
Sui's Dilemma: Decentralization or Security?
TechFlow Selected TechFlow Selected

Sui's Dilemma: Decentralization or Security?
Cryptocurrency was supposed to be free from centralized control.
Author: Token Dispatch, Thejaswini M A, Nameet Potnis, Prathik Desai
Compiled by: Block unicorn

Prelude
Cryptocurrency was supposed to be free from centralized control—the kind of money no one could freeze or control.
Last week, Sui's Cetus protocol suffered a $223 million attack. The team urgently froze $162 million in funds, but sparked intense debate: if a blockchain can pause your assets, is crypto truly unstoppable as claimed?
Here’s how the latest “decentralization” farce unfolded:
-
How fake tokens wiped out $223 million in ten minutes
-
The controversial fund freeze: saved users, but ignited outrage
-
Why this team’s second major hack feels eerily familiar
-
Sui’s $10 million security overhaul—and why it might not be enough
Ten Minutes of Collapse
May 22 started like any ordinary day for Sui—until things changed. Then everything went sideways.
Cetus Protocol, Sui’s largest decentralized exchange with over $200 million in daily trading volume, lost $223 million within minutes. The speed of the attack was staggering.
The disaster struck instantly:
-
Major meme coins on the SUI chain—LOFI, HIPPO, and SQUIRT—plunged more than 75% within an hour.
-
$CETUS, Cetus Protocol’s native token, dropped 53% over the past four days.

Source: TradingView
The attack method? Simple, yet deadly.
Hackers deployed fake tokens on Cetus (essentially Monopoly money in digital form) and exploited a vulnerability in Cetus’ smart contracts, tricking the protocol into believing these worthless tokens held real value.
In short, “Imagine going to a toy exchange, bringing some fake toys that look valuable but are actually worthless, swapping them for real ones, then running off,” explained Manan Vora, head of crypto custody firm Liminal.
Centralized Freeze
This is where the story gets controversial.
Within hours, Sui’s 114 validator nodes—the entities running the network—collectively decided to freeze the hacker’s address. No vote. No governance proposal. Just like any centralized authority making a governance decision. See the irony?
The result? $162 million recovered. At what cost? Enraging every decentralization purist.
Justin Bons of European crypto fund Cyber Capital led the opposition.

Source: Twitter user - Justin_Bons
Data reveals a harsh truth:
-
Sui validator nodes: 114
-
Ethereum validator nodes: over 1 million
-
Solana validator nodes: 1,153
When 114 entities can coordinate a fund freeze—even for good reasons—it raises uneasy questions about what “decentralized” really means.
Deja Vu Defense
This isn’t the first time Cetus has pulled this stunt—and that’s not a compliment.
The same team previously operated Solana’s Crema Finance, which was hacked for $9 million in July 2022. Their response? Offer the hacker $1.6 million to return the funds. The hacker accepted, but reportedly ended up in jail (details match, though never officially confirmed).
Now, facing a hack 25 times larger, Cetus is repeating the playbook with a time-limited settlement offer:
-
Offer: Return $217 million, keep $6 million
-
Terms: No prosecution, no further questions
-
Deadline: 48 hours, otherwise “legal action will follow”
But the crypto community isn’t buying it. One user summed it up: “Same team, same vulnerabilities, different blockchain. How many chances do they get?”
Crisis Control Mode
After the dust settled, the data paints a grim picture:
-
Total Value Locked (TVL): down from $2.1 billion to $1.7 billion (20% drop)
-
SUI token: down ~15%
-
Trading volume: complete collapse across all Sui DEXs
-
User confidence: Twitter comments are merciless

Source: DefiLlama
Sui responded in two parts.
First, they pledged $10 million for a comprehensive security overhaul:
-
Enhanced smart contract audits
-
Increased bug bounty programs
-
Introduction of formal verification tools
-
Developer security training
-
Open-source security libraries
Second, they announced a shift from “platform responsibility” to “shared responsibility.” In other words: we can’t do everything—developers must take ownership too.
Noble? Yes. Sufficient? The market has already answered.
On Monday, the CETUS token rebounded 10%, shifting from total collapse to merely battered. But the technical challenges run deeper than price.
This attack exposed fundamental flaws:
-
Liquidity shortage: extreme volatility became inevitable
-
Oracle vulnerability: the trigger behind it all
-
Cross-chain risk: once funds moved to Ethereum, the game was over
Cetus has patched the immediate vulnerability, but restoring trust isn’t as simple as fixing code.
So what’s next?
Our Take
This hack isn’t just about stolen funds—it’s an identity crisis for crypto.
The decentralization paradox: Sui’s validators coordinated to save $162 million, proving system effectiveness. Yet it also proved that 114 entities can effectively control a network meant to be decentralized. This isn’t the censorship-resistant freedom Satoshi or any decentralization advocate dreamed of. It’s more like a neighborhood watch armed with nukes. Effective? Yes. Decentralized? That’s becoming a relative term.
Capability concerns: when the same team suffers two major hacks via similar methods, it’s no longer bad luck—it’s a pattern. The crypto industry has been forgiving of technical failures, but Cetus is testing those limits. Their $6 million bounty might recover funds, but not reputation. At some point, “we’ll do better next time” stops being acceptable.
Maturity test: Sui’s $10 million security upgrade and “shared responsibility” model show growth potential. But this is reactive, not proactive. The key question is whether blockchain networks can mature fast enough to handle institutional capital. With TVL declining and trust shaken, Sui isn’t just fighting technical bugs—they’re fighting for their place in an increasingly competitive L1 landscape.
This hack revealed an uncomfortable truth: perfect decentralization may be incompatible with user protection. Sui chose protection. Ethereum ultimately chose purity. Bitcoin never had to choose.
Sui now faces a critical decision: whether to conduct an on-chain vote to return frozen funds. If this sounds familiar, it’s because Ethereum faced the same choice after the 2016 DAO hack. Their fork decision still divides the community today.
In the meantime, the hacker still controls over $60 million on Ethereum. Cetus’ bounty deadline is approaching. Will they take the $6 million and walk away—or gamble everything?
The industry is watching Sui’s next move. For now, the “code is law” extremists are losing to the pragmatists who say, “users want their money back.”
Join TechFlow official community to stay tuned
Telegram:https://t.me/TechFlowDaily
X (Twitter):https://x.com/TechFlowPost
X (Twitter) EN:https://x.com/BlockFlow_News














