- Topic
15k Popularity
24k Popularity
108k Popularity
2k Popularity
19k Popularity
- Pin
- 🚀 ETH jumped to $4,600 this morning, up 8.69% in 24h!
Just shy of the $4,891 ATH—think it breaks through?
📍 Follow Gate_Square, vote and drop your reason.
🎁 4 winners split $100 Futures Voucher! - 📢 Exclusive on Gate Square — #PROVE Creative Contest# is Now Live!
CandyDrop × Succinct (PROVE) — Trade to share 200,000 PROVE 👉 https://www.gate.com/announcements/article/46469
Futures Lucky Draw Challenge: Guaranteed 1 PROVE Airdrop per User 👉 https://www.gate.com/announcements/article/46491
🎁 Endless creativity · Rewards keep coming — Post to share 300 PROVE!
📅 Event PeriodAugust 12, 2025, 04:00 – August 17, 2025, 16:00 UTC
📌 How to Participate
1.Publish original content on Gate Square related to PROVE or the above activities (minimum 100 words; any format: analysis, tutorial, creativ - 💙 Gate Square #Gate Blue Challenge# 💙
Show your limitless creativity with Gate Blue!
📅 Event Period
August 11 – 20, 2025
🎯 How to Participate
1. Post your original creation (image / video / hand-drawn art / digital work, etc.) on Gate Square, incorporating Gate’s brand blue or the Gate logo.
2. Include the hashtag #Gate Blue Challenge# in your post title or content.
3. Add a short blessing or message for Gate in your content (e.g., “Wishing Gate Exchange continued success — may the blue shine forever!”).
4. Submissions must be original and comply with community guidelines. Plagiarism or re - 🎉 The #CandyDrop Futures Challenge# is live — join now to share a 6 BTC prize pool!
📢 Post your futures trading experience on Gate Square with the event hashtag — $25 × 20 rewards are waiting!
🎁 $500 in futures trial vouchers up for grabs — 20 standout posts will win!
📅 Event Period: August 1, 2025, 15:00 – August 15, 2025, 19:00 (UTC+8)
👉 Event Link: https://www.gate.com/candy-drop/detail/BTC-98
Dare to trade. Dare to win.
The Sui incident has sparked a debate on faith in the Blockchain industry: what is the bottom line of Decentralization?
The Debate of Belief in the Blockchain Industry: Reflections Triggered by the Sui Incident
Preface
Recent events mark a victory for capital rather than a victory for users, which is indeed a setback for the development of the industry.
The development direction of Bitcoin is completely different from that of Sui. Whenever there is a move in the industry that shakes decentralization, it triggers people's stronger belief in Bitcoin.
The world not only needs a better set of global financial infrastructure, but also needs to always reserve space for freedom for a portion of people.
In the past, consortium blockchains were once more popular than public blockchains because they met the regulatory needs of the time. The decline of consortium blockchains today also means that merely complying with regulatory demands does not satisfy the real needs of users. If there are no users who are subject to regulation, what is the need for regulatory tools?
1. Background of the Event
On May 22, 2025, the largest decentralized exchange (DEX) in a certain public blockchain ecosystem suffered a hacker attack, resulting in a sharp decrease in liquidity, multiple trading pairs collapsing in price, and losses exceeding $220 million.
The timeline of events is as follows:
2. Attack Principle
Overview of the attack process:
The attacker used flash loans to borrow a large amount of tokens, causing the trading pool price to plummet by 99.90%.
The attacker creates extremely narrow liquidity positions on the DEX, amplifying subsequent calculation errors.
The function used by the DEX to calculate the required token amount has an integer overflow vulnerability. An attacker claims to add a large amount of liquidity but actually only contributes 1 token.
Due to an error in the overflow detection condition, the contract experienced a high bit truncation during the left shift calculation, severely underestimating the required token quantity.
The attacker exchanged a massive amount of liquidity at a very low cost.
From a technical perspective, the vulnerability arises from the DEX using incorrect masks and judgment conditions in the smart contracts, allowing certain values to bypass detection. After the left shift operation, high-order data is truncated, and the system only receives a minimal amount of tokens but believes it has obtained significant liquidity.
3. Freezing Mechanism
The public chain has a special denial list mechanism internally, which has implemented the freezing of funds from this hack. In addition, its token standard also has a "regulated token" model, which comes with a built-in freezing function.
Emergency freezing utilizes this feature: validator nodes quickly add addresses related to stolen funds in their local configuration files. In theory, each node operator can modify the configuration to update the blacklist on their own, but to ensure network consistency, the foundation, as the original configuration publisher, has conducted centralized coordination.
The foundation first released a configuration update containing the hacker's address, and validators synchronized with the default configuration, temporarily "sealing" the hacker's funds on the chain. Behind this, there are actually high levels of centralization factors.
To rescue victims from frozen funds, the project team has launched a whitelist mechanism patch. This allows specific transactions to be pre-added to the "exemption list", enabling these transactions to bypass all security checks, including signatures, permissions, blacklists, etc.
It should be noted that the whitelist patch does not directly seize assets from hackers; it merely grants certain transactions the ability to bypass freezes, while the actual asset transfer still requires a legitimate signature or an additional system permission module to be completed.
Mainstream freezing solutions in the industry often occur at the token contract level and are controlled by multi-signatures from the issuer. For example, a certain stablecoin's contract has a built-in blacklist function, allowing the issuing company to freeze non-compliant addresses. This solution requires multi-signature to initiate a freeze request on-chain, which may lead to execution delays.
