Late last week, one of the top layer-1 blockchains overall, and one of the fastest growing networks in web3, SUI, came head to head with every crypto investor’s worst nightmare – a severe hack or exploit that results in millions of dollars lost instantaneously.

The number 2 blockchain Etherium experienced a $1.4 billion cold wallet theft earlier this year, blamed on North Korean hackers. Before that, in December 2024, Solana’s JavaScript library was compromised, granting an attacker access to private keys, and resulting in funds being drained from decentralized apps, resulting in a 6-figure loss. Bitcoin itself has even had to deal with a $460 million attack in 2014, when Japan-based exchange Mt. Gox was injected with fake Bitcoins used to siphon off the real ones. Today the same amount of BTC would be worth about $21.8B, making it the most substantial breach in the history of cryptocurrencies.

While the May 22, 2015 Cetus attack didn’t impact SUI itself, nor affect its price drastically, many of the tokens that run on it were dependent on Cetus as their primary or only exchange. $LOFI, for example, currently the largest memecoin in the ecosystem, was still available on Turbos and Bluefin, and recently started trading on Kraken, one of the largest centralized exchanges in the cyrpto space. As a result its price was only marginally affected. On the other hand, smaller tokens which are often listed on only one DEX (decentralized exchange) saw a drop of 98% or more in a matter of minutes.

This was the result a liquidity pool (LP) drain caused by an exploit of a bug in Cetus’ protocol. It allowed an attacker to exchange tokens of virtually zero value for the liquidity in Cetus, and to extract it in the same transaction, draining some $230 million in value. Simultaneously, this caused the market price of affected tokens to drop, since they no longer had liquidity.

Many have been sharply critical of Cetus’ response, but a zoomed-out look at what took place really shows that they handled the situation well, in my opinion.

The timeline reveals how quickly action was taken to stop the LP drain. While Cetus was quite tight-lipped about the incident in the hours immediately afterward, this may prove to be a wise decision.

My experience in the banking industry taught me a lot about disaster response. People want their money to be secure – in fact the law demands it – so banks and other financial institutions have robust plans to mitigate emergency situations. As a teller, I was trained on how to handle a robbery. Thankfully I never experienced one. As a loan writer, I learned to evaluate the risks of a potential borrower’s income, debts, and life situation. Later as an IT admin, I was responsible for transferring millions of dollars in funds with the stroke of a key. We’re talking about people’s paychecks and investments, and more. When the stakes are high, you have to know when it’s time to walk in on the C-suite, interrupt the president, and say we have an emergency that needs to be dealt with, right now.

My flirtation with disaster

I’ll briefly relay one such occasion. I did IT admin & support for a mid-sized credit union at the time, around 2010. We had an internally hosted voice-over-IP (commonly called VoIP) phone system that handled all phone communications internally and externally. It had a hard drive array with multiple drives running in sync, a common practice with server infrastructure. One of those drives was giving errors indicating it was about to fail. Wanting to be proactive, I called our support provider for the VoIP system, and was advised to pull the bad drive to get its serial number, so they could order a replacement. I cautiously confirmed with support that they wanted me to do this while the server was running, which they did, before yanking that hard drive out of its slot.

When I did, the thought occurred to me to walk over to the terminal a few feet away, and just make sure things were still green. This was our public communications tool, after all. Now while it may be more difficult to accept in 2025, in those days we were actually accustomed to systems going down all the time, without really batting an eye at it. But this was a pretty big deal. And as it turned out, the instant I pulled the drive, the server froze. At this point I knew I needed to inform my boss (the VP of IT) and the credit union president right away.

In the moments that followed, the server didn’t reboot properly, which meant all our phones went down, including branch offices. Ultimately it took more than 24 hours to restore service with a backup server, which turned out to actually just be an old, decommissioned server, that my boss had told everyone was a hot backup. It was a nightmare. Fortunately, it didn’t hit any of our financial systems, so funds were safe. But we did lose contact with our members in a time before online banking was as common as it is today.

There were a lot of lessons learned. I didn’t get in trouble, and thankfully neither did the advising tech, who was working with the best knowledge he had, which indicated the hard drive RAID array was capable of “hot swapping” drives. No one was fired, and the company didn’t go under. In fact, with the help of this and other improvements, we became much more robust and the assets sheet continued to grow afterwards.

