Tether USD price

preface This event is a victory for capital, not users, and it is a regression for the development of the industry. Bitcoin to the left, Sui to the right, and every industry move that shakes up decentralization brings a stronger belief in Bitcoin. The world needs not just a better global financial infrastructure, but a group of people who will always need freedom. Once upon a time, the alliance chain was more prosperous than the public chain, because it met the regulatory needs of that era, and now the decline of the alliance actually means that it simply complies with this demand, not the needs of real users. 1. Background of the event On May 22, 2025, Cetus, the largest decentralized exchange (DEX) in the Sui public chain ecosystem, was attacked by hackers, causing a sharp drop in liquidity and the collapse of multiple trading pairs, resulting in a loss of more than $220 million. As of press time, the timeline is as follows: On the morning of May 22, hackers attacked Cetus to extract $230 million, and Cetus urgently suspended the contract and issued an announcement On the afternoon of May 22, the hacker transferred about $60 million across the chain, and the remaining $162 million was still in the Sui on-chain address, and the Sui validator node quickly took action to add the hacker address to the "Deny List" and freeze the funds On the evening of May 22, Sui CPO @emanabio tweeted that the funds have been frozen and will start soon On May 23rd, Cetus began fixing bugs and updating contracts On May 24th, Sui opened an open source PR, explaining that the funds will be recovered through aliasing and whitelist On May 26, Sui initiated an on-chain governance vote proposing whether to perform a protocol upgrade and transfer the hacker's assets to an escrow address On May 29, the voting results were announced, and more than 2/3 of the validator nodes were weighted to support; The protocol upgrade is ready to be executed From May 30 to early June, the protocol upgrade took effect, the specified transaction hash was executed, and the hacked assets were "legally transferred" 2. Attack principle The principle of events is related, and there have been many statements in the industry, so here is only an overview of the core principles: From the perspective of attack flow: The attacker first used a flash loan to lend about 10,024,321.28 haSUI, which instantly lowered the price of the trading pool 99.90%。 This huge sell order brought the target pool price down from about 1.8956×10^19 to 1.8425×10^19, almost bottoming out. Subsequently, the attacker creates a liquidity position on Cetus with an extremely narrow range (Tick lower limit of 300000, upper limit of 300200, and the width of the interval is only 1.00496621%). Such a narrow interval amplifies the impact of subsequent calculation errors on the number of tokens required. The core principle of the attack: There is an integer overflow vulnerability in the get_delta_a function that Cetus uses to calculate the required number of tokens. The attacker deliberately stated that he wanted to add a huge amount of liquidity (about 10^37 units), but in fact only put 1 token into the contract. Due to the wrong overflow detection condition of the checked_shlw, the contract was truncated at a high level during the left-shift calculation, causing the system to seriously underestimate the amount of haSUI required, thus exchanging a huge amount of liquidity at a very small cost. Technically, the above vulnerability stems from Cetus using incorrect masks and judgment conditions in the Move smart contract, resulting in any value less than 0xffffffffffffffff << 192 being able to bypass detection; After moving 64 bits to the left, the high-level data is truncated, and the system only charges a very small number of tokens to consider that it has gained a lot of liquidity. After the incident, 2 official operations were derived: "Freezing" vs "Recovery", which is two phases: The freezing phase is completed by Deny List + node consensus; In the clawback stage, on-chain protocol upgrade + community voting + designated transaction execution is required to bypass the blacklist. 3. Sui's freezing mechanism There is a special Deny List mechanism in the Sui chain, which realizes the freezing of hacking funds. Not only that, but Sui's token standard also has a "regulated token" model with a built-in freezing function. This emergency freeze takes advantage of this feature: validator nodes quickly add addresses related to stolen funds in their local configuration files. Theoretically, each node operator can modify the TransactionDenyConfig to update the blacklist on their own, but in order to ensure network consistency, the Sui Foundation has centralized coordination as the original configuration publisher. The Foundation first officially released a configuration update containing the hacker's address, and the validator took effect synchronously according to the default configuration, so that the hacker's funds were temporarily "sealed" on the chain, which actually has a high degree of centralization behind it In order to rescue the victims from the frozen funds, the Sui team immediately launched a patch for the Whitelist mechanism. This is for subsequent transfers back of funds. Legitimate transactions can be constructed in advance and registered on the whitelist, even if the fund address is still on the blacklist, it can be enforced. This new feature transaction_allow_list_skip_all_checks allows specific transactions to be pre-added to the "Censor Freelist", allowing them to skip all security checks, including signatures, permissions, blacklists, and more. It is important to note that whitelisting patches do not directly steal hacker assets; It only gives