BlueMove liquidity pools: BlueMove DEX reportedly drains $550,000 from liquidity pools on July 11

BlueMove DEX reportedly drains $550,000 from liquidity pools on July 11

Dozens of liquidity pools on the BlueMove decentralized exchange (DEX) were reportedly drained on Saturday, July 11, 2026, leading to accusations of a pre-planned insider exploit. Tyler Simpson, the founder of Quantum Void Labs, alerted the Sui community that the DEX effectively pulled the total value locked (TVL) from every single pool, wiping out the liquidity behind various tokens launched through the MovePump bonding-curve launchpad.

The drain has devastated the market for affected assets, with Tyler Simpson noting that “charts are destroyed” as pools were drained to zero. Early estimates regarding the scale of the loss vary between on-chain monitoring groups.

Allegations of a planted backdoor in BlueMove smart contracts

While Defimon Alerts identified a drained pool containing roughly $400,000, Tyler Simpson placed the total loss at more than 700,000 SUI, with other estimates suggesting the figure could reach $550,000 across the platform.

The core of the controversy centers on a package upgrade that the BlueMove team allegedly shipped themselves. According to Tyler Simpson, the upgrade cap holder pushed a version labeled “v12” to the network on May 31, 2026.

This specific update reportedly added a function allowing for the return of added liquidity, paired with a “double-mint” mechanism that inflated liquidity provider (LP) tokens. The package was made immutable immediately following this change, effectively locking the backdoor into the code.

This technical maneuver allowed the perpetrators to bypass the “locked” status that many project developers and investors relied upon when launching on MovePump. MovePump is a popular launchpad for smaller meme projects on the Sui blockchain, and many of these tokens treat their liquidity as permanently locked to build investor confidence.

On-chain data indicates that projects like Beeg Blue Whale saw significant drops in liquidity as their primary funds were stripped out from the contract.

But this is not the first time BlueMove has drawn criticism for its sudden operational shifts. In August 2023, the project abruptly ceased operations on the Sei Network, giving users only 72 hours to delist their assets.

Observers suggest that the decentralized exchange had stopped active development a long time ago, eventually leading to this weekend’s decision to remove the liquidity pools from its application interface entirely.

Market fallout and efforts for fund recovery

The incident occurs during a period of heightened market sensitivity, as Bitcoin recently slipped below the $64,000 mark. While Brian Armstrong warns finance must move on-chain to prevent institutional obsolescence, the BlueMove drain highlights the persistent risks of centralized control within supposedly decentralized protocols. The suddenness of the drain has left users and project founders scrambling for options.

In response to the exploit, an on-chain message was sent to the address holding the drained funds in an attempt to negotiate a return. The sender offered a “white hat” bounty, telling the exploiter they could keep 30% of the funds if the remaining 70% was returned to a specified Sui address within 48 hours.

The message warned that failure to comply would result in “all available legal and recovery actions.”

Broader implications for the Sui blockchain ecosystem

The fallout has also fueled a broader debate regarding the governance of the Sui network. Tyler Simpson claimed he had warned the network about BlueMove’s vulnerabilities on three separate occasions before the pools were emptied.

He has been vocal in his criticism of Mysten Labs and the Sui Foundation, alleging they have marginalized many independent projects on the chain in favor of a select few like WAL and DEEP.

As the Clarity Act advances to the Senate to establish new federal rules for assets like Ethereum and Solana, the lack of oversight on smaller DEXs may invite further scrutiny.

If the BlueMove team does not respond to the white hat ultimatum, the incident will likely become another case study in the risks of administrative “upgrade caps.” As of Sunday, BlueMove has not posted a public response to the insider backdoor allegations.

The mechanics of the alleged exploit

Tyler Simpson, a prominent voice within the crypto community, has drilled down into the technical specifics of how the compromise might have occurred. He points to a critical update, identified as version 12, rolled out by the BlueMove team on May 31, 2026. This date is significant as it precedes the July 11 draining of the pools.

According to Simpson, this particular version introduced two key functionalities. First, it included a mechanism allowing for the return of added liquidity. Second, and more critically, it incorporated a “double-mint” exploit that could artificially inflate the number of liquidity provider (LP) tokens.

Once this version 12 was deployed, the package was immediately made immutable. This action effectively “locked in” the new functionalities, making it impossible to alter or remove them without a complete redeployment, meaning a potential vulnerability was enshrined in the code base.

The combination of these features—the ability to return liquidity and the double-mint exploit—created what observers are calling a backdoor. This backdoor would have allowed an entity with privileged access, or one able to exploit the newly introduced mechanisms, to drain the liquidity pools without triggering standard security alerts associated with external attacks.

Impact on MovePump and Sui ecosystem projects

The tokens specifically targeted in this incident were those launched through the MovePump curve, a bonding-curve launchpad operating within the Sui ecosystem. Many smaller and older meme projects on Sui utilized MovePump to establish initial liquidity and foster community engagement.

For these projects, the concept of “locked liquidity” is a cornerstone for investor confidence. It signals that the project developers cannot simply pull the underlying assets, providing a sense of security for participants. The alleged exploit, however, appears to have circumvented these assurances.

For instance, the Beeg Blue Whale project, which reportedly held its primary liquidity within the MovePump contract, experienced a substantial drop in its liquidity after the pools were drained. This directly impacts the token