Sui Validator Network Exposed: Nearly 40% at Risk
Sui Validator Network Exposed: Nearly 40% at Risk
In August 2025, PGDN conducted an external scan of the Sui validator network.
The findings were systemic: 39.6% of Sui's validator voting power was externally exposed through SSH, CVEs, and misconfigurations. With consensus halting at ~33.3% offline, the margin for failure was dangerously thin.
Key Findings
- 39.6% voting power exposed via SSH and/or CVEs
- 28% of validators running services with known CVEs
- ~99% responding on port 2375/tcp (Docker-TCP), unexplained by Mysten Labs
- Default Apache landing pages exposed, some with critical CVEs — misidentified as RPC endpoints
- Version fingerprinting leaks exact Ubuntu/OpenSSH builds, allowing attackers to strike as soon as a new CVE is published
A simulated attack scenario demonstrated that coordinated exploitation could cause a total network blackout.
Mysten Labs' Response
- Aug 18: Formal disclosure sent
- Aug 21: Dataset shared privately on GitHub
- Aug 22: Mysten Labs called the issues "hygiene, not vulnerabilities"
- Aug 26: Mystem Labs stated they only manage two validators and would "pass along general messages"
Their two validators were patched, but no remediation plan or baseline security guidance was offered for independent operators. They ignored my request for a contact to help drive validator security.
Why This Matters
This isn't about cosmetic "hygiene." In decentralized networks, poor OPSEC can cascade into existential risk. At ~33% voting power offline, consensus halts. With nearly 40% of Sui exposed, a single CVE could freeze billions in assets.
By contrast, our initial scans of Aptos came back clean.
Full Research
- Full Report & Dataset: GitHub Repository
- Overview Blog: Paragraph Blog
PGDN measures the outside-in posture of decentralized infrastructure — validators, RPCs, bridges, sequencers, and more. We publish reproducible methods, anonymized scores, and remediation guidance so operators can harden their networks before attackers force the issue.
- Website: pgdn.ai
- GitHub: github.com/pgdn-ai
- X: @pgdnai
Related Posts
Sui Validator Security Benchmark — September 2025
PGDN’s September 2025 benchmark provides a consolidated security snapshot of all Sui validators. Scores ranged from 15 to 93, with a median of 45, and 18.5% meeting our good practice threshold. This dataset, heatmap, and Discord bot give validators tools to improve, while offering delegators transparency when choosing staking providers.
Sui Validators: A Billion-Dollar Liability
PGDN.ai’s scan of the Sui validator set found nearly 40% of voting power exposed. Misconfigurations, open ports, and unpatched CVEs turn Sui’s ‘critical infrastructure’ into a billion-dollar liability.
Validator Slashing Incidents Are a Warning. Sui Could Be Next.
Recent Ethereum validator slashings showed how fragile infra can be. Our scan of Sui uncovered something worse: nearly 40% of validator voting power exposed.