Why can Sui freeze the 160 million dollars stolen by the Hacker?

How can a so-called Decentralization network have such a strong centralized "freeze" capability?

Written by: Haotian

Many people are puzzled. After the Sui official stated that @CetusProtocol was attacked by hackers, the validator network coordinated to "freeze" the hacker's address, recovering 160 million dollars. How was this achieved? Is decentralization really a "lie"? The following is an attempt to analyze this from a technical perspective:

Part of the cross-chain bridge transfer: After the hacker attack succeeded, part of the assets such as USDC were immediately transferred to other chains like Ethereum through the cross-chain bridge. This part of the funds is already unrecoverable because once it leaves the Sui ecosystem, the validators are powerless.

Part still on the Sui chain: A considerable amount of stolen funds is still held in hacker-controlled Sui addresses. This portion of funds has become the target of "freezing."

According to the official announcement, "a large number of validators have identified the addresses of the stolen funds and are ignoring the transactions on these addresses."

——How exactly can it be implemented?

1. Transaction filtering at the validator level - Simply put, the validators collectively "turn a blind eye":

• Validators directly ignore transactions from hacker addresses during the transaction pool (mempool) stage;
• These transactions are technically completely valid, but they just won't be packed onto the chain;
• The hacker's funds were thus "soft detained" in the address;

2. The key mechanism of the Move object model - the object model of the Move language makes this "freezing" feasible:

• Transfers must be on-chain: Although hackers control a large amount of assets in the Sui address, to transfer these USDC, SUI, and other objects, a transaction must be initiated and confirmed by validators.
• Validators hold the power of life and death: if a validator refuses to package, the subject will remain immobile forever;
• Result: The hacker nominally "owns" these assets, but in reality has no means to do anything.

It's like you have a bank card, but all ATMs refuse to serve you. The money is in the card, but you can't take it out. With the continuous monitoring and interference (ATM) of SUI validators, tokens such as SUI in the hacker's address will not be able to circulate, and these stolen funds are now "burned", objectively playing a "deflationary" role?

Of course, in addition to the temporary coordination of validators, Sui may have a built-in deny list function at the system level. If so, the process might be as follows: the relevant authority (such as the Sui Foundation or through governance) adds the hacker's address to the system deny_list, and validators execute according to this system rule, refusing to process transactions from blacklisted addresses.

Whether it is temporary coordination or execution according to system rules, it is necessary for the majority of validators to act in unison. Clearly, the power distribution of the Sui validator network is still too centralized, allowing a small number of nodes to control key decisions across the entire network.

The issue of centralized validators in Sui is not an isolated case for PoS chains—most PoS networks, from Ethereum to BSC, face similar risks of validator centralization; it's just that Sui has made this problem more apparent this time.

——How can a network that claims Decentralization have such a strong centralized "freeze" ability?

What’s worse is that the Sui officials stated they would return the frozen funds to the pool, but if the validators really "refuse to package the transaction," these funds should theoretically remain frozen forever. How does Sui manage to refund this? This further challenges the decentralization characteristic of the Sui chain!

Is it possible that, apart from a few centralized validators rejecting transactions, the authorities even have superuser privileges at the system level to directly modify asset ownership? (Sui needs to provide further details on "freezing")

Before disclosing specific details, it is necessary to discuss the trade-offs surrounding Decentralization:

Is it necessarily a bad thing to sacrifice a bit of Decentralization for emergency response intervention? If faced with a hacker attack, is it really what users want for the entire chain to be powerless?

What I want to say is that no one wants their money to fall into the hands of hackers, but this move raises a more pressing concern in the market: the criteria for freezing funds become completely "subjective": what counts as "stolen funds"? Who defines it? Where is the boundary? Today it's freezing hackers, who will it be tomorrow? Once this precedent is set, the core value of censorship resistance in public chains will be completely undermined, inevitably leading to a loss of user trust.

Decentralization is not black and white; Sui has chosen a specific balance between user protection and Decentralization. The key issue lies in the lack of transparent governance mechanisms and clear boundary standards.

At this stage, most blockchain projects are making this kind of trade-off, but users have the right to know the truth, rather than being misled by the label of "completely Decentralization."