The decentralized exchange (DEX) Cetus, built on the Sui blockchain, recently became the target of a massive crypto heist that shook the community and raised important questions about decentralization in blockchain governance. Following a $220 million exploit, Cetus moved swiftly to contain the fallout, freezing $162 million of the stolen assets and announcing a $6 million white hat bounty to encourage the hacker to return the remaining funds.
The Hack and Immediate Response
On May 22, 2025, Cetus suffered a severe security breach that led to over $220 million in cryptocurrency being illicitly withdrawn from its liquidity pools. In a remarkable quick reaction, the Cetus team managed to freeze roughly $162 million of the stolen assets on the Sui blockchain, showcasing the protocol’s built-in safeguards and rapid incident response capabilities.
But the saga didn’t end there. To incentivize the hacker to cooperate and return the remaining stolen assets, Cetus publicly offered a white hat bounty—a reward given to ethical hackers who return stolen funds and help protocols patch vulnerabilities. The offer allows the exploiter to keep 2,324 ETH, approximately $6 million at current prices, if they promptly return the rest of the funds, including the 20,920 ETH stolen, which is worth more than $55 million.
In a blockchain transaction message posted by Cetus on May 22, the protocol clearly stated: “In exchange, you can keep $6M as a bounty, and we will consider the matter closed with no further legal or public action.” However, the warning was firm—if the stolen assets are laundered through mixers or off-ramped into other cryptocurrencies without being returned, Cetus will escalate the situation using all legal and intelligence resources at its disposal.
Industry-Wide Context: Rising Crypto Hacks
Unfortunately, the Cetus hack is part of a growing trend of crypto-related thefts. Data from Immunefi reveals that April 2025 saw $90 million stolen across 15 hacking incidents—nearly triple the $41 million stolen in March. Earlier this year, the industry was rattled by the largest hack in crypto history when the Bybit exchange lost over $1.4 billion in stolen assets.
This wave of breaches has pushed decentralized platforms and blockchain projects to reevaluate their security protocols and collaborate with law enforcement and white hat communities to safeguard user funds and build resilience.
Sui Network’s Controversial Emergency Measures
Beyond Cetus, the wider Sui blockchain ecosystem is also grappling with the aftermath of the exploit. GitHub activity reveals that Sui developers proposed an emergency “whitelist” function—a mechanism that could allow certain transactions to bypass typical security checks in exceptional circumstances, such as recovering stolen funds.
The proposal suggested that validators could deploy patched code enabling them to reverse or block transactions linked to the hack, essentially pulling back the $160 million in stolen assets through an unsigned transaction. However, some validators hesitated to implement this code immediately. Instead, they opted to selectively deny only transactions involving the hacker’s stolen objects.
This emergency move ignited a fiery debate among blockchain purists and decentralization advocates. Critics argue that allowing validators to override transactions sets a dangerous precedent, contradicting the foundational principle of decentralized networks being immutable and permissionless.
A New Perspective on Decentralization
Despite vocal criticism, some community members see the quick action as a positive evolution in blockchain governance. Crypto analyst and pseudonymous sleuth Matteo tweeted that this incident reflects “what real-world decentralization looks like,” emphasizing that decentralization isn’t just about immutability or powerlessness but also about community-aligned responsiveness.
He argued, “Decentralization isn’t about standing by helplessly while users suffer losses. It’s about having the power to act collectively without needing centralized permission.” This nuanced view suggests that flexibility in decentralized governance can coexist with core principles, especially when user protection is at stake.
The Cetus hack underscores the fragile balance between security, decentralization, and rapid response in the fast-evolving crypto space. As protocols continue to mature, the lessons learned from this incident could shape how decentralized networks defend against future threats while maintaining their decentralized ethos.