certain transactions the ability to bypass the freeze, and the real asset transfer still needs to be done with a legal signature or additional system permission module. In fact, the mainstream freezing scheme in the industry often occurs at the token contract level, and is controlled by the issuer for multi-signature. Taking the USDT issued by Tether as an example, its contract has a built-in blacklist function, and the issuing company can freeze the offending address so that it cannot transfer USDT. This scheme requires multisig to initiate a freezing request on the chain, and the multisig is agreed before it is actually executed, so there is an execution delay. Although the Tether freezing mechanism is effective, statistics show that there is often a "window period" in the multisig process, leaving opportunities for criminals. In contrast, Sui's freeze occurs at the underlying protocol level, is collectively operated by validator nodes, and is executed much faster than normal contract calls. In this model, to be fast enough, it means that the management of these validator nodes themselves is highly uniform. 3. Sui's "transfer recycling" implementation principle What's even more striking is that Sui not only froze the hack's assets, but also planned to "transfer and recover" the stolen funds through an on-chain upgrade. On May 27, Cetus proposed a community vote to upgrade the protocol to send frozen funds to a multisig custodial wallet. The Sui Foundation then initiated an on-chain governance vote. On May 29, the results of the vote were announced, and about 90.9% of the validators supported the scheme. Sui officially announced that once the proposal is approved, "all funds frozen in the two hacker accounts will be recovered to a multisig wallet without the hacker's signature". There is no need for a hacker to sign, which is such a difference that there has never been such a fix in the blockchain industry. As can be seen from Sui's official GitHub PR, the protocol introduces an address aliasing mechanism. The upgrade includes pre-specifying alias rules in ProtocolConfig so that certain permitted transactions can be treated as if the legitimate signature was sent from a hacked account. Specifically, a hashlist of rescue transactions to be executed is tied to a destination address (i.e., a hacker address), and any executor who signs and publishes a summary of these fixed transactions is considered to have initiated the transaction as a valid hacker address owner. For these specific transactions, the validator node system bypasses the Deny List check. At the code level, Sui adds the following judgment to the transaction validation logic: when a transaction is blocked by the blacklist, the system iterates through its signer to check whether protocol_config.is_tx_allowed_via_aliasing(sender, signer, tx_digest) is true. As long as a signer satisfies the alias rule, that is, the transaction is allowed to pass, the previous interception error is ignored and the normal package execution continues. 4. Point of view 160 million, tearing apart is the deepest underlying belief in the industry From the author's personal point of view, this may be a storm that will pass soon, but this model will not be forgotten, because it subverts the foundation of the industry and breaks the traditional consensus that blockchain cannot be tampered with under the same set of ledgers. In blockchain design, the contract is the law, and the code is the referee. But in this case, the code failed, governance intervened, and power overrode the pattern, forming a pattern of voting behavior ruling code results". This is because Sui's direct appropriation of transactions is very different from the handling of hackers on mainstream blockchains. This is not the first time that consensus has been tampered with, but it has been the most silent Historically: Ethereum's 2016 The DAO incident used a hard fork to roll back transfers to cover losses, but this decision led to the split between Ethereum and Ethereum Classic, which was controversial, but ultimately different groups formed different consensus beliefs. The Bitcoin community has experienced similar technical challenges: the 2010 value spillover vulnerability was urgently fixed by developers and the consensus rules were upgraded, completely erasing some 18.4 billion illegally generated bitcoins. It's the same hard fork model, rolling back the ledger to the point where it was before the problem, and then the user can still decide which ledger system to continue using under the issue. Compared with the DAO hard fork, Sui did not choose to split the chain, but targeted this event accurately by upgrading the protocol and configuring aliases. In doing so, Sui keeps the chain continuity and most of the consensus rules unchanged, but also shows that the underlying protocol can be used to implement targeted "rescue operations". The problem is that historically, the "forked rollback" is a user's choice of beliefs; Sui's "protocol correction" is that the chain makes the decision for you. Not Your Key, Not Your Coin？ I'm afraid not anymore. In the long run, this means that the idea of "Not your keys, not your coins" is dismantled on the Sui chain: even if the user's private key is intact, the network can still block the flow of assets and redirect assets through collective agreement changes. If this becomes a precedent for blockchain to respond to large-scale security incidents in the future, it is even considered to be a practice that can be followed again. "When a chain can break rules for justice, it has a precedent for breaking any rules." Once there is a success of "public welfare money grabbing", the next time it may be an operation in the "moral ambiguity zone". So what happens? The hacker did steal the user's money, so can the crowd vote rob him of his money? Vote based on whose money is more (pos) or more people? If the one with more money wins, then Liu Cixin's final producer will come soon, and if the one with more people wins, then the group rabble will also be loud. Under the traditional system, it is very normal for illegal gains to be unprotected, and freezing and transferring are the routine operations of traditional banks. But the fact that this cannot be done technically is not the root of the development of the blockchain industry. Now the stick of industry compliance is continuing to ferment, today you can freeze for hackers and modify the account balance, then tomorrow you can do arbitrary modifications for geographical factors and contradictory factors. If the chain becomes part of the regional tool. The value of that industry has been greatly reduced, and at best it is a more difficult financial system. This is also the reason why the author is firmly in the industry: "Blockchain is not valuable because it cannot be frozen, but because even if you hate it, it will not change for you." ” Regulatory trends, can the chain keep its soul? Once upon a time, the alliance chain was more prosperous than the public chain, because it met the regulatory needs of that era, and now the decline of the alliance actually means that it simply complies with this demand, not the needs of real users. From the perspective of industry development Efficient centralization", is it a necessary stage in the development of blockchain? If the ultimate goal of decentralization is to protect the interests of users, can we tolerate centralization as a means of transition? ” The word "democracy", in the context of on-chain governance, is actually token weighted. So if a hacker holds a large amount of SUI (or one day the DAO is hacked and the hacker controls the votes), can they also "legally vote to whitewash themselves"? In the end, the value of blockchain is not whether it can be frozen, but whether the group chooses not to do so even if it has the ability to freeze. The future of a chain is not determined by the technical architecture, but by the set of beliefs it chooses to protect.

Author: Fourteen Jun   This event is a victory for capital, not users, and it is a regression for the development of the industry. Bitcoin to the left, Sui to the right, and every industry move that shakes up decentralization brings a stronger belief in Bitcoin. The world needs not just a better global financial infrastructure, but a group of people who will always need freedom. Once upon a time, the alliance chain was more prosperous than the public chain, because it met the regulatory needs of that era, and now the decline of the alliance actually means that it simply complies with this demand, not the needs of real users. 1. Background of the event On May 22, 2025, Cetus, the largest decentralized exchange (DEX) in the Sui public chain ecosystem, was attacked by hackers, causing a sharp drop in liquidity and the collapse of multiple trading pairs, resulting in a loss of more than $220 million. As of press time, the timeline is as follows: On the morning of May 22, hackers attacked Cetus to extract $230 million, and Cetus urgently suspended the contract and issued an announcement On the afternoon of May 22, the hacker transferred about $60 million across the chain, and the remaining $162 million was still in the Sui on-chain address, and the Sui validator node quickly took action to add the hacker's address to the "Deny List" and freeze the funds On the evening of May 22, Sui CPO @emanabio tweeted that the funds have been frozen, and the return will start soon On May 23, Cetus began fixing vulnerabilities and updating contracts On May 24th, Sui open-sourced the PR, explaining that it was about to recycle funds through aliasing and whitelist On May 26, Sui initiated an on-chain governance vote proposing whether to perform a protocol upgrade and transfer the hacked assets to an escrow address On May 29, the voting results were announced, and more than 2/3 of the validator nodes were weighted to support; The protocol upgrade is ready to be executed From May 30th to early June, the protocol upgrade took effect, the specified transaction hash was executed, and the hacked assets were "legally transferred" 2. Attack principle The principle of events is related, and there have been many statements in the industry, so here is only an overview of the core principles: From the perspective of attack flow: The attacker first used a flash loan to lend about 10,024,321.28 haSUI, which instantly lowered the price of the trading pool 99.90%。 This huge sell order brought the target pool price down from about 1.8956×10^19 to 1.8425×10^19, almost bottoming out. Subsequently, the attacker creates a liquidity position on Cetus with an extremely narrow range (Tick lower limit of 300000, upper limit of 300200, and interval width of only 1.00496621%). Such a narrow interval amplifies the impact of subsequent calculation errors on the number of tokens required. The core principle of the attack: There is an integer overflow vulnerability in the get_delta_a function that Cetus uses to calculate the required number of tokens. The attacker deliberately stated that he wanted to add a huge amount of liquidity (about 10^37 units), but in fact only put 1 token into the contract. Due to the wrong overflow detection condition of checked_shlw, the contract was truncated at a high level during the left-shift calculation, causing the system to seriously underestimate the amount of haSUI required, thus exchanging a huge amount of liquidity at a very small cost. Technically, the above vulnerability stems from Cetus using incorrect masks and judgment conditions in the Move smart contract, resulting in any value less than 0xffffffffffffffff << 192 being able to bypass detection; After moving 64 bits to the left, the high-level data is truncated, and the system only charges a very small number of tokens to consider that it has gained a lot of liquidity. After the incident, 2 official operations were derived: "Freezing" vs "Recovery", which is two phases: The freezing phase is completed by Deny List + node consensus; In the clawback stage, on-chain protocol upgrade + community voting + designated transaction execution is required to bypass the blacklist. 