Did Cetus really "recover" $160 million in stolen funds?

TechFlow
TechFlow
CETUS-0.87%
ETC-3.18%
SUI-1.56%
ETH-1.40%

By Alex Liu, Foresight News

Cetus, the largest decentralized AMM exchange in the Sui ecosystem, was stolen more than $200 million by attackers yesterday due to numerically accurate code issues.

Two hours after the theft, Cetus posted, "To date, it has been confirmed that an attacker stole approximately $223 million from the Cetus protocol, and the team has taken action to lock the contract to prevent further theft of funds, freezing $162 million in stolen funds. We are currently working with the Sui Foundation and other ecosystem members to develop the next step in the solution, with the goal of recovering the remaining stolen funds. Most of the affected funds have been suspended, and we are actively pursuing ways to restore the remaining funds. A full incident report will be released at a later date."

It is important to note that the term "freeze" is used here, not "clawback". In other words, it is unknown whether this money will be able to be used to compensate the damaged users. And Sui officially explained the process in more detail.

Except for the hacker's cross-chain to the Ethereum mainnet and exchanged for more than 20,000 ETH (about $60 million), most of the stolen funds are still in the hacker's Sui Chain address. The "freezing" of this part of the assets is essentially a joint "censor" of Sui's validators - everyone agreed to ignore him.

Objectively speaking, this violates the guidelines of "censorship resistant" in the decentralized world, which is a centralized operation and has caused great controversy in the community.

And how do you get this money back after it is "frozen"? Sui Lianchuang mentioned that the recovered funds will be put back into the Cetus liquidity pool, based on the premise that the money can be returned.

To put it simply: "freezing" is to make the hacker's signature on the Sui chain invalid, the transaction cannot be uploaded to the chain, and the funds are trapped in the address; Then the "recovery" requires the transfer of the assets in his address without the signature of the hacker. Is it possible?

In fact, Solayer engineer Chaofan says that the Sui team is already asking every validator on Sui to deploy a piece of fix code so that they can "recover" the money without the attacker signing it. This is clearly centralized, and has provoked a larger debate in the community — assets can be transferred from the address without your signature.

(Note: Sui validators reported that they did not receive a "request", and Chaofan later said that Sui validators have not deployed the relevant code at this time.) )

However, this is obviously a special case of last resort, indicating that the current decentralization of Sui has a "switch" in emergency situations. Sui is able to do this because there are only a few validators in the early 100s, and most of the validators are well-connected institutions with the Sui Foundation, which is easy to coordinate. (Sui validators need to stake their own or attract more than 10 million SUI tokens, which is usually only available to institutions.) )

The author supports such an approach. Cetus is the largest decentralized AMM exchange on Sui, and the liquidity pool is the savings and survival funds of countless people. At the same time, the main liquidity pools of many Sui project tokens are deployed on Cetus, and the withdrawal of liquidity is an unbearable loss for these ecological projects. It can be said that getting this money back is a necessary protection for the Sui DeFi ecosystem, which was thriving but far from mature.

If we would rather let all this be ruined in order to adhere to the dogma of "decentralization", it seems to belong to the fundamentalism of choosing to stick to ETC (Ethereum Classic) after the hard fork of The DAO on Ethereum. The author agrees with the following view: decentralization is the goal, not the starting point. At this stage, if I were to pursue the ultimate decentralization, I would choose to use Ethereum. And now I'm happy that Sui was able to help recover the funds of users who were compromised in Cetus.

Sui on Bucket Protocol founder's reflections on the event

Show original
The content on this page is provided by third parties. Unless otherwise stated, OKX TR is not the author of the cited article(s) and does not claim any copyright in the materials. The content is provided for informational purposes only and does not represent the views of OKX TR. It is not intended to be an endorsement of any kind and should not be considered investment advice or a solicitation to buy or sell digital assets. To the extent generative AI is utilized to provide summaries or other information, such AI generated content may be inaccurate or inconsistent. Please read the linked article for more details and information. OKX TR is not responsible for content hosted on third party sites. Digital asset holdings, including stablecoins and NFTs, involve a high degree of risk and can fluctuate greatly. You should carefully consider whether trading or holding digital assets is suitable for you in light of your financial condition.