Close Menu
    Home / About / Advertise / Contact
    Crypto

    Cetus DEX Hack Exposes Sui Network Security Issues and Decentralization Concerns

    Sui Network's Cetus DEX lost $260 million to hackers, with validators freezing $162 million while sparking decentralization debates.
    Trader EdgeBy No Comments4 Mins Read

    TLDR

    • Cetus DEX on Sui Network lost $260 million in a hack caused by a bug in a third-party math library, not the Sui blockchain itself
    • Sui validators froze $162 million of stolen funds by blocking hacker addresses, while $63 million was moved to Ethereum
    • The Cetus development team previously worked on Crema Finance, which suffered a similar $9 million hack on Solana in 2022
    • Cetus offered hackers a $6 million bounty to return remaining funds, using the same strategy that worked for Crema
    • The validator freeze action sparked debate about Sui’s decentralization, with critics pointing to only 114 validators versus Ethereum’s 1 million

    The Sui Network suffered its largest security breach when Cetus DEX lost $260 million to hackers on May 22. The incident has raised questions about both network security and the true level of decentralization on the blockchain platform.

    According to Sui’s post-mortem report, the hack resulted from a bug in a third-party math library used by Cetus, not from weaknesses in the Sui blockchain or Move programming language. Despite this technical distinction, the impact on users remained severe as millions in funds were compromised.

    Source: SuiVision

    The Cetus team responded by offering hackers a $6 million bounty to return the stolen funds in exchange for immunity from legal action. This approach mirrors a strategy the same development team used successfully in 2022 when their previous project, Crema Finance on Solana, suffered a $9 million hack.

    Previous Experience with Similar Strategy

    Industry sources confirm that Cetus shares the same development team as Crema Finance, with both projects founded by Henry Du. When Crema was hacked in 2022, the team negotiated with attackers, offering them $1.6 million to return the remaining funds while promising not to pursue legal action.

    The Crema strategy ultimately succeeded when the hacker was caught and sentenced to three years in prison by a US court in April 2024. Shakeeb Ahmed was convicted for hacking two cryptocurrency exchanges, with one case matching the exact details of the Crema incident.

    Sui validators took immediate action by freezing $162 million of the stolen funds through coordinated blocking of hacker addresses. However, $63 million had already been moved to Ethereum before these controls were implemented. The frozen funds remain locked while recovery efforts continue.

    Decentralization Debate Emerges

    The validator freeze action sparked criticism about Sui’s decentralization. Justin Bons from Cyber Capital argued that having only 114 validators makes Sui centralized, especially compared to Ethereum’s over 1 million validators or Solana’s 1,157 validators.

    Community members defended the freeze action, arguing that decentralization should enable coordinated responses to protect users rather than allowing criminal activity to proceed unchecked. They contended that blocking clearly malicious transactions demonstrates proper network governance.

    Sui developers initially committed code for a function that would allow specific transactions to bypass security checks through whitelisting. While this could have aided fund recovery, concerns about centralized control led to the code being abandoned without implementation.

    The hack caused immediate market damage, with CETUS token dropping 35% following the incident. SUI token also declined, currently trading at $3.49 with a 3.07% decrease over 24 hours. Trust in both projects has been shaken among investors and users.

    cetus price
    Cetus Protocol (CETUS) Price

    In response to the security breach, Sui announced a $10 million investment in enhanced security measures. The funds will support additional audits, expanded bug bounty programs, and formal verification processes to prevent similar incidents.

    The team acknowledged that major blockchains inevitably face security challenges as they mature. They emphasized that no programming language or design can completely eliminate human error in code development, making ongoing security improvements essential.

    As of the latest reports, the hackers have not accepted Cetus’ $6 million bounty offer. Two Ethereum wallets connected to the exploit still hold over $60 million in ETH with no recent transaction activity, while the Sui addresses remain frozen by validator action.

    Stay Ahead of the Market with Benzinga Pro!

    Want to trade like a pro? Benzinga Pro gives you the edge you need in today's fast-paced markets. Get real-time news, exclusive insights, and powerful tools trusted by professional traders:
    • Breaking market-moving stories before they hit mainstream media
    • Live audio squawk for hands-free market updates
    • Advanced stock scanner to spot promising trades
    • Expert trade ideas and on-demand support
    Don't let opportunities slip away. Start your free trial of Benzinga Pro today and take your trading to the next level!

    Visit Benzinga Pro

    Share.

    📈 Futures & Crypto Trader 🔍 Sharing charts, strategies, & mindset tips to help you level up 🚨 Not Financial Advice Follow on X @Pro_Trader_Edge

    Related Posts

    Add A Comment

    Comments are closed.

    No KYC. Max RTP. Instant Withdrawals. Earn $CASINO Points!