By bypassing the private key, the stolen money from Cetus was indeed transferred The things I most want to see and the things I least want to see happen at the same time. The most desirable thing to see is that users' asset security can be compensated, and the least desirable thing to see is what the title says. There is almost no discussion in Chinese, so I will write more words to record this chapter that is destined to be recorded in the history of blockchain, because two basic laws of blockchain have been broken Let's sneak in! ⬇️ one ️⃣ What happened? Take care of a friend who just opened the elevator and briefly recount what happened. Sui Ecological DEX Cetus was hacked due to low-level code errors, resulting in a loss of 223 million US dollars. Among them, 60 million US dollars were exchanged for ETH through cross chain bridges, and the remaining 162 million US dollars were frozen by Sui Foundation coordinated verification nodes. Cetus announced a reward of $5 million for hackers to repay, and the foundation announced a loan to Cetus to resolve the difference. At the same time, a vote was initiated to retrieve the frozen hacker funds. Within 48 hours, 103 out of 114 nodes participated in the vote, with 99 votes in favor, 2 votes against, and 2 abstentions. The proposal was passed with a high vote of 90.9%. At present, the funds have been transferred to a multi signature trust wallet jointly managed by Cetus, Sui Foundation, and OtterSec. The next step is to calculate and compensate, and restart all applications. two ️⃣ How was it achieved? Not your keys, not your coins， Private keys are the bottom line lifeline of blockchain assets. How did Sui Foundation bypass private keys? Unlike the hard fork and rollback methods used in history to deal with such issues, the method used this time is an upgrade. The protocol upgrade introduces an "alias" address aliasing mechanism, which pre defines alias rules in the protocol control, allowing certain specific transactions to consider legitimate signatures as hacker account operations. Simply put, it means "forging" a legitimate signature, and the verification node will recognize this signature, bypassing the Deny list check, as if it was sent by a hacker through a private key. Officially creating 'fake' is the most deadly. This is the detailed technical steps for transferring assets, as discussed in the previous article on how to freeze assets. Sui itself has a built-in freezing function for handling special situations such as "regulated tokens". It is worth noting that after freezing hacker assets, Sui Foundation quickly added a whitelist for the pre transfer work in the future. All operations are highly unified, smooth and resolute. three ️⃣ What is the process like The incident occurred suddenly, with a large amount of funds and a large amount of user assets, and I don't know if the stick will hurt me unless it hits me. So the Sui Foundation's handling can only be said to strive for process justice as much as possible, and they can't handle so much else. If there is a technological mindset, then openness and transparency are very important. When Cetus and Sui Foundation made their first announcement, I questioned who gave the confidence that they would definitely recover the money? I'm still too young! It turns out that they were already prepared, and the Sui system has always had this super feature. Announcement, voting, 90.9% of votes passed, 2 votes against came from @ takefish and @ midl_dev respectively, while Coinbase and Okx earn did not participate in the voting. I heard before that the foundation did not participate in the voting, but Mysten 1 and Mysten 2 voted a total of 8.99% in favor. four ️⃣ Subsequent impact After freezing and transferring, the theoretical difference is only 60 million yuan that has been lost. If the foundation takes out another loan, Cetus should be able to fully compensate. Damaged users can rest assured that there is no greater good. This is a quiet and eerie 'consensus modification'. Many people choose to remain silent due to their interests, under the big hat of 'user interests above', believing that all behavior should be rationalized. However, the aftermath of Sui's modification of the agreement may not have been eliminated. Anyway, this is a double-edged sword operation that objectively breaks the consensus that blockchain cannot be tampered with without splitting (the same set of ledgers). It bypasses the basic bottom line of private key protection for assets and intervenes through governance processes to render the code ineffective. At this point, the golden rules of two blockchains are broken here: not your keys, not your coins Having keys doesn't necessarily mean it's your coins code is law Governance power is the true law I have no intention of evaluation, only objective description. In the end, the market will have foot votes, and funds will intelligently choose their direction of flow. This is not a problem with Sui's public chain. In fact, apart from BTC and ETH, which other public chain can jump out and say, 'Can I?'? Many people say that this is a special situation, and extreme situations should be handled extremely. Yes, that's right, but extreme situations also have their drawbacks. When a node is threatened or controlled by a powerful government, when a super fund controls a node, or when a wicked Satan pumpfun emerges in the ecosystem, process justice is no longer effective, and technological feasibility is the terrifying thing. // This is a soft core science popularization article, through which you can have a partial understanding of the following knowledge: The technical principle of Sui's asset transfer Governance process for Sui's asset transfer The blockchain consensus has collapsed (not) Author: Anymose | A Soft Core Science Popularization Writer <End of Full Text>