Cetus offers $6 million white hat deal to recover stolen ETH after hacker’s activity is blocked on Sui

Cetus Protocol, the Sui-based decentralized exchange that suffered a $223 million exploit earlier this week, announced that it has offered a time-sensitive settlement offer to the hacker to recover lost user funds. This bounty only concerned the stolen funds bridged to Ethereum.

"We have identified the Ethereum wallet address controlled by the hacker responsible for earlier today's exploit, and reached out to negotiate the return of customer funds," Cetus wrote in a post on X published late night Thursday. 

Earlier on Thursday, a hacker exploited a vulnerability in the protocol's liquidity pool smart contracts, draining millions of crypto assets, some of which were converted into USDC and then exchanged for ETH.

In a message to the attacker, Cetus and data analytics company Inca Digital requested the return of 20,920 ETH ($56.3 million) and the entire frozen funds on the exploiter's Sui wallets.

"In exchange, you can keep 2,324 ETH (~$6M) as a bounty, and we will consider the matter closed and will not pursue any further legal, intelligence, or public action," the message said, adding that legal actions will commence when stolen assets are moved off-ramp or mixed. 

Cetus also announced it has identified and patched the exploited vulnerability. Concurrently, Sui Network stated that the Sui Foundation and its validators have collectively acted to "ignore" transactions from addresses linked to the hacker.

"Cetus worked together with the other DeFi protocols, the Sui Foundation, and the Sui validators to collectively protect the ecosystem. A large number of validators identified the addresses with the stolen funds and are ignoring transactions on those addresses until further notice," the team at Sui stated .

Cetus clarified that $162 million worth of tokens were "paused" to protect the ecosystem."$162M of the compromised funds have been successfully paused," it announced . "The majority of impacted funds are paused and we are actively pursuing paths to recover the remainder."

As an unintended consequence, some crypto community members and analysts criticized this move and questioned Sui's decentralization.

"SUI's validators are colluding to CENSOR the hacker's TXs right now! Does that make SUI centralized? The short answer is YES; what matters more is why? The "founders" own the majority of supply there are only 114 validators," commented Justin Bons, founder of Cyber Capital.

Following the hacker’s blacklisting, Sui developers have apparently introduced a whitelist function, according to analyst 0xTodd. This feature may allow specific wallets or transactions to bypass security checks and appears to have been implemented in anticipation of the hacker returning the funds.