Preface
This incident is a victory for capital, not users, and it is a setback for the development of the industry.
Bitcoin goes left, Sui goes right, and every move that shakes the decentralization of the industry brings stronger belief in Bitcoin.
What the world needs is not just a better global financial infrastructure, but there will always be a group of people who need space for freedom.
Once upon a time, alliance chains were more popular than public chains because they met the regulatory needs of that era. The decline of alliances today actually means simply complying with this demand, not the needs of real users. If the regulated users are lost, then what about the need for regulatory tools?
1. Background
On May 22, 2025, Cetus, the largest decentralized exchange (DEX) in the Sui public chain ecosystem, was attacked by hackers. Liquidity dropped sharply in an instant, prices of multiple trading pairs collapsed, and losses exceeded US$220 million.
As of press time, the timeline is as follows:
On the morning of May 22, hackers attacked Cetus and stole $230 million. Cetus urgently suspended the contract and issued an announcement
On the afternoon of May 22, the hacker transferred about 60 million US dollars across the chain, and the remaining 162 million US dollars were still in the Sui chain address. The Sui verification node quickly took action to add the hacker address to the Deny List and freeze the funds.
On the evening of May 22, Sui CPO @emanabio tweeted to confirm: Funds have been frozen and return will begin soon
On May 23, Cetus began fixing vulnerabilities and updating contracts
On May 24, Sui open sourced PR, explaining that funds will be recovered through aliasing and whitelist.
On May 26, Sui initiated an on-chain governance vote, proposing whether to implement a protocol upgrade and transfer hacker assets to a custodial address.
On May 29, the voting results were announced, with more than 2/3 of the verification nodes supporting the protocol; the protocol upgrade is ready to be implemented
From May 30th to early June, the protocol upgrade took effect, the designated transaction hash was executed, and the hackers assets were legally transferred
2. Attack Principle
There are many articles on the event principle in the industry, and here we only give an overview of the core principles:
From the attack process point of view:
The attacker first used a flash loan to borrow about 10,024,321.28 haSUI, instantly dropping the price of the trading pool by
99.90%. This huge sell order caused the target pool price to drop from about 1.8956 × 10 ^ 19 to 1.8425 × 10 ^ 19, almost clearing the bottom.
The attacker then created a liquidity position on Cetus with an extremely narrow range (the lower limit of the tick is 300000, the upper limit is 300200, and the width of the range is only 1.00496621%). Such a narrow range amplifies the impact of subsequent calculation errors on the number of tokens required.
The core principle of the attack:
The problem is that there is an integer overflow vulnerability in the get_delta_a function used by Cetus to calculate the number of tokens required. The attacker deliberately stated that a huge amount of liquidity (about 10^37 units) would be added, but only 1 token was actually put into the contract.
Due to an error in the overflow detection condition of checked_shlw, the contract truncates the high position during the left shift calculation, causing the system to seriously underestimate the amount of haSUI required, thereby exchanging a huge amount of liquidity for a very small cost.
From a technical point of view, the above vulnerability stems from the fact that Cetus used incorrect masks and judgment conditions in the Move smart contract, resulting in any value less than 0xffffffffffffffff << 192 being able to bypass detection; and after shifting left by 64 bits, the high-order data is truncated, and the system believes that it has obtained huge liquidity by collecting only a few tokens.
After the incident, two official actions were taken: freeze vs. recovery, which consists of two stages :
The freezing phase is completed by Deny List + node consensus;
The recovery phase requires on-chain protocol upgrade + community voting + designated transaction execution to bypass the blacklist.
3. Sui’s freezing mechanism
Sui Chain itself has a special Deny List mechanism, which enables the freezing of hacker funds. Not only that, Sui’s token standard also has a “ regulated token ” mode with a built-in freezing function.
This emergency freeze took advantage of this feature: the validator node quickly added the addresses related to the stolen funds in the local configuration file. In theory, each node operator can modify TransactionDenyConfig to update the blacklist, but in order to ensure network consistency, the Sui Foundation, as the initial configuration publisher, conducted centralized coordination.
The foundation first officially released a configuration update containing the hackers address, and the validator took effect synchronously according to the default configuration, so that the hackers funds were temporarily sealed on the chain. There is actually a highly centralized factor behind this.
In order to rescue the victims from frozen funds, Sui team immediately launched a whitelist mechanism patch.
This is for the subsequent transfer back of funds. Legal transactions can be constructed in advance and registered in the whitelist, and can be enforced even if the fund address is still on the blacklist.
The new feature transaction_allow_list_skip_all_checks allows specific transactions to be pre-added to the exempt list, allowing these transactions to skip all security checks, including signatures, permissions, blacklists, etc.
It should be noted that the whitelist patch cannot directly steal the hackers assets ; it only gives certain transactions the ability to bypass freezing, and the actual asset transfer still requires a legal signature or additional system permission module to complete.
In fact, the mainstream freezing schemes in the industry often occur at the token contract level and are controlled by multiple signatures of the issuer.
Take USDT issued by Tether as an example. Its contract has a built-in blacklist function, and the issuing company can freeze the illegal address, making it impossible to transfer USDT. This solution requires multiple signatures to initiate a freezing request on the chain, and it is only actually executed after multiple signatures reach a consensus, so there is an execution delay.
Although Tether’s freezing mechanism is effective, statistics show that there are often “window periods” in the multi-signature process, leaving opportunities for criminals to take advantage.
In contrast, Suis freeze occurs at the underlying protocol level and is collectively operated by validator nodes, executing much faster than ordinary contract calls.
