Cetus Protocol’s announcement on X that “an attacker has stolen approximately $223M” from its liquidity crypto pools set off the loudest governance controversy in Sui’s short history. The team wrote that it had “took immediate action to lock our contract preventing further theft of funds,” adding a reassurance that “$162M of the compromised funds have been successfully paused. … We are working with the Sui Foundation and other ecosystem members right now on next-step solutions” and promising “a full incident report.”
Amogh Gupta from the SUI Foundation countered that the move was a legitimate exercise of distributed governance. “Just because validators reach consensus about something, doesn’t mean they’re ‘colluding’. […] Validators on other chains can (and have) done the same. Your holy grail of decentralization, Ethereum, did something similar in 2023 when it blocked OFAC-sanctioned transactions,” he wrote, later adding, “The point is that this capability is not specific to Sui. The OFAC censorship was a grey area […] but a hack is clear as day bad, so there is no contention about it being good or bad.”
For now, the numbers favor the freeze: Cetus says “$162M of the compromised funds have been successfully paused,” while the attacker retains control of roughly $61 million routed to Ethereum. Whether the validator intervention will evolve into a standing protocol feature or remain a one-off response is the governance dilemma that Sui must settle in public view.
At press time, SUI traded at $3.61.
