Sui validator freezes hacker's $160 million. Will L1 decentralization be subverted?

Author: f(gautham), co-founder of Polynomial; Translator: AIMan@Golden Finance

On May 22, 2025, a hacker stole $223 million from Sui.

Then, something unprecedented happened.

Sui validators actually banned him from the Sui blockchain network and froze his funds while he was on the run.

This completely subverted our understanding of "decentralized" blockchains.

Here is the bizarre story.

1. Hacker attack

This hacker attack was very brutal. This guy drained Cetus' liquidity pool like his own home.

$223 million disappeared in a few hours. SUI memecoins plummeted 75%. USDC was decoupled from the chain to zero. All swaps failed. Coin holders couldn’t even stop losses. It was a bloodbath.

But things are starting to get interesting.

2. Hackers transfer funds

The hacker thought he was unstoppable. He bridged the funds to Ethereum and began to convert them into ETH, and has transferred more than 60 million US dollars to Ethereum.

A typical escape route. It should have ended here. But...

3. Sui freezes the hacker's wallet

Sui validators have other plans.

They directly banned the hacker's wallet from entering the Sui L1 network. Transactions of $162 million were frozen. The rest of the stolen funds? In digital prison.

No court consensus required. No lengthy legal process required. Validators simply say “no”.

Wait, can they really do that? This is what blows everyone’s mind.

Yes, Sui validators can collectively reject transactions from specific wallets in extreme cases. This is not automatic and requires broad validator consensus. But it happens, and in real time.

4. The cryptocurrency world is divided

Some people say, "If they can freeze funds, is it really decentralized?"

Some say, "They saved $162 million from being permanently stolen."

Both sides have valid points.

But the important thing is: this completely changes the assumptions about Layer-1 security.

5. Details of the hacker attack and Sui team's response

The specific details are not clear at present, and no official incident report has been received.

Known information: The hacker took control of the liquidity pool denominated in SUI and systematically drained it. Cetus initially called it an "oracle vulnerability", but the full exploit method is still unclear.

The response from Cetus was truly impressive:

• Immediately suspending contracts to prevent further theft

• Working with Sui Foundation and validators

• Marking hacker accounts across the ecosystem

• Working with professional anti-cybercrime organizations

• Providing white hat settlement terms for professional damage control.

The Sui team said that most validators agreed to ignore any transactions from the hacker's wallet address, and issued a PR requiring each validator to deploy patch code so that they can take away the $160 million stolen by the hacker through unsigned transactions.

6. How to evaluate

Sui's validator coordination speed is very fast. In the traditional financial field, it takes weeks to freeze the stolen funds. And here? It only takes a few hours.

Whether you think this is a good emergency response or a centralization problem depends on your perspective.

7.The hacker’s mistake

Thinking that one person could control the entire chain. He was right about control, but wrong about who had control.

It turned out that the problem was not with him, but with the joint efforts of the validators.

Collective power is greater than individual attacks.

8. What’s next?

Cetus is negotiating with the hacker to return the funds.

Legal measures have been initiated.

A full incident report will be released soon.

But the real question is: will other L1s adopt similar emergency mechanisms?