$SUI Validators Freeze $162M in Stolen Funds — Here's What Happened
On Wednesday, the Sui validator community acted swiftly to freeze approximately $162 million in stolen assets following an attack. Here's a breakdown of how it unfolded:
Validators have the power to configure their nodes to block transactions from specific addresses.
This setting is entirely up to each validator and can be changed at any time.
In this case, over one-third of validators by stake chose to block transactions from two addresses linked to the exploit — effectively freezing the associated funds.
While this capability isn’t exclusive to Sui, any validator on any chain can do this for reasons like risk management or regulatory compliance.
The Sui validators acted quickly, freezing the funds before the attacker could bridge them to another network. Not all funds were stopped, but a significant portion — worth ~$162M at the time — was held back.
The purpose of freezing is to temporarily halt the attack, giving victims a chance to negotiate or recover funds. That goal was met, though the attacker has not responded to Cetus’s outreach.
In response, Cetus has proposed a community vote for a protocol upgrade that would return the frozen funds without rolling back the chain or reversing transactions. Given the extraordinary circumstances and the impact on users, this proposal has garnered support under two key conditions:
1. Neutral facilitation: We will abstain from voting and remain neutral. Our role is to ensure the process is fair and reflects the Sui community's will. Details and code for the vote will be shared soon.
2. Cetus’s commitment: Cetus must publicly pledge to use all available resources to fully reimburse affected users until every customer is made whole.
This is an exceptional response to an exceptional crisis — one focused on protecting users and upholding trust in the ecosystem.
