Sui is preparing to directly confiscate the funds from the hacker's address, but this has sparked a large discussion about 'decentralization.'
Written by: Alex Liu, Foresight News
The largest decentralized AMM exchange on the Sui ecosystem, Cetus, was attacked yesterday due to a code issue with numeric precision, resulting in the theft of over $200 million in fabricated liquidity.
Two hours after the theft, Cetus announced: 'As of now, it has been confirmed that an attacker has stolen approximately $223 million from the Cetus protocol. The team has taken action to lock the contract to prevent further thefts, and $162 million of the stolen funds have been frozen. We are currently collaborating with the Sui Foundation and other ecosystem members to formulate the next steps to retrieve the remaining stolen funds. Most of the affected funds have been suspended from use, and we are actively seeking ways to recover the remaining funds. A complete incident report will be published later.'
It is important to note that the term used here is 'frozen' rather than 'retrieved.' This means whether this money can be returned to compensate affected users is still unknown. The Sui official has provided a more detailed explanation of the process.
Aside from the funds that the hacker transferred to Ethereum's main net and exchanged for over 20,000 ETH (approximately $60 million), most of the stolen funds remain in the hacker's Sui chain address. The 'freezing' of that portion of assets essentially means that Sui's validators have collectively 'censored' the related address — everyone agreed to ignore it.
Objectively speaking, this violates the principle of 'censorship resistance' in the decentralized world and constitutes a centralized operation, which has already sparked significant controversy within the community.
So how can this money be retrieved after it has been 'frozen'? Sui co-founder mentioned that the recovered funds would be returned to the Cetus liquidity pool, based on the premise that this money can be retrieved.
Simply put: 'freezing' means making the hacker's signatures on the Sui chain invalid, so transactions cannot be recorded on the chain, and the funds are stuck in the address; 'retrieving' requires transferring the assets from the hacker's address without needing the hacker's signature. Is this possible?
In fact, Chaofan, an engineer from Solayer, discovered that the Sui team has already requested every validator on Sui to deploy a piece of repair code so they can 'retrieve' the money without the attacker signing. This is clearly centralized and has sparked greater debate within the community — assets can be transferred from the address without a signature.
However, this is clearly an unfortunate exception, indicating that Sui's decentralization has an emergency 'switch' in place. The reason Sui can do this is due to having just over 100 validators, and most of the validators are institutions with good relationships with the Sui Foundation, making it easier to coordinate. (Sui validators need to hold or attract over ten million SUI tokens in stake, which is typically only feasible for institutions.)
The author supports this approach. Cetus is the largest decentralized AMM exchange on Sui, with the liquidity pool comprising the savings and living funds of countless individuals. Additionally, many of the main liquidity pools for Sui project tokens are deployed on Cetus, and the withdrawal of liquidity represents an unbearable loss for these ecological projects. It can be said that retrieving this money is a necessary protection for the previously flourishing but still immature Sui DeFi ecosystem.
If clinging to the doctrine of 'decentralization' means willing to let everything be destroyed, it seems akin to the fundamentalism of those who chose to stick with ETC (Ethereum Classic) after the Ethereum The DAO hard fork. The author resonates with the following viewpoint: decentralization is the goal, not the starting point. At this stage, if I pursue extreme decentralization, I would choose to use Ethereum. And now I am glad that Sui can help the affected users recover funds in Cetus.
The founder of Bucket Protocol on Sui reflects on the incident
