism from some decentralization purists, who argue that this represents an intrusion of centralized power.
However, there are also voices in the community who believe that recovering assets is a pragmatic approach, as the hacking incident has already exerted short-term pressure on the prices of both Cetus Token and SUI tokens, impacting market confidence in the Sui DeFi ecosystem. Saving funds is akin to firefighting; it cannot be delayed.