3. Sui's freezing mechanism There is a special Deny List mechanism in the Sui chain itself, which realizes the freezing of hacking funds. Not only that, but Sui's token standard also has a "regulated token" model with a built-in freezing function. This emergency freeze takes advantage of this feature: validator nodes quickly add addresses related to stolen funds in their local configuration files. Theoretically, each node operator can modify the TransactionDenyConfig to update the blacklist on their own, but in order to ensure network consistency, the Sui Foundation has centralized coordination as the original configuration publisher. The Foundation first officially released a configuration update containing the hacker's address, and the validator took effect synchronously according to the default configuration, so that the hacker's funds were temporarily "sealed" on the chain, which actually has a high degree of centralization behind it In order to rescue the victims from the frozen funds, the Sui team immediately launched a patch for the Whitelist mechanism. This is for subsequent transfers back of funds. Legitimate transactions can be constructed in advance and registered on the whitelist, even if the fund address is still on the blacklist, it can be enforced. This new feature transaction_allow_list_skip_all_checks allows specific transactions to be pre-added to the "checklist", allowing them to skip all security checks, including signatures, permissions, blacklists, etc. It is important to note that whitelisting patches do not directly steal hacker assets; It only gives certain transactions the ability to bypass the freeze, and the real asset transfer still needs to be done with a legal signature or additional system permission module. In fact, the mainstream freezing scheme in the industry often occurs at the token contract level, and is controlled by the issuer for multi-signature. Taking the USDT issued by Tether as an example, its contract has a built-in blacklist function, and the issuing company can freeze the offending address so that it cannot transfer USDT. This scheme requires multisig to initiate a freezing request on the chain, and the multisig is agreed before it is actually executed, so there is an execution delay. Although the Tether freezing mechanism is effective, statistics show that there is often a "window period" in the multi-signature process, leaving opportunities for criminals to take advantage of. In contrast, Sui's freeze occurs at the underlying protocol level, is collectively operated by validator nodes, and is executed much faster than normal contract calls. In this model, to be fast enough, it means that the management of these validator nodes themselves is highly uniform. 3. Sui's "transfer recycling" implementation principle What's even more amazing is that Sui not only froze the hacker's assets, but also planned to "transfer and recover" the stolen funds through on-chain upgrades. On May 27, Cetus proposed a community vote to upgrade the protocol to send frozen funds to a multisig custodial wallet. The Sui Foundation then initiated an on-chain governance vote. On May 29, the results of the vote were announced, and about 90.9% of the validators supported the scheme. Sui officially announced that once the proposal is approved, "all funds frozen in the two hacker accounts will be recovered to a multisig wallet without the hacker's signature". There is no need for a hacker to sign, which is such a difference that there has never been such a fix in the blockchain industry. As can be seen from Sui's official GitHub PR, the protocol introduces an address aliasing mechanism. The upgrade includes pre-specifying alias rules in ProtocolConfig so that certain permitted transactions can be treated as if the legitimate signature was sent from a hacked account. Specifically, a hashlist of rescue transactions to be executed is tied to a destination address (i.e., a hacker address), and any executor who signs and publishes a summary of these fixed transactions is considered to have initiated the transaction as a valid hacker address owner. For these specific transactions, the validator node system bypasses the Deny List check. At the code level, Sui adds the following judgment to the transaction validation logic: when a transaction is blocked by the blacklist, the system iterates through its signer to check whether protocol_config.is_tx_allowed_via_aliasing(sender, signer, tx_digest) is true. As long as a signer satisfies the alias rule, that is, the transaction is allowed to pass, the previous interception error is ignored and the normal package execution continues. 