Sui Community Approves $162M Repayment Plan for Victims

On June 15, 2024, validators on the Sui blockchain network voted to unlock and return $162 million in frozen assets to users affected by the Cetus exploit. The decision follows an in-depth governance proposal and marks a significant milestone in decentralized finance (DeFi) remediation efforts.
Background: The Cetus Exploit
In late April 2024, attackers exploited a pricing oracle vulnerability in the Cetus automated market maker (AMM) module deployed on Sui. Through a series of flash loan transactions and manipulated swap rates, the hacker drained approximately:
- 124 million USDC
- 38 million SUI tokens
- Various liquidity pool tokens valued at $162 million
The incident prompted an immediate network-wide circuit break, freezing affected addresses and assets at block height 3,514,728.
Governance Process and Voting Mechanics
The Sui Foundation and major validator stakers worked together to draft Proposal SUI-042, outlining a structured repayment and restart plan. Key technical points included:
- Asset Verification & Snapshots: Validators agreed on a consensus snapshot of user balances at the time of exploit. This data was cryptographically verified using Sui’s native Move VM state proofs.
- Fee Allocation: A small protocol fee (0.5%) was proposed to cover on-chain gas costs and multisig administrative overhead.
- Phased Distribution: To mitigate network congestion, repayments will occur in three tranches over a four-week period.
“By leveraging Sui’s parallel execution architecture, we can process millions of state updates per block, ensuring a fast and secure repayment rollout,” said Evan Cheng, Chief Technologist at the Sui Foundation.
Technical Specifications of the Repayment Module
The repayment mechanism has been implemented as a Move smart contract extension, featuring:
- Role-based Access Control: Only multisig validator authorities can trigger each tranche.
- Atomic Distribution: Batched transfers reduce gas consumption by 30% compared to individual calls.
- On-chain Auditing: All state transitions are logged in a dedicated
RepaymentEvent
struct for real-time monitoring.
Additional Analysis
1. Impact on Sui’s Network Health
Validators reported a 25% uptick in node participation following the proposal’s announcement, indicating growing community confidence. Moreover, average transaction confirmation times have stabilized at 0.6 seconds, thanks to parallel block processing.
2. Broader DeFi Security Implications
The Cetus event highlights persistent oracle risks in AMM designs. Security firms such as CertiK and ChainSecurity recommend:
- Implementing time-weighted average price (TWAP) oracles.
- Incorporating slippage limits and circuit breakers at the protocol level.
- Regular third-party audits of custom Move modules.
3. Governance Lessons and Best Practices
Experts emphasize that transparent, on-chain governance processes can restore user trust after large-scale incidents. Key takeaways include:
- Rapid snapshot generation to prevent dispute over affected addresses.
- Clear communication channels—Sui’s Discord and X (formerly Twitter) channels provided real-time updates.
- Phased repayment strategies to avoid network overload.
Expert Opinions
“Sui’s swift and coordinated response sets a new standard for post-exploit recovery in DeFi,” noted Laura Shin, blockchain security researcher. “The combination of Move’s formal verification capabilities and Sui’s parallel VM gives on-chain governance an edge over legacy architectures.”
Next Steps and Timeline
The first tranche of repayments is scheduled for June 22, 2024, followed by two further distributions on July 1 and July 15. Users can track repayment status via the Sui Explorer Repayment Dashboard and verify their claims using the public Merkle tree root published on the Sui GitHub repository.
Stay tuned for live updates as Sui executes this landmark recovery plan.