Hello dispatchers!

Crypto was supposed to be untouchable from centralisation — money that no one could freeze or control.

After a $223 million hack hit Sui’s Cetus Protocol last week, the team hit the brakes on $162 million of funds, sparking a fierce debate: If blockchains can pause your money, is crypto really as unstoppable as it claims to be?

Here’s what went down in crypto’s latest “decentralised” drama:

• How 10 minutes and some fake tokens vaporised $223 million
• The controversial fund freeze that saved users but sparked outrage
• Why this team’s second major hack feels like déjà vu
• Sui’s $10 million security overhaul (and why it might not be enough)

Secure your Bitcoin with Hardware Wallets

Trezor has transformed crypto security from a complex puzzle to a user-friendly playground, so you can be the boss of your financial future.

Securely store, manage, and protect your coins with Trezor hardware wallets, app & backup solutions.

The 10-Minute Meltdown

The morning of May 22 seemed like just another day at work for Sui. Until it didn’t. What followed was absolute chaos.

Cetus Protocol, Sui’s biggest decentralised exchange with over $200 million in daily volume, got drained of $223 million in minutes. The attack was brutally efficient.

The carnage was immediate.

Top memecoins on SUI chain including LOFI, HIPPO and SQUIRT crashed more than 75% each in just an hour.

$CETUS, the protocol’s native token, dropped 53% in the past four days.

@TradingView

The attack method? Elegantly simple.

Hackers deployed fake tokens to Cetus, essentially digital Monopoly money, and through a vulnerability in Cetus’s smart contracts, they convinced the protocol these worthless tokens had real value.

In simpler terms, “Imagine going to a toy exchange, you bring fake toys that look valuable but are actually worthless, then you trade them for real toys and run,” explained Manan Vora, director at Liminal, a crypto custody company.

The Centralised Freeze

This is where the story got controversial.

Within hours, Sui’s validators — the 114 nodes that run the network — collectively decided to freeze the hacker’s addresses. No vote. No governance proposal. Just a decision like any other centralised body taking a governance call. See the irony?

The result? $162 million saved. At what cost? It enraged all the advocates of decentralisation.

Justin Bons from Cyber Capital, a European cryptocurrency fund, led the charge against the move.

@Justin_Bons

The numbers tell a stark story.

• Sui validators: 114
• Ethereum validators: Over 1 million
• Solana validators: 1,153

When 114 entities can coordinate to freeze funds, even for good reasons, it raises uncomfortable questions about what “decentralised” really means.

The Déjà Vu Defence

This isn’t Cetus’s first such stunt — and that’s not a compliment.

The same team was behind Crema Finance, a Solana DEX that lost $9 million to hackers in July 2022. Their response then? Offer the hacker $1.6 million to return the funds. The hacker took the deal but still ended up in prison (allegedly — the case details match but were never officially confirmed).

Now, facing a hack 25 times larger, the Cetus team is running the same playbook with a time-sensitive settlement offer.

• The offer: Return $217 million, keep $6 million
• The terms: No prosecution, no questions asked
• The deadline: 48 hours before “legal actions commence”

The crypto community isn’t impressed. One user summed it up: “Same team, same vulnerabilities, different chain. How many chances do they get?”

Damage Control Mode

As the dust settled, the numbers painted a grim picture.

• TVL plunge: From $2.1 billion to $1.7 billion (20%)
• SUI token: Down ~15%
• Trading volume: Collapsed across all Sui DEXs
• User confidence: Let’s just say Twitter wasn’t kind

@DefiLlama

Sui’s response came in two parts.

First, they committed $10 million to a comprehensive security overhaul.

• Enhanced smart contract audits
• Bigger bug bounties
• Formal verification tools
• Developer security training
• Open-source security libraries

Second, they announced a shift from “platform responsibility” to “shared accountability.” Translation: We can’t catch everything, so developers need to step up too.

Noble? Yes. Sufficient? Markets have responded.

Monday brought a 10% bounce for the CETUS token, from utterly destroyed to merely devastated. The technical challenges run deeper than price, though.

The exploit exposed fundamental issues.

• Thin liquidity: Made massive price swings inevitable
• Oracle vulnerability: The “bug” that started it all
• Cross-chain risks: Once funds hit Ethereum, game over

Cetus has patched the immediate vulnerability, but confidence doesn’t patch as easily as code.

What next?

Token Dispatch View 🔍

This hack is more than about stolen funds; it’s about crypto’s identity crisis.

The Decentralisation Paradox: Sui’s validators saved $162 million through coordinated action, proving the system works. Yet, they also proved that 114 entities can effectively control the network of an ecosystem whose one of the tenets was supposed to be decentralisation. This isn’t the censorship-resistant dream Satoshi or any decentralisation advocate envisioned. It’s more like a neighbourhood watch with nuclear weapons. Effective? Yes. Decentralised? That’s becoming a relative term.

The Competence Question: When the same team suffers two major hacks with similar attack vectors, it’s no longer bad luck; it’s a pattern. The crypto industry has been remarkably forgiving of technical failures, but Cetus is testing those limits. Their $6 million bounty might recover funds, but it won’t recover reputation. At some point, “we’ll do better next time” stops being acceptable.

The Maturity Test: Sui’s $10 million security commitment and “shared accountability” model show growth. But it’s reactive, not proactive. What’s important is to see if blockchain networks mature fast enough to handle institutional money. With TVL down and trust shaken, Sui is no longer fighting just technical bugs; they’re fighting for relevance in an increasingly competitive L1 landscape.

Read: Can Sui & Aptos Live Upto Their Hype? 🔋

The uncomfortable truth this hack exposed? Perfect decentralisation might be incompatible with user protection. Sui chose protection. Ethereum chose purity (eventually). Bitcoin never had to choose.

Sui faces a critical decision: hold an on-chain vote to return the frozen funds. If this sounds familiar, it should. Ethereum faced the same choice after the DAO hack in 2016. Their decision to fork the chain still divides the community today.

Meanwhile, the hacker still controls $60+ million on Ethereum. The clock is ticking on Cetus’s bounty offer. Will they take the $6 million and run, or risk it all?

As the industry watches Sui’s next moves, right now, the “code is law” maximalists are losing to the “users want their money back” pragmatists.

Disclaimer：

1. This article is reprinted from [TOKEN DISPATCH]. All copyrights belong to the original autho r[Token Dispatch, Thejaswini M A, Nameet Potnis, and Prathik Desai]. If there are objections to this reprint, please contact the Gate Learn team, and they will handle it promptly.
2. Liability Disclaimer: The views and opinions expressed in this article are solely those of the author and do not constitute any investment advice.
3. Translations of the article into other languages are done by the Gate Learn team. Unless mentioned, copying, distributing, or plagiarizing the translated articles is prohibited.