4. Point of view 160 million, tearing apart is the deepest underlying belief in the industry From the author's personal point of view, this may be a storm that will pass soon, but this model will not be forgotten, because it subverts the foundation of the industry and breaks the traditional consensus that blockchain cannot be tampered with under the same set of ledgers. In blockchain design, the contract is the law, and the code is the referee. But in this case, the code failed, governance interfered, and power overrode the pattern, forming a pattern of voting behavior adjudicating code results. This is because Sui's direct appropriation of transactions is very different from the handling of hackers on mainstream blockchains. This is not the first time that consensus has been tampered with, but it has been the most silent Historically: Ethereum's 2016 The DAO incident used a hard fork to roll back transfers to cover losses, but this decision led to the split between Ethereum and Ethereum Classic, which was controversial, but ultimately different groups formed different consensus beliefs. The Bitcoin community has experienced similar technical challenges: the 2010 value spillover vulnerability was urgently fixed by developers and the consensus rules were upgraded, completely erasing some 18.4 billion illegally generated bitcoins. It's the same hard fork model, rolling back the ledger to the point where it was before the problem, and then the user can still decide which ledger system to continue using under the issue. Compared with the DAO hard fork, Sui did not choose to split the chain, but targeted this event accurately by upgrading the protocol and configuring aliases. In doing so, Sui maintains the continuity of the chain and most of the consensus rules, but also shows that the underlying protocol can be used to implement targeted "rescue operations". The problem is that historically, the "forked rollback" is a user's choice of faith; Sui's "protocol correction" is that the chain makes the decision for you. Not Your Key, Not Your Coin？ I'm afraid not anymore. In the long run, this means that the idea of "not your keys, not your coins" is dismantled on the Sui chain: even if the user's private key is intact, the network can still block the flow of assets and redirect them through collective agreement changes. If this becomes a precedent for blockchain to respond to large-scale security incidents in the future, it is even considered to be a practice that can be followed again. "When a chain can break rules for the sake of justice, it has a precedent for breaking any rules." Once there is a success of "public welfare money grabbing", the next time it may be an operation in the "moral ambiguity". So what happens? The hacker did steal the user's money, so can the crowd vote rob him of his money? Vote based on whose money is more (pos) or more people? If the one with more money wins, then Liu Cixin's final producer will come soon, and if the one with more people wins, then the group rabble will also be loud. Under the traditional system, it is very normal for illegal gains to be unprotected, and freezing and transferring are the routine operations of traditional banks. But the fact that this cannot be done technically is not the root of the development of the blockchain industry. Now the stick of industry compliance is continuing to ferment, today you can freeze for hackers and modify the account balance, then tomorrow you can do arbitrary modifications for geographical factors and contradictory factors. If the chain becomes part of the regional tool. The value of that industry has been greatly reduced, and at best it is a more difficult financial system. This is also the reason why the author is firmly committed to the industry: "Blockchain is not valuable because it cannot be frozen, but because even if you hate it, it will not change for you." Regulatory trends, can the chain keep its soul? Once upon a time, the alliance chain was more prosperous than the public chain, because it met the regulatory needs of that era, and now the decline of the alliance actually means that it simply complies with this demand, not the needs of real users. From the perspective of industry development Efficient centralization, is it a necessary stage in the development of blockchain? If the ultimate goal of decentralization is to protect the interests of users, can we tolerate centralization as a means of transition? The word "democracy", in the context of on-chain governance, is actually token weighted. So if a hacker holds a large amount of SUI (or one day the DAO is hacked, and the hacker controls the votes), can they also "legally vote to launder themselves"? In the end, the value of blockchain is not whether it can be frozen, but whether the group chooses not to do so even if it has the ability to freeze. The future of a chain is not determined by the technical architecture, but by the set of beliefs it chooses to protect.

PANews reported on June 3 that according to the Aave community forum, AAVE will officially launch the Umbrella system on June 5, 2025, allowing users to stake aToken to prevent bad debts in the protocol and receive rewards. This mechanism replaces the old staking AAVE and stkABPT methods, and directly burns aTokens to deal with bad debts, achieving higher capital efficiency and an objective triggering mechanism. Initially, it will be launched on networks such as Ethereum, Arbitrum, Avalanche and Base, covering major assets such as USDC, USDT, WETH and so on. Umbrella has been developed and audited and is ready to go live.

LP Rewards on Ink & Soneium🚴‍♂️ • $USDC.e - $WETH: ~217% - Ink • $USDT0 - $WETH: ~167% - Ink • $USDG - $kBTC: ~77% - Ink • $ASTR - $USDC.e: ~483% - Soneium • $WBTC - $WETH: ~287% - Soneium • $USDC.e - $WETH: ~174% - Soneium Incentives for key pools are live—supporting deeper liquidity, better execution, and broader adoption across the Superchain

PANews reported on June 2 that according to @ai_9684xtpa monitoring, many James Wynn donation addresses were transferred to USDT and ETH, and the updated data was: - USDC: 3274.97 USDC - USDT: 8040.89 tokens - ETH: 3.6 tokens, about $9,036 A total of $20,351.86 was raised in the last 50 minutes.