SUI Dilemma: Decentralised vs Safety?
Hello dispatchers!
Crypto was supposed to be untouchable from centralisation — money that no one could freeze or control.
After a $223 million hack hit Sui’s Cetus Protocol last week, the team hit the brakes on $162 million of funds, sparking a fierce debate: If blockchains can pause your money, is crypto really as unstoppable as it claims to be?
Here's what went down in crypto's latest "decentralised" drama:
How 10 minutes and some fake tokens vaporised $223 million
The controversial fund freeze that saved users but sparked outrage
Why this team's second major hack feels like déjà vu
Sui's $10 million security overhaul (and why it might not be enough)
Secure your Bitcoin with Hardware Wallets
Trezor has transformed crypto security from a complex puzzle to a user-friendly playground, so you can be the boss of your financial future.
Securely store, manage, and protect your coins with Trezor hardware wallets, app & backup solutions.
The 10-Minute Meltdown
The morning of May 22 seemed like just another day at work for Sui. Until it didn’t. What followed was absolute chaos.
Cetus Protocol, Sui's biggest decentralised exchange with over $200 million in daily volume, got drained of $223 million in minutes. The attack was brutally efficient.
The carnage was immediate.
Top memecoins on SUI chain including LOFI, HIPPO and SQUIRT crashed more than 75% each in just an hour.
$CETUS, the protocol's native token, dropped 53% in the past four days.
The attack method? Elegantly simple.
Hackers deployed fake tokens to Cetus, essentially digital Monopoly money, and through a vulnerability in Cetus's smart contracts, they convinced the protocol these worthless tokens had real value.
In simpler terms, “Imagine going to a toy exchange, you bring fake toys that look valuable but are actually worthless, then you trade them for real toys and run,” explained Manan Vora, director at Liminal, a crypto custody company.
Got questions about a hot crypto topic that you want help understanding? Ask your question using the form and our crypto experts may answer it along with your name in the next Thursday’s News Rollups.
The Centralised Freeze
This is where the story got controversial.
Within hours, Sui's validators — the 114 nodes that run the network — collectively decided to freeze the hacker's addresses. No vote. No governance proposal. Just a decision like any other centralised body taking a governance call. See the irony?
The result? $162 million saved. At what cost? It enraged all the advocates of decentralisation.
Justin Bons from Cyber Capital, a European cryptocurrency fund, led the charge against the move.
The numbers tell a stark story.
Sui validators: 114
Ethereum validators: Over 1 million
Solana validators: 1,153
When 114 entities can coordinate to freeze funds, even for good reasons, it raises uncomfortable questions about what "decentralised" really means.
The Déjà Vu Defence
This isn't Cetus's first such stunt — and that's not a compliment.
The same team was behind Crema Finance, a Solana DEX that lost $9 million to hackers in July 2022. Their response then? Offer the hacker $1.6 million to return the funds. The hacker took the deal but still ended up in prison (allegedly — the case details match but were never officially confirmed).
Now, facing a hack 25 times larger, the Cetus team is running the same playbook with a time-sensitive settlement offer.
The offer: Return $217 million, keep $6 million
The terms: No prosecution, no questions asked
The deadline: 48 hours before "legal actions commence"
The crypto community isn't impressed. One user summed it up: "Same team, same vulnerabilities, different chain. How many chances do they get?"
Get 17% discount on our annual plans and access our weekly premium features (Mempool, Game On, News Rollups, HashedIn, Wormhole and Rabbit hole) and subscribers only posts. Also, show us some love on Twitter and Telegram.
Damage Control Mode
As the dust settled, the numbers painted a grim picture.
TVL plunge: From $2.1 billion to $1.7 billion (20%)
SUI token: Down ~15%
Trading volume: Collapsed across all Sui DEXs
User confidence: Let's just say Twitter wasn't kind
Sui's response came in two parts.
First, they committed $10 million to a comprehensive security overhaul.
Enhanced smart contract audits
Bigger bug bounties
Formal verification tools
Developer security training
Open-source security libraries
Second, they announced a shift from "platform responsibility" to "shared accountability." Translation: We can't catch everything, so developers need to step up too.
Noble? Yes. Sufficient? Markets have responded.
Monday brought a 10% bounce for the CETUS token, from utterly destroyed to merely devastated. The technical challenges run deeper than price, though.
The exploit exposed fundamental issues.
Thin liquidity: Made massive price swings inevitable
Oracle vulnerability: The "bug" that started it all
Cross-chain risks: Once funds hit Ethereum, game over
Cetus has patched the immediate vulnerability, but confidence doesn't patch as easily as code.
What next?
Token Dispatch View 🔍
This hack is more than about stolen funds; it's about crypto's identity crisis.
The Decentralisation Paradox: Sui's validators saved $162 million through coordinated action, proving the system works. Yet, they also proved that 114 entities can effectively control the network of an ecosystem whose one of the tenets was supposed to be decentralisation. This isn't the censorship-resistant dream Satoshi or any decentralisation advocate envisioned. It's more like a neighbourhood watch with nuclear weapons. Effective? Yes. Decentralised? That's becoming a relative term.
The Competence Question: When the same team suffers two major hacks with similar attack vectors, it's no longer bad luck; it's a pattern. The crypto industry has been remarkably forgiving of technical failures, but Cetus is testing those limits. Their $6 million bounty might recover funds, but it won't recover reputation. At some point, "we'll do better next time" stops being acceptable.
The Maturity Test: Sui's $10 million security commitment and "shared accountability" model show growth. But it's reactive, not proactive. What’s important is to see if blockchain networks mature fast enough to handle institutional money. With TVL down and trust shaken, Sui is no longer fighting just technical bugs; they're fighting for relevance in an increasingly competitive L1 landscape.
Read: Can Sui & Aptos Live Upto Their Hype? 🔋
The uncomfortable truth this hack exposed? Perfect decentralisation might be incompatible with user protection. Sui chose protection. Ethereum chose purity (eventually). Bitcoin never had to choose.
Sui faces a critical decision: hold an on-chain vote to return the frozen funds. If this sounds familiar, it should. Ethereum faced the same choice after the DAO hack in 2016. Their decision to fork the chain still divides the community today.
Meanwhile, the hacker still controls $60+ million on Ethereum. The clock is ticking on Cetus's bounty offer. Will they take the $6 million and run, or risk it all?
As the industry watches Sui's next moves, right now, the "code is law" maximalists are losing to the "users want their money back" pragmatists.
Token Dispatch is a daily crypto newsletter handpicked and crafted with love by human bots. You can find all about us here 🙌
If you want to reach out to 200,000+ subscriber community of the Token Dispatch, you can explore the partnership opportunities with us.
Fill out this form to submit your details and book a meeting with us directly.
Disclaimer: This newsletter contains sponsored content and affiliate links. All sponsored content is clearly marked. Opinions expressed by sponsors or in sponsored content are their own and do not necessarily reflect the views of this newsletter or its authors. We may receive compensation from featured products/services. Content is for informational purposes only, not financial advice. Trading crypto involves substantial risk - your capital is at risk. Do your own research.