- Topic1/3
39k Popularity
41k Popularity
43k Popularity
52k Popularity
22k Popularity
- Pin
- 📢 Gate Square #Creator Campaign Phase 2# is officially live!
Join the ZKWASM event series, share your insights, and win a share of 4,000 $ZKWASM!
As a pioneer in zk-based public chains, ZKWASM is now being prominently promoted on the Gate platform!
Three major campaigns are launching simultaneously: Launchpool subscription, CandyDrop airdrop, and Alpha exclusive trading — don’t miss out!
🎨 Campaign 1: Post on Gate Square and win content rewards
📅 Time: July 25, 22:00 – July 29, 22:00 (UTC+8)
📌 How to participate:
Post original content (at least 100 words) on Gate Square related to
- 📢 Gate Square #MBG Posting Challenge# is Live— Post for MBG Rewards!
Want a share of 1,000 MBG? Get involved now—show your insights and real participation to become an MBG promoter!
💰 20 top posts will each win 50 MBG!
How to Participate:
1️⃣ Research the MBG project
Share your in-depth views on MBG’s fundamentals, community governance, development goals, and tokenomics, etc.
2️⃣ Join and share your real experience
Take part in MBG activities (CandyDrop, Launchpool, or spot trading), and post your screenshots, earnings, or step-by-step tutorials. Content can include profits, beginner-friendl
Cetus stolen funds recovered "Decentralization" concessions for user interests
Jessy, Golden Finance
On May 22, the Sui ecosystem DEX Cetus was hacked for $223 million. Of this amount, only $60 million was exchanged for ETH through a cross-chain bridge and entered the hacker's wallet, while the remaining $162 million was frozen by the Sui Foundation coordinating nodes.
On May 27, the community voting was initiated to decide whether to implement the protocol upgrade to recover the funds frozen in accounts controlled by hackers. The protocol upgrade was ultimately successful, and 162 million in funds were successfully recovered.
The Sui Foundation's quick response to the recent theft incident and the rapid rollout of solutions have sparked significant controversy within the community. On one hand, it has recovered most of the funds and protected the interests of the affected users; on the other hand, the recovery method involved forcibly modifying asset ownership through node consensus, which marks the first implementation of "keyless asset transfer" at the public chain level.
In the face of user interests, this "daring" operation that goes against the spirit of decentralization has been overlooked.
How is asset transfer without a private key achieved?
On May 22, the Sui ecosystem DEX Cetus was attacked by hackers due to a low-level coding mistake, resulting in a loss of $223 million. After the incident, $162 million of the stolen funds were frozen by the Sui Foundation coordinating with validating nodes.
On May 27, the Sui Foundation promoted a community vote aimed at deciding whether to implement a protocol upgrade to recover funds frozen in accounts controlled by hackers. Ultimately, within 48 hours, 114 nodes participated in the vote, with 103 votes cast, 99 in favor, 2 against, and 2 abstentions, resulting in a proposal approval rate of 90.9%.
The proposal also signifies an upgrade to the Sui protocol, which will allow a specific address to represent a hacker address to conduct two transactions to facilitate the recovery of funds. These transactions will be designed and announced after the recovery address is finalized. The recovered assets will be stored in a multi-signature wallet controlled by Cetus, the Sui Foundation, and a trusted auditor OtterSec from the Sui community.
At the level of protocol upgrades, the function of address aliasing is introduced. Specifically, rules are predefined at the protocol layer: to disguise certain governance operations as "legitimate signatures of hacker accounts," and then validation nodes recognize the forged signatures after the upgrade, thus legitimizing the transfer of frozen funds. This makes it possible to forcibly modify asset ownership through node consensus without touching the private keys (similar to how a central bank freezes a bank account and transfers funds).
How was the earliest freezing of assets achieved? Sui itself supports the functionality of a Deny list (frozen list) and Regulated tokens. This time, it directly called the freezing interface to lock the hacker's address.
The technical risks of remaining strong intervention
Although this move has recovered most of the frozen assets, it inevitably raises concerns, as the upgrade of the protocol has forcibly modified the ownership of the assets through node consensus, indicating that the Sui official can replace any address to sign, thereby transferring the assets within.
The constraint on whether the Sui officials can do this is not the smart contract code, but the voting rights of the nodes. And who holds the results of the node voting? It is merely the large nodes controlled by the foundation with capital! In other words, the stakeholders of Sui officials hold the most significant voice, and even voting is merely a formality.
The user's private key is no longer the absolute proof of control over the assets; as long as the node consensus agrees, the protocol layer can directly override the private key permissions.
On the other hand, this achieves efficient asset recovery, with quick freezing of assets, thanks to the built-in regulatory features of Sui that also allow for rapid loss mitigation, completing the voting within 48 hours and implementing the protocol upgrade.
However, in the author's view, the address aliasing function has created a dangerous precedent - the protocol layer can forge "legitimate operations" for any address, which lays the technical groundwork for authoritarian intervention.
The series of operations for Sui to recover funds this time is merely a decision made from the perspective of user interests when the interests of users conflict with the principles of decentralization. As for whether it violates the principle of decentralization, it seems to be unimportant for both users and Sui, after all, when questioned, they can respond by saying it was a "vote" decision.