A governance vote now underway on the Sui network could forcibly strip an attacker's wallet of $160 million — and reopen one of the oldest arguments in blockchain: when is it acceptable to override the chain?
The cascade started Thursday, May 22. Cetus Protocol, the largest decentralized exchange aggregator on Sui, lost roughly $220 million to an attacker who exploited a flaw in the protocol's smart contracts. Security firm Cyfrin, which published a root-cause analysis, pinned the vulnerability to a broken integer check in Cetus's CLMM math library — a checked_shlw function that, when given a large enough value, returned zero instead of an overflow error. That silent failure let the attacker open a liquidity position for a negligible deposit, claim vastly inflated reserves on withdrawal, and repeat the sequence across pools until the protocol was drained.
The method was straightforward in concept. The attacker submitted near-worthless tokens that Cetus's price logic treated as valuable, skewed pool prices, and withdrew real reserves. "Imagine going to a toy exchange, you bring fake toys that look valuable but are actually worthless, then you trade them for real toys and run," Liminal custody director Manan Vora wrote on LinkedIn in reaction. "That's basically what just happened on Sui."
The impact landed across the ecosystem within minutes. USDC on Sui depegged to zero. Lofi fell 76% and Hippo fell 81%, per DLNews's reporting sourced to on-chain price data. Total value locked across the Sui DeFi ecosystem dropped more than $330 million in a single day, according to DeFiLlama data cited by DLNews. The attacker moved fast: roughly $60 million was bridged to Ethereum and swapped for USDC before Sui validators could respond. The remainder — $160 million — stayed on-chain long enough to freeze.
Validators acted by ignoring transactions originating from the attacker's addresses, effectively blacklisting the wallet at the network consensus layer. The Sui Foundation confirmed the move on X, posting that "a large number of validators identified the addresses with the stolen funds and are ignoring transactions on those addresses until further notice."
Freezing, however, is not recovery. The $160 million is still in the attacker's wallet — it just can't move. To get it back, the network needs a governance vote to authorize a protocol upgrade that would override the attacker's control of their own addresses and transfer the funds to a multi-signature wallet held jointly by Cetus, the Sui Foundation, and blockchain security firm OtterSec.
That vote is now running. Data from the Sui governance portal at sui.scan.space/vote shows roughly 52% support as of May 23. The formal vote window closes June 3, but participants can trigger an early close if a supermajority signals by May 29. Based on current trends, DLNews reports the proposal is expected to pass.
If it does, the recovered funds will be supplemented by Cetus's treasury and a loan from the Sui Foundation to make affected users whole, per statements posted by both parties on X.
The proposal is not without critics. The objection is structural: a blockchain whose validators can vote to override a wallet's contents on request is not, in any meaningful sense, a permissionless system. "It sets a bad precedent," wrote one prominent voice on X cited by DLNews, "and network participants will be forced to act similarly in future instances, even if the losses were due to poor security of the affected protocols." The counterargument from supporters is that the attacker's gains rest on a math bug that never should have credited them anything — the chain is not being rewritten so much as corrected.
The debate echoes the 2016 Ethereum DAO fork, when the Ethereum community split over whether to roll back a $60 million hack, ultimately producing Ethereum and Ethereum Classic as two separate networks. Sui's situation differs in one important respect: the stolen funds are frozen on-chain rather than already distributed, which means the network can act without needing to reverse transactions that touched innocent parties. Whether that distinction is enough to settle the philosophical argument is unlikely to be resolved by this vote alone.
What the vote will settle, if it passes, is more immediate: whether Sui's validator set is willing to use its collective power to recover user funds when a protocol failure creates a clear winner and a clear victim. The answer, at least for now, appears to be yes.
Sources: DLNews — exploit breakdown; DLNews — governance vote; Cyfrin root-cause analysis; Cetus Protocol on X; Sui Foundation on X; The Defiant; Sui governance vote