Author | Fourteen君
This article represents the author's personal views and does not represent Wu Blockchain's perspective
Preface
This event is a victory for capital, not for users, and represents a regression for industry development.
Bitcoin goes left, Sui goes right. Every action that shakes decentralization brings a stronger belief in Bitcoin.
The world needs not just a better global financial infrastructure, but always a space of freedom for some people.
Once, alliance chains were more popular than public chains because they satisfied the regulatory needs of that era. Today's decline of alliances actually means that simply complying with such needs is not the real user's demand. If regulated users are lost, what regulatory tools are needed?
I. Event Background
On May 22, 2025, Cetus, the largest decentralized exchange (DEX) in the Sui blockchain ecosystem, was attacked by hackers, causing an instant liquidity reduction and price collapse across multiple trading pairs, with losses exceeding $220 million.
Until the time of publication, the timeline was as follows:
· May 22 morning: Hackers attacked Cetus, extracting $230 million; Cetus immediately suspended the contract and issued an announcement;
· May 22 afternoon: Hackers transferred about $60 million cross-chain, with $162 million still in Sui chain addresses; Sui validator nodes quickly added the hacker's address to the "Deny List", freezing funds;
· May 22 evening: Sui CPO @emanabio confirmed via tweet that funds were frozen and return would begin soon;
· May 23: Cetus began fixing vulnerabilities and updating contracts;
· May 24: Sui open-sourced PR, explaining fund recovery through aliasing mechanism and whitelist;
· May 26: Sui initiated on-chain governance voting to propose protocol upgrade and transfer hacker assets to custody address;
· May 29: Voting results announced, over 2/3 of validator node weights supported; protocol upgrade preparation;
· May 30 - Early June: Protocol upgrade took effect, specified transaction hash executed, hacker assets "legally transferred".
[The translation continues in the same manner for the rest of the text, maintaining the specified translations and technical terminology.]Regarding the Cetus incident, from the author's personal perspective, this wave of controversy may pass quickly, but this model will not be forgotten, as it has subverted the industry's foundation and broken the traditional blockchain consensus of being "immutable" under the same ledger.
In blockchain design, the contract is the law, and the code is the judge.
However, in this event, the "code failed, governance intervened, and power overrode," forming a pattern where voting behavior decides the code's result.
This is because Sui's direct transaction appropriation differs significantly from mainstream blockchain approaches to handling hacker issues.
This is not the first time "consensus has been tampered with," but it is the most silent instance.
Historically:
• In 2016, Ethereum's The DAO event used a hard fork to roll back transfers to compensate for losses, which led to the split between Ethereum and Ethereum Classic, a process that was highly controversial but ultimately resulted in different consensus beliefs among different groups.
• The Bitcoin community also experienced a similar technical challenge: the value overflow vulnerability in 2010 was urgently fixed by developers, who upgraded the consensus rules and completely erased approximately 1.84 billion illegally generated bitcoins.
These were all hard fork models that rolled back the ledger to before the problem, allowing users to decide which ledger system to continue using.
Unlike the DAO hard fork, Sui chose not to split the chain but instead precisely targeted this incident through "protocol upgrade and alias configuration". By doing so, Sui maintained the chain's continuity and most consensus rules, but also demonstrated that the underlying protocol can be used to implement targeted "rescue operations".
The issue is that historical "fork-style rollbacks" were based on user choice of belief, while Sui's "protocol correction" was decided by the chain for you.
Not Your Key, Not Your Coin? Perhaps Not Anymore.
In the long term, this means the idea of "Not your keys, not your coins" is dismantled on the Sui chain: even with complete user private keys, the network can still prevent and redirect asset flow through collective protocol changes.
If this becomes a precedent for blockchain's response to major security events, or even considered a repeatable convention.
"When a chain can break rules for justice, it also has a precedent for breaking any rules."
Once a "public welfare theft" succeeds, the next time might be an operation in a "morally ambiguous zone"
What would happen?
If a hacker truly stole users' money, can group voting steal his money?
Would voting depend on who has more money (PoS) or who has more people? If money wins, the "final producer" in Liu Cixin's works will soon arrive; if the majority wins, then the mob's voice will rise.
In traditional systems, unprotected illegal gains are very normal, and freezing and transferring are routine operations for traditional banks.
Wasn't the inability to technically do this the root of blockchain industry development?
As industry compliance continues to ferment, today it can freeze for hackers and modify account balances, and tomorrow it could make arbitrary modifications for geopolitical or conflicting factors. If the chain becomes a regional partial tool.
Then the industry's value would be significantly compressed, at best just another less usable financial system.
This is also the author's reason for being steadfast in the industry: "Blockchain is not valuable because it cannot be frozen, but because it will not change even if you hate it."
With regulation being an inevitable trend, can the chain preserve its soul?
Once, alliance chains were more popular than public chains because they satisfied that era's regulatory needs. The decline of alliances actually means that simply complying with this need is not real user demand. Those regulated users lost, what regulatory tool would they need?
From an industry development perspective
"Efficient centralization" - is it an inevitable stage of blockchain development? If decentralization's ultimate goal is to protect user interests, can we tolerate centralization as a transitional means?
The word "democracy" in chain governance context is actually "token weighted". So if a hacker holds a large amount of SUI (or one day a DAO is hacked, and the hacker controls voting rights), can they "legally vote to whitewash themselves"?
Ultimately, blockchain's value is not about whether it can freeze, but whether, even with the ability to freeze, it chooses not to do so.
A chain's future is not determined by its technical architecture, but by the belief it chooses to protect.
