News linked to both this project and an event.
Sui Chinese Official released a post-mortem of the mainnet outage, stating that on May 28 (Thursday) and May 29 (Friday), 2026, Pacific Time (UTC-7), the Sui mainnet experienced three network failures. The first two failures stemmed from a crash vulnerability caused by the interaction between the Gas charging logic and the recently released version 1.72 (which introduced the Address Balances feature). The fix for Thursday's incident was a temporary measure aimed at restoring network operations as quickly as possible while the Sui core team developed a long-term solution. The team was aware that this temporary fix had an extremely low probability of causing network failure but accepted this risk to expedite mainnet recovery. On Friday morning, another variant of this known issue was triggered, leading to another failure.The third failure occurred during the routine Epoch transition on Friday afternoon. When validators restarted nodes to deploy Friday morning's fix, a long-dormant defect in the Randomness State preservation was triggered, causing another network failure.Failure timeline: First: Started Thursday around 7:00 PT, recovered at 13:30 PT; Second: Started Friday around 5:00 PT, recovered at 8:30 PT; Third: Started Friday around 13:30 PT, recovered at 19:20 PT;Throughout the entire incident, user funds remained secure, and no confirmed transactions were reverted after network recovery.Currently, validators have fully fixed the original Gas Charging and Randomness State vulnerabilities, and network activity has returned to normal.
According to The Block, the Sui Foundation released an incident report on May 31, disclosing three consecutive outages on its mainnet from May 29 to 30—each traced back to two independent bugs introduced in the v1.72 upgrade. The first two outages were caused by a gas fee calculation error stemming from the newly launched “address balance” feature: funds were deducted even when transactions were canceled, resulting in negative account balances and subsequent validator node crashes. The third outage was triggered by a latent vulnerability in the random number generator during node restarts, preventing the network’s epoch from closing normally. The Sui Foundation stated that all known issues have now been resolved; user funds remained unaffected throughout the incidents, and no settled transactions were rolled back. The Foundation plans to further enhance its fault-tolerance mechanisms to ensure future similar bugs impact only individual transactions—not the entire network.
Sui officially announced a network outage on its mainnet due to a vulnerability in the Gas billing logic of version 1.72, temporarily halting all transactions and on-chain activities. The Sui Core team has now completed emergency response, and the mainnet has resumed normal operations. The official statement indicated that a comprehensive post-mortem report will be released subsequently, detailing the cause of the incident and the fix.
Sui announced that Sui Mainnet operations, which were suspended due to a crash vulnerability in the gas billing logic introduced in version 1.72, have now resumed. Sui stated that a full post-mortem of this incident will be published in the coming days.
According to on-chain analyst PeckShield (@PeckShieldAlert), SlowMist’s threat intelligence system MistEye has detected a cross-registry supply chain attack targeting developers. Malicious packages have spread across three major registries—npm, PyPI, and Crates.io—comprising over 34 malicious packages and more than 384 related versions. The attack targets developer communities in cryptocurrency, DeFi, Solana, Sui/Move, and AI. It may lead to the theft of cryptocurrency wallets, SSH keys, cloud credentials, GitHub/AWS tokens, browser data, and other sensitive developer information. Some malicious payloads also attempt persistence via mechanisms including `.cursorrules`, `CLAUDE.md`, Git hooks, cron, systemd, and SSH. SlowMist recommends immediately removing affected packages, isolating compromised systems, rotating exposed credentials, rebuilding CI environments and developer machines from clean images, and conducting comprehensive reviews of GitHub, cloud, SSH, and wallet-related activities.
According to research by security firm Socket Security, a cryptocurrency-stealing supply chain attack dubbed “TrapDoor” spans npm, PyPI, and Crates.io, involving over 34 malicious packages and 384 related versions and artifacts. The attack targets cryptocurrency, DeFi, Solana, Sui, Move, and AI developers. Attack samples can steal sensitive information including SSH keys, wallet data, AWS credentials, GitHub tokens, browser data, and environment variables. Specifically, npm packages execute the shared payload `trap-core.js` via the `postinstall` hook; PyPI packages execute remote JavaScript upon import; and Crates.io packages steal local keystores via `build.rs`. Socket has flagged all related packages as malicious and reported them to the respective package registries.
According to an official disclosure by Aftermath Finance, the protocol expects to complete full compensation to users within the next 48–72 hours. The team is currently working at full capacity to return funds and expresses its gratitude for users’ patience. Earlier reports indicated that the perpetual contract protocol Aftermath Finance was exploited via a vulnerability yesterday, resulting in losses of approximately $1.14 million. The Sui Foundation, in collaboration with Mysten Labs, stated it will actively assist Aftermath Finance in recovering user funds and is committed to ensuring the continued operation of the Aftermath protocol.
According to an official announcement by Sui, Aftermath Finance’s perpetual contract protocol deployed on the Sui network was exploited due to a vulnerability, and the affected protocol has been immediately suspended. The Sui Foundation, in collaboration with Mysten Labs, stated that it will actively assist Aftermath Finance in recovering user funds and is committed to ensuring the continued operation of the Aftermath protocol. Aftermath Finance will provide further updates on the fund recovery progress in the near future.
according to Blockaid monitoring, an ongoing attack has occurred on Aftermath Finance's perpetual contract protocol on the Sui Network, with approximately $1.1 million worth of USDC stolen across 11 transactions within about 36 minutes. Analysis indicates the vulnerability stems from a fee accounting flaw in the perpetual contract liquidation system, which the attacker exploited to artificially inflate synthetic collateral and drain funds from the protocol's treasury.
According to on-chain security firm Blockaid (@blockaid_), AftermathFi’s perpetual contract on Sui Network was exploited via a vulnerability on April 29. The attacker (address: 0x1a65...2d41e) stole approximately $1.1 million in USDC across 11 transactions within roughly 36 minutes. The attack exploited a flaw in the perpetual contract liquidation fee calculation, enabling illicit withdrawals from the protocol’s treasury via synthetic collateral inflation.
Scallop, a lending protocol in the Sui ecosystem, announced on X that a vulnerability was discovered in a subsidiary contract related to Scallop’s sSUI reward pool, resulting in the loss of approximately 150,000 SUI. The affected contract has been frozen. Scallop stated that its core contracts remain secure and only the sSUI reward pool is impacted; all other reward pools are unaffected and secure. Scallop will fully cover 100% of the losses and will release further updates as soon as possible.
According to an official announcement by Volo, a security vulnerability occurred today on the Sui network involving Volo—a BTCFi and LST protocol—resulting in the theft of approximately $3.5 million in assets (including WBTC, XAUm, and USDC) from three specific vaults. Immediately after the incident, the team notified the Sui Foundation and ecosystem partners and froze all vaults to prevent further losses. Volo stated that the vulnerability affected only these three vaults; the remaining vaults are not exposed to the same attack vector, and the other ~$28 million in TVL remains secure. The official announcement emphasized that Volo will bear the loss entirely and will not pass it on to users. A comprehensive post-mortem report and remediation plan will be released upon completion of the investigation.