Last week, one of the largest decentralized exchanges on the Sui blockchain suffered a hack worth around $220 million. Shortly after, the foundation coordinated the freezing of $160 million through the network's validators. This action raises doubts about the decentralization of the Sui blockchain.
On May 22, the decentralized exchange (DEX) Cetus was hacked. The attack, which is believed to have been caused by a vulnerability in the smart contract code, resulted in approximately $223 million in user funds being siphoned off. $63 million was sent by the attacker to the Ethereum blockchain, while the remaining $160 million was frozen by validators under the coordination of the Sui Foundation. A network vote among validators will decide today whether to return the funds to users.
Subscribe to our newsletter
The best articles of the week, directly delivered into your mailbox.
Decentralization: A Fine Line
The maneuver essentially involves "hacking the hacker," which, according to some critics, undermines the trusted nature of blockchain networks as it requires reliance on centralized decisions. Currently, 83.6% of staked SUI have voted for reimbursement, as indicated on the voting page. 0.3% voted "no" and 1.5% abstained. 14.5% - mostly owned by centralized exchanges like Coinbase and OKX - have not voted so far. The voting is expected to end this evening.
The governance page currently shows 114 validators. These will now decide what happens to the $160 million. Previously, a "large number of validators" identified the hacker's address and are ignoring transactions for the time being, according to a statement from the Sui Foundation. For critics, this is fodder for their arguments. The coordination of some validators by the foundation undermines the decentralization of a blockchain and amounts to censorship. The blocking of transactions creates a troubling precedent for future interventions. Theoretically, a state actor could ask the Sui Foundation to censor someone, and through the coordinated control over the validators, the foundation could comply with that request.
The "DAO Hack" of the Sui Blockchain?
Proponents consider the Sui Foundation’s actions necessary to secure assets after the hack. They see the freeze as a rare protective measure, not as censorship. The validators remain decentralized, with the foundation focusing on preserving the network's integrity in emergencies. Some self-proclaimed members of the Sui community also drew comparisons to the Ethereum "DAO Hack" of 2016.
The DAO hack in June 2016 targeted a decentralized venture capital fund built on Ethereum, exploiting a vulnerability in its smart contract. Hackers stole 3.6 million ETH (then worth $79 million), prompting the Ethereum community to carry out a hard fork to reverse the theft and return the funds to investors. This measure sparked an intense debate about blockchain immutability and led to the split-off of the "Ethereum Classic" blockchain.
The key difference between the DAO hack and the recent Cetus incident is that the DAO hard fork was a community decision and not coordinated by a foundation. Ethereum, less than a year after its launch as the first smart contract platform, was still in its infancy, and the 3.6 million ETH made up almost 5% of the entire Ether supply. Even nine years later, however, the decision remains a sensitive point in Ethereum's history.
