Around $500,000 worth of SUI tokens were drained from BlueMove DEX's locked liquidity pools over the weekend, sparking suspicions of an inside job. The incident involved over 700,000 SUI tokens being removed from pools provided by the decentralized exchange.
Suspicions of an inside job
Tyler Simpson, founder of Quantum Void Labs, shared screenshots on Saturday showing the drain. He initially accused BlueMove of draining its own pools, calling it a "crime," but later acknowledged the platform was exploited. The next day, Simpson claimed BlueMove had "shipped the backdoor themselves" after implementing a package on May 31 that added immutable functions like "add_liquidity_returns" and "double-mint LP inflation." Over 40 days later, the exploit began, leading Simpson to describe the event as a "delayed rug pull."
BlueMove's response
BlueMove disputes this, stating on its website that an attacker exploited "a long-standing arithmetic overflow bug in BlueMove's legacy AMM contract to drain liquidity from 389 pools." The bug had been visible since at least 2023, and an upgrade that overlooked it prevented further patches. BlueMove explained that because the UpgradeCap was burned on June 3, it has no on-chain path to patch the vulnerable v1 package. A fix would require an independent admin or freeze capability, or a full migration to a new audited package.
Compensation and recovery efforts
BlueMove sent a message to a crypto address offering a white hat bounty: keep 30% (about $150,000) and return 70% within 48 hours. It stated, "If returned, we will consider the matter resolved. Otherwise, we will pursue all available legal and recovery actions." BlueMove also pledged to compensate all affected users if the hacker does not respond, adding that the project will shut down going forward. Operations remain suspended as investigations continue. A SUI Network spokesperson declined to comment when asked by Protos.