Sui Ecosystem DEX Suffers $260 Million Oracle Machine Attack: Liquidity Crisis and Centralization Controversy

On the afternoon of May 22, CETUS, the token of Cetus Protocol, a mainstream DEX liquidity protocol on the Sui Chain, suddenly plummeted, and the price was almost halved. At the same time, the prices of many token trading pairs on Cetus fell sharply at the same time. Subsequently, several crypto industry opinion leaders took to social media to warn that the Cetus protocol liquidity pool was under attack.

According to on-chain data monitoring, the attacker seems to have successfully taken control of all liquidity pools priced in SUI. As of a few hours after the incident occurred, the total amount of stolen funds has exceeded $260 million. Currently, the attacker has begun converting the funds to USDC and cross-chain transferring to the Ethereum network to exchange for ETH, with about 60 million USDC having completed the cross-chain transfer operation.

! $260 million shocking vulnerability: Sui's leading ecosystem DEX was attacked by oracles, and the official "frozen transaction" fell into a centralized controversy

The attacker's on-chain address is: 0xe28b50cef1d633ea43d3296a3f6b67ff0312a5f1a99f0af753c85b8b5de8ff06. The main assets in this address are still primarily SUI and USDT, while also holding mainstream tokens such as CETUS, WAL, DEEP, and others from the Sui ecosystem, indicating the wide scope of this attack.

! $260 million shocking vulnerability: Sui's leading ecosystem DEX was attacked by oracles, and the official "frozen transaction" was caught in a centralized controversy

On the evening of the 22nd, Cetus team members said in the project community group that the Cetus protocol was not stolen, but an "oracle bug". However, on-chain data shows that the loss of the Cetus protocol liquidity pool has exceeded $260 million in just one hour after the incident, exceeding the total lock-up value of the protocol of $(.24 billion ) and market capitalization ( of $019283746574839201.18 billion.

! [$260 million shocking vulnerability: Sui's leading ecosystem DEX was attacked by oracles, and the official "frozen transaction" was caught in a centralized controversy])https://img.gateio.im/social/moments-036fbf860948314dfa522037542a8d13(

On the morning of the 23rd, Cetus officially released the latest progress, stating that it had found the root cause of the vulnerability and completed the repair, and at the same time hired a professional anti-cybercrime organization to assist in the negotiation of fund tracing and return. The official said that it has confirmed the Ethereum wallet address controlled by the attacker, and has negotiated with it on the return of customer funds, proposing to pay the bounty in the name of the white hat hacker, and no legal action will be taken if the terms are accepted.

! [$260 million shocking vulnerability: Sui's leading ecosystem DEX was attacked by oracles, and the official "frozen transaction" fell into a centralized controversy])https://img.gateio.im/social/moments-561348c3d16144218f6776d81854fc21(

The Suspicious History of the Protocol Team

It is worth noting that at the time of the turmoil in the Sui ecosystem triggered by Cetus, community members pointed out that Cetus is suspected to be developed by the same team as the previous Solana ecosystem DeFi protocol Crema Finance, which had a similar theft incident in 2022.

![260 million USD shocking vulnerability: Sui ecosystem leading DEX attacked by Oracle Machine, official "freeze transactions" embroiled in centralization controversy])https://img.gateio.im/social/moments-202ea5eccd5be522796aabb8ed09a2a2(

On July 3, 2022, Crema Finance suffered a flash loan attack, and the liquidity pool was drained, resulting in a loss of more than $8 million. The hackers then returned $7.6 million worth of stolen cryptocurrency after consulting with the team and were allowed to keep 45,455 SOL) about $1.65 million in ( as a bounty.

Compared with the theft of Cetus, not only are the attack methods similar ) they are all ( controlling the liquidity pool, and the follow-up processing methods are also highly consistent ) negotiating ( with hackers in the form of white hat bounties. While there is currently no conclusive evidence that the two projects came from the same team, the similarities from the cause of the theft to the mode of treatment are indeed thought-provoking.

Sui Official Intervention Sparks Controversy

According to the statistics of the data platform, Cetus has been the dominant DEX and liquidity center of the Sui ecosystem, and its trading volume accounts for more than 60% of the entire ecosystem. This large-scale attack directly disrupted the core liquidity hub of the ecosystem and dealt a serious blow to the entire network.

! [$260 million shocking vulnerability: Sui's leading ecosystem DEX was attacked by oracles, and the official "frozen transaction" was caught in a centralized controversy])https://img.gateio.im/social/moments-cab2a3371d47c41f1ab358cb11209839(

Since March 2023, the transaction volume on the Sui ecological chain has generally shown an upward trend, and ecological tokens such as CETUS, DEEP, AND WAL have performed well, and are regarded as one of the most potential public chain projects in the current cycle. However, data analysis shows that there are a large number of suspicious brush transactions on the Sui chain, and the toxicity of ecological liquidity )Flow Toxicity( has been close to 50% for a long time, which is also the reason why some users question Sui's "mismatch between price increases and ecological development".

![260 million USD shocking漏洞: Sui生态龙头DEX遭Oracle Machine攻击, 官方"冻结交易"陷中心化争议])https://img.gateio.im/social/moments-bdc4be7fab41c9e69dca8452d1aa9667(

In response to this major security incident, the Sui Foundation quickly took action. On the evening of the 22nd, the Sui official announced that to "protect the Sui ecosystem," a large number of network validators have confirmed the hacker addresses and chosen to ignore transaction requests from these addresses.

This move immediately sparked fierce controversy in the community, and "public chain censorship transactions" became a hot topic. Many users believe that this intervention violates the basic principles of blockchain decentralization, turning Sui from a true "public chain" into a "centralized permissioned database".

According to the Sui technical documentation, its network design employs a delegated PoS consensus mechanism, which theoretically requires controlling more than 1/3 of the staked voting power to achieve continuous transaction verification. The review actions of a single or a few nodes usually only cause temporary delays and may be regarded as malicious behavior and thus punished. This event indicates that the Sui Foundation may control at least more than 1/3 of the network's staked voting power.

! [$260 million shocking vulnerability: Sui's leading ecosystem DEX was attacked by oracles, and the official "frozen transaction" fell into a centralized controversy])https://img.gateio.im/social/moments-d9d46ef2003ea6c4a2577efab6604aaa(

The discussion about "centralized public chains" has a long history, with Solana having sparked similar controversies during the last market cycle. Some community members have pointed out that in the current market environment, where investment returns are the core driving force, many investors may be more focused on price performance rather than the concept of decentralization. "Protecting price" can, to some extent, also be seen as protecting the interests of investors.

As for whether this trade-off is worth it and whether the Sui ecosystem can recover from this crisis, it still needs time to be verified.