Validators on the Sui blockchain recently stopped transactions from hacker-controlled addresses. They did this by filtering out these transactions at the mempool level before adding them to any blocks.
This was made achievable through Sui’s implementation using the Move programming language, which allows validators to control what transactions they verify and include. This operation created a “soft freeze” for the stolen assets and prevented the hacker from utilizing funds still in the Sui network.
Following the hack at CetusProtocol, the assailant transferred part of the stolen funds off-chain via bridges to Ethereum and other chains. Those funds are lost forever. However, the rest stayed within Sui-based wallets.
Sui’s Denylist Is a decentralization test
That is where validators intervened. They recognized those wallets and declined to process any form of transaction from them. The hacker could not shift funds because any legitimate transfer still required a validator to add it to a block.
This is a tough call. Can a chain that prevents a user from moving funds still say it is decentralized? Most don’t think so. Sui appears to have a denylist built directly into its protocol. This list prevents transfers from specified addresses if validators obey it.
The setup exists in a straightforward file that may be altered by any validator. Real life is more complicated than this. Adjustments to this file typically occur with coordination from the Sui Foundation. In the event of emergencies such as the recent hack, this denylist served as a fast means to respond.
The Tradeoffs behind blockchain security
That move recovered $160 million. But it also indicated the extent to which a handful of parties are in charge. When the majority of validators obey the same directive instantly, power gets concentrated. That centralization can assist in the attacks but also presents dangers. What if subsequent frozen funds decisions are not so straightforward?
Sui claims it will repay frozen funds. But if the funds can’t travel, then how will they do so? Perhaps Sui possesses tools that enable it to redirect the ownership of assets, a capability well beyond validator screening. The event serves to remind users that blockchain design is all about tradeoffs.
Fastness may pay the price in terms of decentralization. Sui chains need to navigate security versus censorship resistance. User choice will need to resolve this dilemma until the tradeoff still aligns with the expectations users have from a decentralized network.
