The Great SUI Governance Controversy

Cetus Protocol’s announcement on X that “an attacker has stolen approximately $223M” from its liquidity crypto pools

Cetus Protocol's announcement on X that “an attacker has stolen approximately $223M” from its liquidity crypto pools set off the loudest governance controversy in Sui's short history. The team wrote that it had “took immediate action to lock our contract preventing further theft of funds,” adding a reassurance that “$162M of the compromised funds have been successfully paused. … We are working with the Sui Foundation and other ecosystem members right now on next-step solutions” and promising “a full incident report.”

Those next-step solutions triggered a philosophical firefight. To keep the stolen assets marooned on-chain, a super-majority of validators agreed to ignore outgoing transactions from three hacker-controlled addresses. Cyber Capital founder Justin Bons argued that the very act of blacklisting demonstrates structural centralization: “SUI’s validators are colluding to CENSOR the hacker’s TXs right now! … Does that make SUI centralized? The short answer is YES; what matters more is why?” Citing only 114 validators and founder–heavy staking, he declared: “The ‘founders’ own the majority of supply & there are only 114 validators!”

Amogh Gupta from the SUI Foundation countered that the move was a legitimate exercise of distributed governance. “Just because validators reach consensus about something, doesn't mean they're 'colluding'. […] Validators on other chains can (and have) done the same. You can view it like OFAC. apexminds claims to be able to disable ALL outgoing transactions from the hacker's address. This is false. It is possible to disable transactions to another chain, e.g. the hacker moved some funds to ETH. We could choose to ignore those transactions, rendering them effectively unspendable. But we haven't done so yet. We are currently discussing what, if any, further action to take. apexminds claims that this is impossible because there is no "switch" that disables transactions. This is correct. It would work like ignoring transactions to a specific token, e.g. imagine a scenario where a specific token is being used maliciously and broadly in an attempt to drain liquidity from multiple protocols. In such a scenario, perhaps validators might choose to collectively ignore that token type. It is not about brute force but rather about making targeted economic decisions. It is an extreme measure that would be used in a truly urgent instance with broad agreement among validators. It is not something that a single entity could do unilaterally. It is also not something that is done lightly. It is a capability that could be used for good or bad, and there is an opportunity for discussion and debate among validators and the community at large to decide how, if at all, it should be used. It is a collective decision-making process, not a hierarchical one. It is also not something that is unique to Sui. OFAC sanctions are a capability that exists on Ethereum to prevent sanctioned parties from engaging in economic activity on-chain. This capability was used earlier in 2023 to great effect to largely shut down North Korean cybercriminal activity on Ethereum. The point is that this capability is not specific to Sui. The OFAC/sanctioned transactions were a grey area that some viewed as economically and geopolitically motivated. A hack is clear as day bad, so there is no contention about it being good or bad.

Bons rejected the analogy. “You are misinformed about the 2023 OFAC regulations: Not a single ETH TX was censored, as collusion was impossible on a chain with low Network Concentration and a large number of independent validators. That SUI’s distribution of power is so concentrated that this is even possible in the first place is the problem. We are talking about a single entity (or small group) having enough power to shut down all TXs to another chain (which would be a major event), not something that can be done quickly or easily. It is also not something that is done lightly. It is an extreme measure that would be used in a truly urgent instance with broad agreement among validators and the community at large. It is not something that a single entity could do unilaterally. It is also not something that is done without discussion and debate. It is a collective decision-making process, not a hierarchical one. It is also not something that is unique to Sui. OFAC sanctions are a capability that exists on Ethereum to prevent sanctioned parties from engaging in economic activity on-chain. This capability was used earlier in 2023 to largely shut down North Korean cybercriminal activity on Ethereum. The point is that this capability is not specific to Sui. The OFAC/sanctioned transactions were a grey area that some viewed as economically and geopolitically motivated. A hack is clear as day bad, so there is no contention about it being good or bad.”

Gupta: “This is a common misperception. The founders' tokens are locked up for a multi-year schedule