Cryptocurrency should not be under centralized control.
Written by: Token Dispatch, Thejaswini M A, Nameet Potnis, Prathik Desai
Translated by: Block unicorn
Introduction
Cryptocurrency should not be under centralized control—money that no one can freeze or control.
Last week, Sui's Cetus protocol suffered an attack of $223 million, and the team urgently froze $162 million in funds, sparking a heated debate: If a blockchain can pause your funds, can cryptocurrency really be as unstoppable as it claims?
Here’s a rundown of the latest "decentralized" debacle in cryptocurrency:
How a fake token evaporated $223 million in ten minutes
The controversial fund freeze: saved users but enraged the community
Why this team's second major hack feels eerily familiar
Sui's $10 million security overhaul (and why it may not be enough)
The Ten-Minute Collapse
The morning of May 22 seemed like just another ordinary day for Sui until things changed. After that, everything went haywire.
The Cetus protocol, Sui's largest decentralized exchange with a daily trading volume exceeding $200 million, was hacked for $223 million in just a few minutes. The efficiency of the attack was astonishing.
Disaster struck instantly:
Major meme coins on the SUI chain, LOFI, HIPPO, and SQUIRT, plummeted over 75% within an hour.
The native token of the Cetus protocol, $CETUS, dropped 53% over the past four days.
Source: TradingView
Attack Method? Simple yet deadly.
The hacker deployed fake tokens (essentially digital versions of "Monopoly" game money) to Cetus and exploited a vulnerability in the Cetus smart contract, tricking the protocol into believing these worthless tokens had real value.
In short, "Imagine you go to a toy exchange with some seemingly valuable but actually worthless fake toys, then you trade them for real toys and run away," explained Manan Vora, head of cryptocurrency custody firm Liminal.
Centralized Freeze
At this point, the story became quite controversial.
Within hours, Sui's 114 validator nodes—nodes that run the network—collectively decided to freeze the hacker's address. No voting. No governance proposal. Just like any governance decision made by a centralized entity. Do you see the irony?
The result? $162 million was saved. But at what cost? It angered all advocates of decentralization.
Justin Bons from the European cryptocurrency fund Cyber Capital led the opposition to this move.
Source: Twitter user - Justin_Bons
Data reveals a harsh reality:
Sui's validator nodes: 114
Ethereum's validator nodes: over 1 million
Solana's validator nodes: 1153
When 114 entities can coordinate to freeze funds, even for legitimate reasons, it raises unsettling questions about the true meaning of "decentralization."
Familiar Defense
This is not the first time Cetus has played this script—this is not a compliment.
The same team previously operated Solana's Crema Finance, which was hacked for $9 million in July 2022. And how did they respond? By offering the hacker $1.6 million to return the funds. The hacker ultimately accepted the deal but was reportedly imprisoned (the details of the case match but have never been officially confirmed).
Now, facing an attack 25 times larger than before, the Cetus team resorted to the same tactic, proposing a time-limited settlement:
Proposal: Return $217 million, keep $6 million
Terms: No prosecution, no questions asked
Deadline: 48 hours, or "legal action will be taken"
However, the crypto community was not buying it. One user summarized, "Same team, same vulnerabilities, different blockchain. How many chances do they get?"
Crisis Control Mode
Once the dust settled, the data painted a grim picture:
Total Value Locked (TVL): dropped from $2.1 billion to $1.7 billion (a 20% decrease)
SUI token: down about 15%
Trading volume: all Sui decentralized exchanges collapsed
User confidence: comments on Twitter were merciless
Source: DefiLlama
Sui's response was twofold.
First, they promised to invest $10 million in a comprehensive security overhaul:
Strengthening smart contract audits
Enhancing the bug bounty program
Introducing formal verification tools
Developer security training
Developing an open-source security library
Second, they announced a shift from "platform responsibility" to "shared responsibility." Translated, this means: we can't do it all; developers must also take responsibility.
Noble? Yes. Enough? The market has already given its answer.
On Monday, the CETUS token rebounded by 10%, recovering from a complete collapse to merely a severe blow. But the technical challenges run deeper than price issues.
This attack exposed fundamental problems:
Insufficient liquidity: leading to inevitable price volatility
Oracle vulnerabilities: the "culprit" that triggered it all
Cross-chain risks: once funds flow into Ethereum, the game is over
Now that Cetus has patched the immediate vulnerabilities, restoring confidence is not as easy as fixing code.
So what should they do next?
Our Perspective
This hack is not just about stolen funds; it is a crisis of identity for cryptocurrency.
The decentralization paradox: Sui's validator nodes coordinated to save $162 million, proving the system's effectiveness. However, it also demonstrated that 114 entities can effectively control a network that is supposed to be decentralized. This is not the anti-censorship freedom that Satoshi or any decentralization advocate dreamed of. It feels more like a community patrol with nuclear weapons. Effective? Yes. Decentralized? This is becoming a relative concept.
Questioning capability: When the same team faces two major hacks due to similar attack methods, it is no longer bad luck but a pattern. The crypto industry has been very forgiving of technical mistakes, but Cetus is challenging the limits of that tolerance. Their $6 million bounty may recover funds, but it cannot restore their reputation. At some point, the phrase "we'll do better next time" will no longer be accepted.
Maturity test: Sui's commitment to invest $10 million in security overhaul and implement a "shared responsibility" model shows growth potential. But this is reactive, not proactive. The important thing is whether the blockchain network can mature quickly enough to handle institutional funds. With total locked value declining and trust wavering, Sui is no longer just combating technical vulnerabilities; they are also fighting for their position in an increasingly competitive L1 landscape.
This hack exposed a disturbing truth: perfect decentralization may be incompatible with user protection. Sui chose protection. Ethereum ultimately chose purity. And Bitcoin never needed to make a choice.
Sui is facing a critical decision: whether to conduct an on-chain vote to return the frozen funds. If this sounds familiar, it’s because Ethereum faced the same choice after the 2016 DAO hack. Their fork decision still divides the community today.
Meanwhile, the hacker still controls over $60 million in funds on Ethereum. The deadline for Cetus's bounty is approaching. Will they take the $6 million and run, or risk it all?
The industry is watching Sui's next move. Currently, the extremists of "code is law" are losing to the pragmatists of "users want their money back."
免责声明:本文章仅代表作者个人观点,不代表本平台的立场和观点。本文章仅供信息分享,不构成对任何人的任何投资建议。用户与作者之间的任何争议,与本平台无关。如网页中刊载的文章或图片涉及侵权,请提供相关的权利证明和身份证明发送邮件到support@aicoin.com,本平台相关工作人员将会进行核查。
