Cetus Protocol’s announcement on X that “an attacker has stolen approximately $223M” from its liquidity crypto pools set off the loudest governance controversy in Sui’s short history. The team wrote that it had “took immediate action to lock our contract preventing further theft of funds,” adding a reassurance that “$162M of the compromised funds have been successfully paused. … We are working with the Sui Foundation and other ecosystem members right now on next-step solutions” and promising “a full incident report.”
Crypto Community Erupts After SUI Exploit
Those next-step solutions triggered a philosophical firefight. To keep the stolen assets marooned on-chain, a super-majority of validators agreed to ignore outgoing transactions from three hacker-controlled addresses. Cyber Capital founder Justin Bons argued that the very act of blacklisting demonstrates structural centralization: “SUI’s validators are colluding to CENSOR the hacker’s TXs right now! … Does that make SUI centralized? The short answer is YES; what matters more is why?” Citing only 114 validators and founder–heavy staking, he declared: “The ‘founders’ own the majority of supply & there are only 114 validators!”
Amogh Gupta from the SUI Foundation countered that the move was a legitimate exercise of distributed governance. “Just because validators reach consensus about something, doesn’t mean they’re ‘colluding’. […] Validators on other chains can (and have) done the same. Your holy grail of decentralization, Ethereum, did something similar in 2023 when it blocked OFAC-sanctioned transactions,” he wrote, later adding, “The point is that this capability is not specific to Sui. The OFAC censorship was a grey area […] but a hack is clear as day bad, so there is no contention about it being good or bad.”
Bons rejected the analogy. “You are misinformed about the 2023 OFAC regulations: Not a single ETH TX was censored, as collusion was impossible […] That SUI’s distribution of power is so concentrated that this is even possible in the first place is the problem.” He drilled into token economics: “SUI claims to have a capped supply of 10B, with 52% ‘unallocated’ till 2030. The problem is that over 8B SUI is being staked right now! Over 84% of the staked supply is held by founders! […] A single party dominating consensus is the very definition of centralization!”
Gupta replied that validator count is a red herring. “NC [Nakamoto coefficient] is literally the only metric that matters and the number of validators is the most misleading and game-able metric when it comes to measuring decentralisation. I can have 1,000 long-tail validators, but all are useless if one has more than 33 percent stake.” Bons shot back: “Are you really going to defend the fact that the ‘founders’ control over 80% of the stake? 114 validators is way too low, needs to be at least above 1k to avoid this type of censorship.”
The dispute spilled beyond the two crypto protagonists. Fabda.eth(@fabdarice) argued that the freeze “proves, once again, that only one blockchain is fit to secure the world economy … There’s only one Ethereum and the ticker is ETH.” Crypto lawyer Gabriel Shapiro echoed that sentiment: “Remember, every smart-contract chain other than Ethereum is just an enterprise blockchain; SUI hacker moving from SUI into ETH because Ethereum is actually censorship-resistant.” Influencer crypto Sssebi summed up the reputational hit in plainer language: “Looks like SUI shot themselves in the foot … Ignoring transactions and blocking transactions is something that a centralized database can do.”
Voices inside the Sui ecosystem insist the mechanism is an “emergency brake,” not an admission of hierarchical control. Community educator Nefarii.sui, the founder of SuiMoveAfrica explained: “In rare, large-scale exploits like today’s Cetus Protocol incident, Sui validators can come together and reach consensus to deny crypto transactions from specific malicious wallets. This isn’t automatic and isn’t centralized control. Two key things make it decentralized: It only happens in extreme cases and it requires broad validator consensus to take effect.” He concluded: “Sui is decentralized; the network is secure; asset-recovery tools exist—used with caution and consensus.”
For now, the numbers favor the freeze: Cetus says “$162M of the compromised funds have been successfully paused,” while the attacker retains control of roughly $61 million routed to Ethereum. Whether the validator intervention will evolve into a standing protocol feature or remain a one-off response is the governance dilemma that Sui must settle in public view.
At press time, SUI traded at $3.61.
