Answer Box: Over 700,000 SUI tokens worth about $500,000 were drained from BlueMove DEX, a decentralized exchange on the Sui network, sparking allegations of insider involvement and a backdoor. The incident, which occurred last week, has led to a war of words between BlueMove and critics, with the platform blaming an old arithmetic overflow bug while others point to a delayed rug pull.
The Dispute Over the Attack Vector
On Saturday, Tyler Simpson, founder of Quantum Void Labs, posted on-chain evidence showing more than 700,000 SUI tokens flowing out of BlueMove's locked liquidity pools. Initially, Simpson suggested BlueMove itself might have removed the funds, but he later revised his position, acknowledging the platform may have been exploited. The next day, Simpson claimed that a package BlueMove deployed on May 31 contained an immutable function called `add_liquidity_returns` and a double-mint LP inflation structure, which he argued laid the groundwork for the exploit over 40 days later. He described the event as a "delayed rug pull."
BlueMove, however, strongly rejected that narrative. In a statement on its website, the team attributed the incident to an "old arithmetic overflow bug" in its legacy AMM contracts, which had been exposed since at least 2023. The company explained that the bug was overlooked during upgrades, making it difficult to patch afterward. Crucially, BlueMove noted that the UpgradeCap — the key to modifying the smart contract — was burned on June 3, leaving no on-chain way to fix or disable the vulnerable v1 package.
Whitehat Offer and Fund Recovery Efforts
BlueMove sent an on-chain message to the alleged hacker, offering a whitehat reward: return 70% of the stolen funds (approximately $280,000) within 48 hours, and keep 30% as a bounty. The platform warned that if the hacker did not respond, it would pursue legal action and fund recovery measures. BlueMove also promised to fully compensate affected users if the funds were not returned, though it said it would then shut down operations. The BlueMove DEX service has been suspended pending further investigation.
The Sui network declined to comment when contacted by Protos. The incident has raised questions about the security of DeFi protocols on Sui and the challenges of post-exploit governance when upgrade keys are permanently disabled. While the exact cause remains disputed, the event has already dented confidence in the Sui ecosystem.