The bounty offer to recover stolen funds from Sui-based decentralized exchange (DEX) Cetus closely resembles a successful strategy used by a Solana project three years ago.

It turns out that Cetus shares the same development team as Crema Finance, a Solana-based DeFi project that suffered a $9-million hack in 2022 but recovered most of the funds by negotiating with its hacker. Now, Cetus is relying on the same strategy.

Cetus is asking the hacker to return all but $6 million, or 2,324 Ether (ETH), of the stolen funds in exchange for a promise not to pursue legal action. The protocol lost $223 million to an exploit on May 22.

The size of the bounty has sparked backlash from users, with many calling for a formal compensation plan instead. Several community members argue that even if funds are recovered, most of the damage has already been done — especially to holders of the CETUS token, which plummeted in value following the incident.

Meanwhile, Sui validators are also under fire for their role in freezing the funds. The move is aimed at aiding recovery, yet critics say it exposes centralization risks in the network.

CETUS immediately dropped around 35% following the hack. Source: CoinGecko

Sui’s Cetus devs have a phantom exchange on Solana

A similar negotiation strategy used by the Cetus team on Sui was successfully employed years ago to recover funds for Crema. The Solana project hasn’t posted on its X account since March 2023, and its trading platform now sees negligible volume, but it still didn’t end well for the hacker.

Crema suffered an approximately $9-million hack in 2022. Much like the Cetus case, the Crema hacker was offered a deal to return the funds while keeping $1.6 million in exchange for not reporting the attack to law enforcement.

Cetus offers a $6-million reward and exemption from further legal action from the project if the remaining funds are returned. Source: SuiVision

The hacker is believed to have been caught and sent to prison. In April 2024, the US Attorney’s Office for the Southern District of New York sentenced Shakeeb Ahmed to three years in prison for hacking two separate cryptocurrency exchanges. One was identified as Nirvana Finance, while the other was not named.

Related: Which senators invest in crypto? 11 lawmakers have blockchain-related investments

The details of the unnamed exchange’s case match Crema’s hack, including the exact date of the exploit and the terms of the agreement. 

Norbert Bodziony, founder of Nightly App, claims the Cetus team was behind Crema Finance.

Crema Finance suffered a hack in July 2022. Source: Norbert Bodziony

Bodziony declined to disclose how he learned of the relationship to Cointelegraph but added that the connection is “commonly known” in Sui’s developer circles. 

Cointelegraph reached out to Cetus to confirm the connection between the two projects, but the team had not responded by publication.

Cointelegraph has separately learned that both projects are founded by Henry Du.

Save Cetus; centralize Sui

Sui’s validators have collectively blocked transactions from the hacker’s addresses, effectively freezing $162 million of the stolen funds on Sui. Around $63 million had already been bridged to Ethereum before these controls were implemented.

Although the coordinated effort has been effective in preventing the funds from being laundered, the cryptocurrency community has criticized Sui for being too centralized.

“SUI’s validators are colluding to CENSOR the hacker’s TXs right now! Does that make SUI centralized? The short answer is YES; what matters more is why? The ‘founders’ own the majority of supply & there are only 114 validators!” Justin Bons, founder of Cyber Capital, wrote on X.

Some users challenge Bons’ claim, arguing that decentralization doesn’t mean a free-for-all. Source: Squatch/Justin Bons

As Bons pointed out, Sui has just 114 validators — far fewer than its more established smart contract peers. Ethereum has over 1 million validators, while Solana has 1,157.

Meanwhile, members of the Sui community defended the move, arguing that this is how real-world decentralized chains should function.

“Decentralization isn’t about standing by while people get hurt, it’s about the power to act together, without needing permission,” said one member of the Sui community.

Related: WLFI’s DeFi credentials under fire after Sui partnership

Following the hack, Sui developers committed code for a proposed function that would have allowed specific transactions to bypass all signing and safety checks by adding them to a whitelist. 

While the function could have been used to help recover stolen funds, it also raised concerns about centralized control and the erosion of decentralization. The code was ultimately not merged and is not live on the network.

SUI’s price has also been damaged by the Cetus exploit. Source: CoinGecko

Sui and Cetus backlash contrasts recent hacks

The Cetus exploit has spotlighted the persistent security challenges in DeFi while raising deeper questions around who holds the reins in supposedly decentralized networks like Sui.

The team’s $6-million offer to the hacker mirrors the playbook it used with Crema — but this time, the crypto community isn’t as forgiving. With CETUS tanking, trust fractured and validators freezing funds, critics are asking whether Sui’s decentralization is more appearance than reality.

The debate over decentralization isn’t unique to Sui. When Bybit lost $1.4 billion in a February hack linked to North Korean state actors, security experts and users urged platforms like THORChain and eXch to block the funds. 

In that case, THORChain received some backlash for not stepping in, which is the exact opposite of what Sui is being criticized for now.

As of now, the hacker hasn’t accepted Cetus’ offer. Two Ethereum wallets tied to the exploiter still hold over $60 million in ETH, with no movement at the time of writing. The Sui addresses remain paralyzed.

Magazine: TradFi is building Ethereum L2s to tokenize trillions in RWAs: Inside story