The Cetus incident

Most often, you don’t reach your highest highs until you face your greatest challenges head on.

This is why I think the Cetus exploit will ultimately be a GOOD thing for the entire SUI ecosystem.

SUI had never been fully stress tested. Many have said this over the past 6 months, as it rose in price and gained massive amounts of volume. Generally the criticism was in regards to processing a large number of transactions. And it is a fair criticism, as SUI is a young chain in crypto, only a little more than 2 years old at this point.

But now SUI has seen an extreme level of stress, a test of its resiliency in a different way. This test struck at the heart of its ability to process transactions (on layers 2 & 3), and hold value in its various tokens. Coming thru to the other side intact will reveal just how strong the blockchain, and the community, really is. I’ve been impressed with the community level response since the incident first began. Early Thursday morning when first checking markets, I saw $AXOL, one of my meme tokens, had fallen to only 2% of its value from the day before and thought, huh, what in the world is going on? This community recently had its own upheaval, which made me wonder if maybe something similar happened again, but upon going to X, I found a space (voice chat) talking about some kind of hack on Cetus.

More properly, nothing was hacked. A bug was exploited, but may people will forever see this as a hack simply because the terms have been muddied over the years. I’ll call it an exploit [somebody stop me!], you can call it what you like.

In any case, the exchange had already been paused, so there wasn’t much I could do but watch the smoldering flames while we all waited for what would happen next. Over the next several days, many leaders in the SUI ecosystem held their own spaces, and at this time we are waiting for a vote amongst the network validators to address if and how to restore the lost funds.

Cetus faced valid criticism for not showing much of a public response, but having dealt with many similar situations myself, over the course of my IT career, I understood why. In fact, many times its best to say VERY LITTLE in the midst of an emergency, where details are still being learned, and saying the WRONG thing can be detrimental. People may not like it, but you’re much better off saying nothing than getting major details wrong. We have hindsight to look back on things now, but in the heat of the fire, you don’t know for sure what’s going on.

Following the incident report Cetus provided, and the imminent vote, to me it seems a lot of trust will be restored in the short run. In the long run, the ecosystem will adapt in various ways, not the least probably including a diversification of LP from here forward. That will serve to make the network more robust, and less dependent on a single source that can be jeopardized at any time. Just like you might want to have a live backup system for critical company tech infrastructure such as a phones, in case something unforeseen temporarily disrupts service.

Cetus has already patched the bug that allowed the incident to occur.

The future of web3

It wasn’t that long ago the web3 community was in disbelief about the Etherium theft, but if you mention it now, many participants won’t even remember. Or at the least, they couldn’t tell you about it in any level of detail without searching on the internet like I did.

One last bit I’ll point out which to me is bullish for SUI, and for all of crypto, is the emphasis on reflecting the will of the community affected by this event. One of the Mysten Labs co-founders, Adeniyi, hosted an X space directly addressing the situation and taking questions from SUI holders over the weekend, as did David Eisenhauer, the co-founder of LOFI. Many others did as well, but these were ones I attended, so I can speak for what happened. Both spaces focused on restoring trust, seeking accountability across the board, and perhaps most importantly, acting in accordance with the will of stakeholders.

A vote will take place (this week from my current understanding) on a governance proposal to enable a special transaction or protocol “upgrade” that will allow the stolen assets to be returned to the SUI network. (Voting is currently in progress at the time of this writing.)

Web3 is a mostly decentralized space, and depending on how this was handled, that decentralization could become little more than symbolic. By carefully approaching the incident response, it looks as though the ecosystem will remain intact, with no central authority dictating how the response should go. In fact members of the SUI foundation are said to be abstaining from the vote, leaving it basically up to the 100+ validators currently responsible for handling the flow of bits and tokens across the network.

This makes me bullish not only on SUI, but on the future of web3 itself. Other chains are watching what’s happening here. The pressure is on. It’s hot in this room. And I think, as things stand, we might just make crypto history.

UPDATE: As of the morning of May 28, 2025 (US Eastern time) more than 55% of the validator votes have been returned, with a so far unanimous decision to make the proposed change, which means the measure will pass. Funds will be restored and trading should resume fairly quickly.