Sui Validators: A Billion-Dollar Liability
Sui and its developer Mysten Labs market the network as "building critical infrastructure to enable a more decentralized internet." Our research shows something very different: Sui’s validators are a systemic security liability, exposing billions in assets to avoidable risks.
Key Findings
A scan of the full Sui validator set uncovered:
- Open SSH ports across core validators
- Critical CVEs left unpatched (~28% of validators)
- Default Apache landing pages exposed (some with CVEs)
- Docker port 2375 open on ~99% of validators, often without firewall protection
In total, nearly 40% of Sui validator voting power is exposed through basic misconfigurations and poor security hygiene.
Why It Matters
In proof-of-stake consensus, it doesn’t take a 51% attack to halt a network. At ~33% offline, consensus stalls — freezing the chain and billions in assets.
With ~40% of voting power vulnerable, Sui is dangerously close to a real-world failure scenario.
The Response So Far
PGDN.ai pursued responsible disclosure with Sui’s security team. Instead of addressing the findings, the issues were repeatedly dismissed as "bug bounty" material — even when fingerprinting revealed specific OS versions and exposed services.
This isn’t about "bugs." It’s about systemic operational failures across validator infrastructure.
Full Research
- Overview Blog: Sui Validators: A Billion-Dollar Liability
- Technical Report: Sui Validator Exposure Report (GitHub)
PGDN.ai conducts independent research into decentralized infrastructure security. Our mission: expose systemic risks before they cascade into systemic failures.
Related Posts
Sui Validator Security Benchmark — September 2025
PGDN’s September 2025 benchmark provides a consolidated security snapshot of all Sui validators. Scores ranged from 15 to 93, with a median of 45, and 18.5% meeting our good practice threshold. This dataset, heatmap, and Discord bot give validators tools to improve, while offering delegators transparency when choosing staking providers.
PGDN Sentinel: Bringing External Security Scores to Discord
PGDN Sentinel is a lightweight Discord bot for Sui validators that checks your node’s external security posture and benchmarks it against the network. Instantly see what attackers can see - open ports, CVEs, misconfigurations - and unlock deeper insights by proving node ownership. Simple, private, and right where operators already work: inside Discord.
Validator Slashing Incidents Are a Warning. Sui Could Be Next.
Recent Ethereum validator slashings showed how fragile infra can be. Our scan of Sui uncovered something worse: nearly 40% of validator voting power exposed.