In this model, in order to execute quickly enough, it means that the management of these validator nodes themselves is highly unified.
4. Sui’s “transfer-style recycling” implementation principle
What’s even more surprising is that Sui not only froze the hacker’s assets, but also planned to “transfer and recover” the stolen funds through on-chain upgrades.
On May 27, Cetus proposed a community voting plan to upgrade the protocol and send the frozen funds to a multi-signature escrow wallet. The Sui Foundation then initiated an on-chain governance vote.
On May 29, the voting results were announced, and about 90.9% of the validators supported the proposal. Sui officially announced that once the proposal is passed, all funds frozen in the two hacker accounts will be recovered into a multi-signature wallet without the hackers signature.
No hacker signature is required, what a unique feature, there has never been such a repair method in the blockchain industry.
From Suis official GitHub PR, we know that the protocol has introduced an address aliasing mechanism. The upgrade includes: pre-specifying alias rules in ProtocolConfig, so that some allowed transactions can treat legitimate signatures as being sent from hacker accounts.
Specifically, the rescue transaction hash list to be executed is bound to the target address (i.e., the hacker address), and any executor who signs and publishes these fixed transaction summaries is deemed to have initiated the transaction as a valid hacker address owner. For these specific transactions, the validator node system bypasses the Deny List check.
From the code level, Sui added the following judgment to the transaction verification logic: when a transaction is blocked by the blacklist, the system traverses its signers and checks whether protocol_config.is_tx_allowed_via_aliasing(sender, signer, tx_digest) is true.
As long as there is a signer that satisfies the alias rule, that is, the transaction is marked as allowed to pass, the previous interception error will be ignored and normal packaging and execution will continue.
5. Viewpoint
160 million, tearing apart the industrys deepest underlying beliefs
Regarding the Cetus incident, from my personal point of view, this storm may pass quickly, but this model will not be forgotten because it subverted the foundation of the industry and broke the traditional consensus that blockchain cannot be tampered with under the same set of ledgers.
In blockchain design, the contract is the law and the code is the referee.
But in this incident, the code failed, governance intervened, and power was overridden, forming a pattern of voting behavior determining the results of the code.
This is because Suis approach of directly misappropriating transactions is very different from the mainstream blockchains approach to dealing with hacker issues.
This is not the first time that consensus has been tampered with, but it is the most silent one
Historically:
Ethereum used a hard fork to roll back transfers to compensate for losses during The DAO incident in 2016, but this decision led to the split of the Ethereum and Ethereum Classic chains. The process was controversial, but in the end different groups formed different consensus beliefs.
The Bitcoin community has also experienced similar technical challenges: the value overflow vulnerability in 2010 was urgently repaired by developers and the consensus rules were upgraded, completely erasing approximately 18.4 billion illegally generated bitcoins.
This is the same hard fork model, rolling back the ledger to before the problem, and then users can still decide for themselves which ledger system to continue using.
Compared with the DAO hard fork, Sui did not choose to split the chain, but targeted this incident precisely by upgrading the protocol and configuring aliases . In doing so, Sui maintained the continuity of the chain and most of the consensus rules unchanged, but also showed that the underlying protocol can be used to implement targeted rescue operations.
The problem is that historical “fork-style rollbacks” are users’ choice of belief; Sui’s “protocol-style amendments” are chains making decisions for you.
Not Your Key, Not Your Coin? Not Anymore, Im afraid.
In the long run, this means that the concept of “ Not your keys, not your coins ” is broken on the Sui chain: even if the user’s private keys are intact, the network can still block the flow of assets and redirect assets through collective agreement changes.
If this becomes a precedent for blockchain to respond to large-scale security incidents in the future, or even is considered a practice that can be followed again.
“When a chain can break the rules for justice, it also has a precedent for breaking any rules.”
Once a public welfare money grab is successful, the next time it may be an operation in the moral gray area.
What happens then?
The hacker did steal the user’s money, so can group voting take his money away?
Is the voting based on who has more money (pos) or who has more people? If the one with more money wins, then the final producer described by Liu Cixin will soon arrive. If the one with more people wins, then the mob will also rise up.
Under the traditional system, it is very normal that illegal income is not protected, and freezing and transfer are routine operations of traditional banks.
But the fact that this cannot be achieved from a technical perspective is the root cause of the development of the blockchain industry.
Now the big stick of industry compliance continues to ferment. Today, it can freeze and modify account balances for hackers, and tomorrow it can make arbitrary modifications for geographical factors and conflict factors. If the chain becomes a regional partial tool.
The value of the industry will be greatly compressed, and at best it will be just another less useful financial system.
This is also the reason why I am determined to stay in the industry: Blockchain is not valuable because it cannot be frozen, but because even if you hate it, it will not change for you.
With regulation being the general trend, can the chain protect its own soul?
Once upon a time, alliance chains were more popular than public chains because they met the regulatory needs of that era. The decline of alliances today actually means simply complying with this demand, not the needs of real users. The regulated users have been lost, so what about the need for regulatory tools ?
From the perspective of industry development
Is efficient centralization a necessary stage in the development of blockchain? If the ultimate goal of decentralization is to protect the interests of users, can we tolerate centralization as a transitional measure?
The word democracy in the context of on-chain governance is actually token weighted . So if a hacker holds a large amount of SUI (or if the DAO is hacked one day and the hacker controls the voting rights), can he also legally vote to cleanse himself ?
Ultimately, the value of a blockchain is not whether it can be frozen, but that even if a group has the ability to freeze it, it chooses not to do so.
The future of a chain is not determined by its technical architecture, but by the set of beliefs it chooses to protect.
