David Edwards
In a dramatic escalation following a major security breach, Sui-native decentralized exchange (DEX) Cetus has issued a $6 million white hat bounty in an attempt to recover over $220 million in stolen digital assets. The May 22 hack, one of the biggest in 2025, sparked a discussion about blockchain governance and decentralization across the sector.
Although $220 million worth of bitcoin was taken, Cetus stated that it was able to freeze about $162 million of those assets soon after the exploit. Since then, the platform has offered the attacker a bounty of 2,324 Ether (ETH), or about $6 million, provided that the 20,920 ETH that were taken, which are worth more than $55 million, as well as other money, be returned.
“In exchange, you can keep 2,324 ETH as a bounty, and we will consider the matter closed,” Cetus stated in a blockchain-embedded message on May 22. The platform warned that it would “escalate with full legal and intelligence resources” should the assets be laundered through mixers or off-ramped without return.
This action demonstrates how white hat bounties, which pay ethical hackers to reveal vulnerabilities in order to stop harmful attacks, are becoming more and more common in the DeFi industry.
The attack coincides with a larger increase in security incidents involving cryptocurrency. According to data from cybersecurity company Immunefi, 15 instances in April alone resulted in the theft of $90 million, more than tripling the $41 million that was taken in March.
The Sui Network’s response mechanisms are also brought to light by the Cetus exploit. According to GitHub logs, Sui developers thought about adding an emergency whitelist feature—code that would enable specific transactions to get over standard verification procedures in order to retrieve frozen assets.
Critics contend that this goes against the fundamental principles of decentralization. According to Chaofan Shou, a software developer at Solayer Labs, “it seems the Sui team requested that validators use patched code in order to recover the hacker’s $160 million through an unsigned transaction.” Sui validators allegedly refused to use this strategy, instead blocking transactions associated with the pilfered assets.
A philosophical discussion has been sparked by the incident in the blockchain community. Some regard the proactive approach taken by the Sui Network as a violation of decentralization, while others see it as a necessary step in the direction of responsible administration.
“This is what real-world decentralization looks like,” commented a pseudonymous blockchain investigator, Matteo. “It’s not about being powerless; it’s about acting collectively, without requiring centralized permission.”
The conflict between security and decentralization is still influencing how blockchain ecosystems are developing as the industry struggles with the fallout from this well-publicized hack.
