Validator Slashing Incidents Are a Warning. Sui Could Be Next.
Recent Ethereum validator slashings (via the SSV Labs ecosystem) highlight how fragile staking infrastructure can become when operational practices fail. In this case, the protocol held, but external key management mistakes led to costly penalties.
Our latest scan of the Sui validator set uncovered something deeper: nearly 40% of validator voting power exposed. This wasn’t the result of a single misstep, but systemic misconfigurations and poor security hygiene across the network.
This is what happens when your dev team scraped a pass in GCSE ICT and called it cybersecurity.
Key Findings
- Open SSH ports across core validators
- Critical CVEs left unpatched (~28% of validators)
- Default Apache landing pages exposed to the public internet
- Docker port 2375 open on ~99% of validators, often with no firewall
By contrast, our initial scan of Aptos (Sui’s nemesis) showed no comparable issues.
Why It Matters
In proof-of-stake systems, it doesn’t take a 51% attack to break consensus. If more than ~33% of validator voting power goes offline, consensus halts, freezing the network and billions in assets. With 40% of voting power exposed, this is more than a bug bounty — it’s a systemic risk.
Links
- Blog (overview): Validator Slashing Incidents Are a Warning. Sui Could Be Next.
- Full Technical Report: Sui Validator Exposure Report (GitHub)
PGDN.ai is committed to scanning decentralized networks for systemic risks and publishing transparent reports for the community.
Related Posts
Sui Validator Security Benchmark — September 2025
PGDN’s September 2025 benchmark provides a consolidated security snapshot of all Sui validators. Scores ranged from 15 to 93, with a median of 45, and 18.5% meeting our good practice threshold. This dataset, heatmap, and Discord bot give validators tools to improve, while offering delegators transparency when choosing staking providers.
PGDN Sentinel: Bringing External Security Scores to Discord
PGDN Sentinel is a lightweight Discord bot for Sui validators that checks your node’s external security posture and benchmarks it against the network. Instantly see what attackers can see - open ports, CVEs, misconfigurations - and unlock deeper insights by proving node ownership. Simple, private, and right where operators already work: inside Discord.
Sui Validators: A Billion-Dollar Liability
PGDN.ai’s scan of the Sui validator set found nearly 40% of voting power exposed. Misconfigurations, open ports, and unpatched CVEs turn Sui’s ‘critical infrastructure’ into a billion-dollar liability.