News/Cetus Crypto Exploit: $223M Hack Shakes Sui DeFi Ecosystem

Cetus Crypto Exploit: $223M Hack Shakes Sui DeFi Ecosystem

2025-05-23 08:43:36

Sui’s Largest DEX Cetus Protocol Loses $223M in Exploit: Liquidity Pools Drained, Tokens Plummet

 

A $223 Million Heist Shakes Sui’s DeFi Ecosystem

In one of the largest decentralized finance (DeFi) hacks of 2025, Cetus Protocol—the biggest decentralized exchange (DEX) and liquidity provider on the Sui blockchain—was exploited for over $223 million, sending shockwaves through the ecosystem and triggering a market-wide panic. The attacker manipulated spoof tokens to drain key liquidity pools, causing Sui-based assets to crash by as much as 90% and forcing emergency contract freezes.

 

The breach, detected on May 22, saw the hacker exploit a vulnerability in Cetus’ concentrated liquidity market maker (CLMM) model, injecting near-zero liquidity with fake tokens like BULLA to distort price calculations and siphon real assets such as SUI and USDC. Within hours, $60 million of stolen funds were bridged to Ethereum and converted into 21,938 ETH, while another $162 million was frozen by Sui validators in a race to mitigate losses.

 

How the Attack Unfolded: Spoof Tokens and Manipulated Reserves

On-chain analysts, including pseudonymous investigator @d0rsky, reconstructed the exploit path:

  1. Spoof Token Swaps: The attacker swapped low-value or fake tokens (e.g., BULLA) for SUI, exploiting flawed reserve calculations in Cetus’ liquidity pools.

  2. Liquidity Manipulation: By adding negligible liquidity, the hacker skewed internal pool states, enabling repeated withdrawals of high-value assets without equivalent deposits.

  3. Cross-Chain Obfuscation: Stolen USDC was rapidly bridged to Ethereum and swapped for ETH, complicating recovery efforts.

Cetus had reportedly passed security audits, but the attack targeted economic assumptions rather than code errors—a growing trend in sophisticated DeFi exploits.

 

Market Fallout: CETUS Crashes 40%, Sui Ecosystem Reels

The immediate aftermath was brutal:

  • CETUS Token: Plummeted 40%, trading at $0.169 amid panic selling.

  • Memecoins Wiped Out: Tokens like BULLA, MOJO, and AXOL lost over 90% of their value.

  • SUI Price Pressure: Sui’s native token fell 7% to $3.80, with DeFi activity stalling across the network.

Binance suspended CETUS deposits, while liquid staking protocol Haedal disabled its Cetus-linked haeVault feature as a precaution.

 

Crisis Response: $6M Bounty and Legal Pressure

In a dramatic move, Cetus offered the hacker a $6 million whitehat bounty to return 20,920 ETH ($55.7M) and frozen Sui assets, threatening legal action if funds were laundered. The Sui Foundation and cybersecurity firm Inca Digital are coordinating with regulators, including FinCEN and the U.S. Department of Defense, to trace the stolen assets.

 

Expert Warnings: DeFi’s Oracle and Liquidity Risks

The hack has reignited debates about DeFi security on newer Layer-1 chains like Sui. Analysts highlight two critical vulnerabilities:

  1. Oracle Reliance: Misprice calculations allowed spoof tokens to bypass safeguards.

  2. Complex LP Models: Cetus’ Uniswap v3-style concentrated liquidity, while capital-efficient, introduced untested attack vectors.

"Protocols must implement multi-layered oracle solutions and stricter token vetting," urged Liam Turner, a DeFi analyst.

 

What’s Next for Sui and Cetus?

Short-term recovery hinges on:

  • Fund Recovery: The $162M frozen by validators could be redistributed to users.

  • Protocol Relaunch: Cetus must rebuild trust through transparent audits and upgraded safeguards.

Long-term, the incident may accelerate regulatory scrutiny of DeFi, with calls for mandatory incident reporting and liquidity pool oversight.

 

Share Your Thoughts

Will Cetus recover, or will the exploit permanently damage Sui’s DeFi ecosystem? Share your thoughts on our X.

 

Disclaimer: The information provided in this section is for reference only and does not represent any investment advice or the official views of FameEX.

 

Sources:

  • CoinDesk: "Sui's Biggest Liquidity Provider Hacked for $223M"

  • Crypto.news: "Cetus Protocol Offers Hacker $6M Bounty After $223M Exploit"

  • Cryptoninjas: "$260M Drained: Cetus Protocol Exploit Sparks Panic"

  • 99Bitcoins: "Cetus Protocol on Sui Network Hacked and Prices Tank"

  • Cointelegraph: "Sui DEX Cetus Hit by Suspected Hack: Over $200M in Losses"

  • The Cyber Express: "$223M Exploit Halts Cetus Protocol"

  • Cryptoslate: "Sui-Based Cetus Protocol Suspends Operations Following $260M Oracle Exploit"

Other articles

Moo Deng Mew Surges: The Rise of MEW Crypto After Robinhood ListingFameEX Hot Topics | BlackRock’s Bitcoin ETF Sees 2-Week Inflow Peak as BTC Approaches $112KHuma Finance (HUMA) Launch on Binance: $250M Farming & PayFi RevolutionFameEX Morning Crypto News Recap | May 23, 2025FameEX Weekly Market Trend | May 22, 2025FameEX Hot Topics | Bitcoin Enters New Historical Territory on ETF Surge, Inflation CooldownDogecoin 2025 Price Prediction: Can the Meme Coin Hit $1?ZBCN Crypto Surges 30%: Circle Partnership & Token Buyback Drive Record HighsHaedal Crypto Surges 50% After Binance Listing – Price Prediction & Sui Ecosystem ImpactFameEX Morning Crypto News Recap | May 22, 2025