Sui Network Releases Whitelist Feature To Facilitate Recovery Of Frozen Funds Following $220M Cetus Hack


In Brief
Sui Network introduced a whitelist feature and restore module as part of its fund-freezing measures following Cetus hack, enabling selected transactions to bypass restrictions and facilitating potential recovery of stolen funds.

Sui Network implemented an update introducing a whitelist feature as part of its fund freezing measures, following a recent Cetus decentralized exchange (DEX) hack, resulting in the loss of over $220 million in cryptocurrency.
This feature permits transactions included in the whitelist to bypass all security checks. In addition, Sui has deployed a restore module with system-level privileges and added the corresponding upgraded transaction to the whitelist, potentially preparing for the future return of stolen funds to liquidity providers.
Particularly, if fund recovery or return becomes necessary, officials can pre-construct a designated “rescue transaction” and add it to the whitelist, allowing it to bypass blacklist restrictions and execute in one step. However, the whitelist itself does not grant the ability to directly seize hacker funds–it merely allows transactions to bypass blacklist barriers.
The update cannot sign the hacker’s private key or invoke privileged Move functions but only controls blocking or releasing funds. To actually move the funds, either possession of the hacker’s private key is required or activation of the restore module with system-level privileges along with the upgraded transaction being added to the whitelist.
As part of the fund freezing measures, Sui however, initially used a blacklist function, followed later by the addition of a whitelist patch. The Sui blockchain has long maintained a feature known as the Deny List, which acts as a denial-of-service blacklist. Addresses placed on this blacklist have their associated transactions blocked by nodes. This existing functionality enabled the fast freezing of the hacker’s address during the recent incident.
According to @0xTodd user, without this feature, even with only 113 nodes, coordinating individually would have caused delays. Sui has not suddenly become a centralized network–it has operated this way at least since the blacklist feature was introduced, he highlighted in a post on social media platform X.
As, the blacklist was officially released first, and while nodes theoretically have the option to follow it or not, it is generally enforced automatically by default.
The implementation of the freezing strategy involving the whitelist function has sparked criticism among decentralization advocates, who argue that the ability to override transactions contradicts the principles of a decentralized permissionless network.
“Sui Central froze some of the money stolen by the hacker, but it cannot be withdrawn for the time being (because it involves underlying level modifications). So now we are paving the way to get this money back, but at the cost of SUI becoming more centralized,” noted the researcher @tmel0211.
Sui Network And Cetus Freeze $160M Stolen In Hack, Offering $6M Bounty To Attacker
Following the security breach at Cetus, the Sui Network stated that its validator network coordinated efforts to freeze the hacker’s address and successfully recovered $160 million. After the attack, some of the stolen USDC and other assets were quickly moved to other blockchains, including Ethereum, via the cross-chain bridge. These assets are now beyond recovery. However, a portion of the stolen funds remains on addresses within the Sui network controlled by the attacker. These remaining funds are the focus of the freezing efforts. The official statement noted that many validators have identified the addresses associated with the stolen funds and are actively ignoring transactions involving those addresses.
Meanwhile, Cetus has announced a white hat bounty of up to $6 million, offering this reward to the exploiter for the return of 20,920 ETH, valued at over $55 million, as well as the remaining stolen funds currently held on the Sui. If the assets are returned, the exploiter may keep 2,324 ETH as a bounty and the matter will be considered resolved with no further legal, intelligence, or public actions pursued.
Disclaimer
In line with the Trust Project guidelines, please note that the information provided on this page is not intended to be and should not be interpreted as legal, tax, investment, financial, or any other form of advice. It is important to only invest what you can afford to lose and to seek independent financial advice if you have any doubts. For further information, we suggest referring to the terms and conditions as well as the help and support pages provided by the issuer or advertiser. MetaversePost is committed to accurate, unbiased reporting, but market conditions are subject to change without notice.
About The Author
Alisa, a dedicated journalist at the MPost, specializes in cryptocurrency, zero-knowledge proofs, investments, and the expansive realm of Web3. With a keen eye for emerging trends and technologies, she delivers comprehensive coverage to inform and engage readers in the ever-evolving landscape of digital finance.
More articles

Alisa, a dedicated journalist at the MPost, specializes in cryptocurrency, zero-knowledge proofs, investments, and the expansive realm of Web3. With a keen eye for emerging trends and technologies, she delivers comprehensive coverage to inform and engage readers in the ever-evolving landscape of digital finance.