Sui is preparing to directly confiscate the funds from the hacker's address, but it has also sparked a major discussion on "decentralization."

Written by: Alex Liu, Foresight News

The largest decentralized AMM exchange in the Sui ecosystem, Cetus, was attacked yesterday, resulting in the theft of over $200 million due to a code issue related to numerical precision that allowed the attacker to fabricate liquidity.

Two hours after the theft, Cetus announced: "As of now, it has been confirmed that an attacker has stolen approximately $223 million from the Cetus protocol. The team has taken action to lock the contract to prevent further fund theft and has frozen $162 million of the stolen funds. We are currently working with the Sui Foundation and other ecosystem members to formulate the next steps, aiming to recover the remaining stolen funds. Most of the affected funds have been suspended from use, and we are actively seeking ways to restore the remaining funds. A complete incident report will be published later."

It is important to note that the term used here is "frozen" rather than "recovered." This means that whether these funds can be returned to compensate the affected users is still uncertain. The Sui officials provided a more detailed explanation of the process.

Aside from the funds that the hacker cross-chained to the Ethereum mainnet and exchanged for over 20,000 ETH (approximately $60 million), most of the stolen funds remain in the hacker's Sui chain address. The "freeze" of this portion of assets essentially means that Sui's validators have come together to "censor" the relevant address—everyone has agreed to ignore it.

Objectively speaking, this violates the principle of "censorship resistance" in the decentralized world and is considered a centralized operation, which has sparked significant controversy within the community.

So how will this money be retrieved after being "frozen"? The co-founder of Sui mentioned that the recovered funds would be returned to the Cetus liquidity pool, based on the premise of being able to retrieve this money.

In simpler terms: "Freezing" makes the hacker's signatures on the Sui chain invalid, preventing transactions from being recorded on the chain, and the funds are trapped in the address; therefore, "recovering" requires transferring the assets from the hacker's address without the hacker's signature. Is this possible?

In fact, Chaofan, an engineer from Solayer, discovered that the Sui team has been asking every validator on Sui to deploy a piece of fix code so that they can "recover" the funds without the attacker's signature. This is clearly a centralized action, igniting even greater debate within the community—assets can be transferred from an address without the signature.

However, this is clearly an unavoidable exception, indicating that currently, Sui's decentralization has an "emergency switch." The reason Sui can do this is that there are just over 100 validators, and most of them are institutions with good relationships with the Sui Foundation, making coordination easier. (Sui validators need to have or attract over 10 million SUI tokens in staking, which is typically only within the financial capacity of institutions.)

I support this approach. Cetus is the largest decentralized AMM exchange on Sui, and the liquidity pool contains the savings and survival funds of countless individuals. At the same time, many Sui project tokens have their main liquidity pools deployed on Cetus, and the withdrawal of liquidity would be an unbearable loss for these ecosystem projects. It can be said that retrieving this money is a necessary protection for the previously thriving but still immature Sui DeFi ecosystem.

If one were to insist on adhering to the dogma of "decentralization" to the point of allowing everything to be destroyed, it would seem akin to the fundamentalism of choosing to stick with ETC (Ethereum Classic) after the hard fork of The DAO on Ethereum. I resonate more with the following viewpoint: decentralization is the goal, not the starting point. At this stage, if I were to pursue extreme decentralization, I would choose to use Ethereum. And right now, I am glad that Sui can help users affected in Cetus recover their funds.

Reflections on the incident by the founder of Bucket Protocol on Sui

免责声明：本文章仅代表作者个人观点，不代表本平台的立场和观点。本文章仅供信息分享，不构成对任何人的任何投资建议。用户与作者之间的任何争议，与本平台无关。如网页中刊载的文章或图片涉及侵权，请提供相关的权利证明和身份证明发送邮件到support@aicoin.com，本平台相关工作人员将会进行核查。