- Approximately $500,000 worth of Sui tokens was drained from BlueMove DEX’s locked liquidity pools over the weekend, sparking insider-job speculation.
- Quantum Void Labs founder Tyler Simpson claims the platform “shipped the backdoor themselves” via a May 31 package upgrade, calling it a “delayed rug pull.”
- BlueMove attributes the exploit to a long-standing arithmetic overflow bug in its legacy AMM contract and says the burned UpgradeCap prevents on-chain patches.
- BlueMove offered the Hacker a 30% white hat bounty and pledged to compensate affected users if funds are not returned within 48 hours.
Over the weekend, approximately $500,000 worth of SUI tokens was drained from BlueMove DEX‘s locked liquidity pools, leading users to suspect an inside job. Quantum Void Labs founder Tyler Simpson shared screenshots showing over 700,000 SUI tokens being drained from BlueMove’s locked pools.
Simpson initially accused the platform of draining its own pools, calling it a “crime,” but later noted the firm was exploited. The next day, he claimed BlueMove “shipped the backdoor themselves” after implementing a package on May 31 that added immutable functions like “add_liquidity_returns” and “double-mint LP inflation.”
BlueMove disagrees, claiming an attacker exploited “a long-standing arithmetic overflow bug in BlueMove’s legacy AMM contract to drain liquidity from 389 pools.” The bug has been visible since at least 2023, and an upgrade that overlooked the bug made further patches impossible because the UpgradeCap was burned on June 3.
BlueMove also sent an on-chain message to the hacker, offering a 30% white hat bounty — roughly $150,000 — and demanding 70% returned within 48 hours. The platform stated it will compensate all affected users and shut down if the funds are not returned. Operations remain suspended as the investigation continues.
✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.
