“Okay, why is actually all people and their mother speaking about Sui proper now?”
If that’s you – hey, you recognize we acquired you. Let’s put an finish to the ache of being unaware:
Yesterday, the Sui blockchain skilled the largest DeFi hack of 2025.
A hacker stole $223M from Cetus, the biggest DEX aggregator on Sui.
FYI: that is about 94% of what the platform had in whole worth locked (TVL) the day earlier than. So yeah, fairly large deal.
“However… how?”, stated you, perhaps.
Like I stated – don’t fret, we acquired you.
The attacker exploited a flaw in Cetus’ good contracts – and in accordance with HackenProof CTO Alex Horlan, that is how the entire thing went down:
Step 1. Making a rubbish token look priceless
The attacker made their very own token – only a nugatory coin referred to as BULLA.
Now, on most DEXs, costs are set by what number of cash are sitting in a pool. If there’s loads of BULLA and solely somewhat SUI (a legit token), the system assumes BULLA should be actually priceless – as a result of it thinks it takes loads of BULLA to purchase just a bit SUI.
So the hacker dumped tons of BULLA into the pool and added only a little bit of SUI. Now the pool’s value math was tricked: it thought 1 BULLA was value loads of SUI, when actually, it was rubbish.
Step 2. Establishing a faux liquidity pool
Subsequent, the hacker used BULLA to create a brand new liquidity pool – this time including nearly nothing to it, simply sufficient to set it up.
When somebody begins a brand new liquidity pool, they get LP tokens in return. These LP tokens are like a receipt displaying what % of the pool you personal, and later you possibly can commerce them in to get your share of the actual tokens within the pool.
However the system nonetheless thinks the faux token is tremendous costly, so when the attacker provides a tiny little bit of it into the pool, it treats that like an enormous deposit. Because of this, the hacker will get an enormous variety of LP tokens – far more than they really deserve.
Step 3. Money out
Now armed with these LP tokens, the hacker begins eradicating liquidity – exchanging their LP tokens for actual tokens from the pool.
As a result of the system’s math is damaged from the sooner trick, it lets them preserve pulling out actual cash – time and again – though they barely put something actual in to start with.
I do know. Loopy stuff.
And the end result was a large number:
Craaaazy stuff.
Cetus scrambled to reply:
Paused all good contracts to forestall extra injury;
Teamed up with the Sui Basis and froze round $162M of the hacker’s funds. Sadly, the hacker had already bridged about $60M over to Ethereum;
Provided a white hat bounty – as much as $6M – if the attacker returns the Ether.
Which feels like a fairly stable response.
However many individuals went like, “Uhhh… pause. Sui can freeze funds?”
Yeah, if somebody can simply halt transactions, it feels rather a lot like the normal banking system. And for a community that calls itself decentralized, that’s an enormous pink flag.
Alternatively, individuals like crypto sleuth Matteo identified that what occurred wasn’t centralized management – it was decentralization in motion.
In response to him, Sui validators from all around the world independently coordinated to cease a recognized malicious pockets. Nobody gave orders, nobody needed to ask permission. They simply selected to behave.
That, he stated, is what true decentralization appears like – not being powerless, however with the ability to reply collectively as a community.
And it most likely was the suitable selection. If you happen to can cease somebody from stealing, why wouldn’t you?
However even when this made sense, it left a crack in the concept that Sui was absolutely decentralized.
So yeah. And that, buddies, is why everyone seems to be freaking out about Sui. The ache of unawareness has been launched.
Now you are within the know. However take into consideration your pals – they most likely do not know. I ponder who may repair that… 😃🫵
Unfold the phrase and be the hero you recognize you might be!
