$260M Cetus Hack: Sui Freezing Funds Sparks Decentralization Concerns

In a major blow to the Sui ecosystem, Cetus Protocol—a leading decentralized exchange (DEX) on Sui blockchain—suffered a massive $260 million hack on May 22, exposing major vulnerabilities in the platform as well as its fix igniting a fierce debate about decentralization in the crypto industry. 

In the largest ever hack of this year so far, the hacker targeted an oracle bug in Cetus smart contract and drained over $260 million from liquidity pools. 

Cetus swiftly paused its smart contracts to prevent further losses, and Sui validators took unprecedented action by freezing and recovering $160 million of the stolen funds on-chain. The remaining $60 million was reportedly bridged to Ethereum, with $53 million already laundered through a wallet ending in “AF16.” 

While the rapid response was praised for recovering a significant portion of the funds—73% of the total stolen—Cetus has offered a $6 million bounty to the hacker for the return of the remaining $56 million. 

Sui Validators Freeze Hacker Funds

The Sui Foundation, alongside Cetus and other DeFi protocols, collaborated with validators to execute the freeze, a move that has sparked significant controversy over decentralization in the space. 

Critics argue that the ability to freeze funds on-chain undermines Sui’s claims of being a decentralized blockchain network. Some experts highlight concerns that Sui’s validators, by selectively ignoring addresses holding stolen funds, demonstrate centralized control, contradicting the ethos of blockchain decentralization. 

Some users pointed out that while this intervention protected users in this instance, it raises questions about the network’s ability to freeze funds at will, potentially threatening user sovereignty.

The founder and CIO of Cyber Capital, Justin Bones, notes that such a move makes Sui a centralized network, while claiming that its founders own the majority of supply and “there are only 114 validators.” 

Although not the whole DeFi industry is against Sui, as the Matte0, an anonymous ambassador of SuiLend defends Sui validators by calling the move reasonable. “This is what real world decentralization looks like. Not just powerless, but responsive and aligned with the community,” they said. “If enough independent validators choose to ignore transactions from a known malicious wallet, that wallet effectively can’t transact.”

“Decentralization isn’t about standing by while people get hurt, It’s about the power to act together, without needing permission,” Matteo adds. 

The Aftermath of the Sui-Cetus Attack 

The hack has also drawn comparisons to broader decentralization debates, with some X users asserting that only Bitcoin and Ethereum truly embody decentralized principles. The incident has also fueled skepticism about Sui’s marketing as a decentralized platform, with critics warn that such interventions could set a precedent for future overreach.

In reaction to the hack, Cetus and Sui developers patched the exploit within hours, and started their efforts to recover the remaining funds. The crypto community remains divided on the matter, with some praising the swift action and others questioning the long-term implications for trust and decentralization. 

As investigations unfold, the Cetus hack serves as a stark reminder of the security challenges facing DeFi and the delicate balance between user protection and blockchain ideals.

Also Read: Crypto Trader James Wynn Now Targets $122K Bitcoin Price