Cetus has suffered losses exceeding the protocol's own TVL and total market capitalization in this incident, while Sui has transformed from a "public chain" into a "centralized permissioned database."
Author: 0xFacai, Rhythm BlockBeats
On the afternoon of May 22, the token CETUS of the leading DEX liquidity protocol Cetus Protocol on the Sui chain suddenly plummeted, with prices nearly "crashing," and multiple token trading pairs on Cetus also experienced sharp declines. Subsequently, many KOLs posted on X indicating that the LP pool of the Cetus protocol had been attacked by hackers.
On-chain monitoring shows that the Cetus attacker seems to have controlled all LP pools priced in SUI, with the amount stolen exceeding $260 million as of the time of writing. Currently, the hacker has begun converting funds to USDC and cross-chain transferring to the Ethereum mainnet to exchange for ETH, with approximately $60 million in USDC already completed in cross-chain transfers.
The hacker's on-chain address is: 0xe28b50cef1d633ea43d3296a3f6b67ff0312a5f1a99f0af753c85b8b5de8ff06. The main assets in this address are still primarily SUI and USDT, but mainstream tokens in the Sui ecosystem such as CETUS, WAL, and DEEP are also included, indicating the extensive scope of this hacker attack.
On the evening of the 22nd, a member of the Cetus team stated in the project's Discord chat that the Cetus protocol had not been hacked, but rather there was a "oracle bug." However, on-chain data does not lie; according to statistics, the losses in the Cetus protocol's LP pool exceeded $260 million within one hour of the theft incident, surpassing the protocol's TVL ($240 million) and market capitalization ($180 million).
On the morning of the 23rd, Cetus officially released the latest developments regarding the theft incident on social media, stating that the team had identified the root cause of the vulnerability and fixed the related software packages, and had hired a professional anti-cybercrime organization to assist with fund tracking and negotiations regarding the return of funds. They are currently in discussions with law enforcement and are arranging further assistance.
Notably, the official stated that they had confirmed the Ethereum wallet address controlled by the hacker from the attack earlier today and had negotiated with them regarding the return of customer funds. They proposed to pay the outstanding balance in the name of white hat hackers, but time is limited. If the hacker accepts the terms, no further legal action will be taken.
Community opinion points to the team's "theft history"
Interestingly, as Cetus triggered a crash in the SUI ecosystem, many community members also pointed out on Twitter that Cetus was developed by the same team behind the previous Solana ecosystem DeFi protocol Crema Finance, which had also experienced a theft incident.
On July 3, 2022, Crema Finance was similarly attacked by hackers using a Solend flash loan, draining the LP fund pool with losses exceeding $8 million. Subsequently, on July 7, the hacker returned $7.6 million worth of stolen cryptocurrency after negotiating with the team. According to the negotiation agreement, the hacker was allowed to keep 45,455 SOL ($1.65 million) as a bounty.
Looking back at the Cetus theft incident, the protocol also suffered losses because the attacker controlled the LP pool, and the team proposed to negotiate with the hacker by offering to pay the outstanding balance in the name of white hat hackers. Currently, there is no public information proving that Crema and Cetus are indeed developed by the same team, but it appears that both the reasons for the theft and the subsequent handling methods are indeed consistent.
Sui officials freeze hacker transactions, "on-chain review" behavior raises centralization concerns
According to DeFiLlama data, Cetus has previously been the leading DEX and liquidity hub in the Sui ecosystem, accounting for over 60% of the trading volume in the entire ecosystem. This "liquidation-style" attack has undoubtedly directly undermined the liquidity center of the ecosystem, which would be a devastating blow for any "second-tier public chain."
Since March of last year, trading volume on the Sui ecosystem chain has been on an overall upward trend, with the prices of mainstream ecosystem tokens such as CETUS, DEEP, and WAL also soaring, widely regarded by the community as the public chain with the highest potential for returns in this cycle and "the next Solana."
However, interestingly, according to Dune data, there has been a significant amount of wash trading on the Sui chain, with the ecosystem's liquidity toxicity remaining close to 50% for a long time, which is also part of the reason the community has responded that the Sui ecosystem "has nothing, yet the price keeps rising."
Caption: The radius of the circles in the image below shows the total trading volume of a single address, and it can be seen that the wallet with the highest trading volume also has a high trading frequency, indicating possible wash trading; data source: Dune Analytics
Nevertheless, Sui's "strong market maker" persona has been established in the minds of traders for a long time. In the past month, during the resurgence of altcoins, Sui has also been one of the best-performing mainstream public chains. In response to this major ecosystem theft, the foundation did not disappoint, quickly providing a response that further reinforced its "strong market maker" persona.
On the evening of the 22nd, around 11 PM, Sui officials announced that to "protect the Sui ecosystem," a large number of Sui network validators had identified the hacker's address using the stolen funds and ignored transactions from these addresses. The CETUS team is also actively exploring ways to recover these funds and return them to the community, and will soon release an incident report.
Upon hearing this news, the community erupted, with "public chain transaction review" becoming the biggest point of contention. Many X users believe that Sui's response undermines its decentralized positioning, transforming Sui from a "public chain" into a "centralized permissioned database."
According to Sui's official documentation, transactions on the Sui network are divided into two categories: those involving "exclusive objects" or those involving "shared objects." Only transactions involving shared objects must enter full network consensus, while pure exclusive object transactions can take the "direct fast path" and be executed without global ordering. As long as more than 2/3 of the total staked validators in the network are honest, the network can theoretically ensure both security (no double spending) and liveness (valid transactions will eventually be executed).
Under Sui's delegated PoS + BFT design, to achieve continuous, indiscriminate transaction review, it would require joint control of more than 1/3 of the staked voting power; review by a single or few nodes can only cause temporary delays and is easily perceived as malicious behavior, leading to stakers "voting offline" in the next epoch, which is also emphasized in the official documentation as "anti-censorship and openness." Clearly, the Sui Foundation controlled at least 1/3 of the staked voting power in this hacker incident.
Comparison of transaction review scenarios in Sui's consensus mechanism
The controversy over "centralized public chains" began in the last cycle with Solana, and some community members have pointed out that "anti-censorship attributes" are not what current crypto investors care about the most. In a world still focused on returns and core objectives, perhaps "pump" is justice.
免责声明:本文章仅代表作者个人观点,不代表本平台的立场和观点。本文章仅供信息分享,不构成对任何人的任何投资建议。用户与作者之间的任何争议,与本平台无关。如网页中刊载的文章或图片涉及侵权,请提供相关的权利证明和身份证明发送邮件到support@aicoin.com,本平台相关工作人员将会进行核查。
