Worth approximately $500,000 $SUI tokens were dumped from BlueMove DEX locked pools last weekend, leading users to speculate that the incident could be an inside job.
Quantum Void Labs founder Tyler Simpson shared screenshots last Saturday showing more than 700,000 $SUI tokens are drained from locked liquidity pools provided by BlueMove.
Simpson initially accused the platform of draining his blocked liquidity pools and suggested his alleged actions were a “crime.” However, he later found that the business was being exploited.
The next day, he claimed that BlueMove had “self-shipped the backdoor” after implementing a package on May 31 that laid the groundwork for the exploit.
He said he added immutable functions such as “add_liquidity_returns” and “double-mint LP inflation” before, more than 40 days later, the exploit began.
The BlueMove team shipped the backdoor themselves.
They upgraded the package on May 31 (by upgrade cap holder):https://t.co/t0smmnd8LO
Earlier the same day: https://t.co/nHlXz1NNcF
v12 added add_liquidity_returns + double mint LP inflation. Package made immutable immediately… pic.twitter.com/CB2wFyNLCn
— Tyler Simpson (@quantumvoidlabs) July 12, 2026
For this reason, Simpson described the grueling event as a “delayed rug pull.”
BlueMove says it will compensate users
BlueMove disagrees. It claims on its website that it’s the fault of an attacker who exploited “a long-standing arithmetic overflow bug in BlueMove’s old AMM contract to drain liquidity from 389 pools.”
The bug has reportedly been visible since at least 2023, with BlueMove explaining that an upgrade that ignored the bug was partly responsible for the exploit as it prevented any further fixes.
It claims that “because UpgradeCap was burned on June 3, BlueMove currently has no on-chain path to patch or disable the vulnerable v1 package.”
BlueMove added that a fix would now require “an independent admin/freeze capability (if it exists outside of UpgradeCap) or a full migration to a new audited package.”
BlueMove also sent a message to a crypto address in an attempt to contact the hacker and strike a white hat bounty deal with him.
It says: “You have emptied the BlueMove DEX pool (~$400,000). Keep 30% as white hat bounty and return 70% within 48 hours to our Sui address.”
BlueMove added: “If returned, we will consider the issue resolved. Otherwise, we will pursue all available legal and recovery actions.”
That’s about $150,000 for the hacker (as long as the $700,000 price tag $SUI approximately $500,000 remaining).
BlueMove also claims that it will compensate all affected users if it does not receive a response from the hacker within the next 48 hours, adding that the project will be shut down in the future.
The company’s operations remain suspended as it continues to investigate what happened.
A $SUI The network’s spokesperson responded “no comment” when asked by Protos about the grueling event and recovery of funds.