In comparison, the freezing in this event occurred at the underlying protocol level, operated collectively by validator nodes, with execution speeds far surpassing ordinary contract calls. Under this model, achieving fast execution means that the management of these validator nodes themselves is highly unified.
4. The Principle of "Transfer-Based Recycling" Implementation
What is even more surprising is that this public chain not only froze the hacker's assets but also plans to "transfer and recover" the stolen funds through an on-chain upgrade.
On May 27, DEX proposed a community voting plan, requesting an upgrade to the protocol to send the frozen funds to a multi-signature custody wallet. The foundation then initiated an on-chain governance vote.
On May 29, the voting results were announced, with approximately 90.9% of the weighted validators supporting the proposal. The official announcement stated that once the proposal is approved, "all funds frozen in the two hacker accounts will be retrieved into a multi-signature wallet without the need for hacker signatures."
According to the official GitHub PR, the protocol has introduced an address aliasing mechanism. The upgrade includes: pre-specifying alias rules in the configuration, allowing certain permitted transactions to regard legitimate signatures as being sent from hacker accounts.
Specifically, the list of rescue transaction hashes to be executed is bound to the target address (i.e., the hacker address), and any executor who signs and publishes these fixed transaction summaries is considered to have initiated the transaction as a valid owner of the hacker address. For these specific transactions, the validator node system will bypass the denial list check.
From the code level, a new judgment has been added to the transaction validation logic: when a transaction is intercepted by the blacklist, the system traverses its signers to check if they meet the alias rules. As long as there is a signer that meets the alias rules, this transaction is marked as allowed to pass, ignoring the previous interception error and continuing normal packing execution.
5. Opinion
$160 million, tearing apart the deepest underlying beliefs of the industry.
This incident may soon calm down, but the model it adopted will not be forgotten, as it subverted the foundation of the industry and broke the traditional consensus of immutability of the Blockchain under the same ledger.
In blockchain design, contracts are law, and code is the referee. However, in this incident, the code failed, governance intervened, and power superseded, forming a model of "voting behavior adjudicating code results."
The practice of directly appropriating transactions this time differs significantly from the way mainstream blockchains handle hacker issues.
This is not the first time "manipulating consensus", but it is the quietest one.
Historically:
In 2016, a certain public Blockchain rolled back transactions through a hard fork to compensate for losses due to The DAO incident, but this decision led to a chain split, and the process was highly controversial, ultimately resulting in different groups forming different consensus beliefs.
The Bitcoin community also faced similar technical challenges: the value overflow bug in 2010 was urgently patched by developers and the consensus rules were upgraded, completely erasing about 18.4 billion illegally generated Bitcoins.
These all adopt a hard fork model, rolling the ledger back to before the issue occurred, allowing users to decide which ledger system to continue using.
In contrast, this event did not choose to split the blockchain, but instead precisely targeted this event through a protocol upgrade and configuration aliasing. This approach maintained the continuity of the chain and most consensus rules unchanged, while also indicating that the underlying protocol can be used to implement targeted "rescue actions."
The problem is that historically, "fork rollback" allowed users to choose their beliefs; whereas this time, the "protocol correction" has made the decision for the users.
"Not your key, not your coin" may no longer apply.
In the long run, this means that the concept of "not your keys, not your coins" is being undermined on this blockchain: even if users have their private keys intact, the network can still prevent asset movement and redirect assets through collective protocol changes.
If this becomes a precedent for how the future Blockchain responds to major security incidents, and is even considered a convention that can be adhered to again, then "when a chain can break the rules for justice, it also has a precedent for breaking any rules."
Once there is a successful "public welfare money grab," the next time it may be an operation in the "moral gray area."
potential issues
If hackers really stole the users' money, can a group vote take away his money?
Is the voting based on who has more money (PoS) or who has more people? If the one with more money wins, then the scenes depicted in certain sci-fi works may come true soon; if the one with more people wins, then the clamor of the crowd will also rise.
Under traditional systems, it is normal for illegal gains to be unprotected, and freezing and transferring are routine operations of traditional banks. But isn't the inability to do this from a technical theory perspective the root of the development of the Blockchain industry?
The pressure for industry compliance is continuously increasing. Today, accounts can be frozen or balance modified due to hackers; will tomorrow allow for arbitrary changes due to geopolitical or conflicting factors? If the blockchain becomes a regionally limited tool, the value of the industry will be greatly compressed, at best becoming just another less functional financial system.
This is also the reason for the firm development of the industry: "Blockchain is valuable not because it cannot be frozen, but because even if you hate it, it does not change for you."
With the trend of regulation, can the blockchain preserve its own soul?
In the past, consortium chains were more popular than public chains because they met the regulatory needs of the time. The decline of consortium chains today also means that simply complying with this demand does not satisfy the real needs of users. Without users subject to regulation, what need is there for regulatory tools?
From the perspective of industry development, is "efficient centralization" a necessary stage in the development of Blockchain? If the ultimate goal of decentralization is to safeguard user interests, can we tolerate centralization as a transitional means?
The term "democracy" in the context of on-chain governance is actually token weighted. So, if a hacker holds a large amount of tokens (or one day the DAO gets hacked and the hacker controls the voting power), can they also "legally vote to clear their name"?
Ultimately, the value of the Blockchain lies not in whether it can be frozen, but in the choice not to do so even when the group has the ability to freeze it.
The future of a chain is determined not by its technical architecture, but by the set of beliefs it chooses to uphold.