TLDR
- Cetus lost $223 million due to a smart contract flaw.
- Sui Foundation froze $160 million of the stolen assets.
- Attack executed in 15 minutes, exploiting liquidity pool vulnerabilities.
The Cetus protocol recently encountered a significant security breach, resulting in the theft of $223 million. On May 31, 2025, $160 million of the stolen funds were successfully transferred to a multisig trust wallet with community support. This marks one of the most significant DeFi attacks in the Sui network’s history.
The security breach originated from a flaw in Cetus’ smart contracts linked to the “integer-mate” library. This vulnerability allowed the attacker to manipulate liquidity and pricing calculations. The compromised funds included SUI, USDC, and various liquidity pool assets from the Cetus decentralized exchange.
Swift Actions Taken by Sui Foundation
The Sui Foundation coordinated with network validators to counter the attack. They promptly updated a configuration file, enabling them to freeze $160 million of the stolen assets. This rapid response prevented further losses.
This incident has sparked discussions in the blockchain community regarding the balance between decentralization and security. The swift action taken by the validators was done without requiring a formal vote or protocol-level upgrade.
Details of the Attack Mechanism
The attacker exploited the vulnerability by depositing tokens named “BULLA” and “MOJO” into Cetus liquidity pools. By manipulating the price curves and reserve calculations, they managed to withdraw legitimate assets, such as SUI and USDC, in amounts exceeding their deposits.
The exploit was executed within 15 minutes on May 22, 2025, resulting in the drainage of $223 million. This rapid assault underscores the risks posed by vulnerabilities in third-party libraries used in blockchain ecosystems.
Monitoring Community Support and Reactions
The Cetus hack has led to community support for its recovery efforts and intensified scrutiny on protocol security. Users are closely watching how Cetus will address the security concerns and repair its damaged trust after the breach.
Adeniyi Abiodun from Mysten Labs clarified that the bug was in the application logic of Cetus, not related to the Sui consensus or the Move language. This distinction has been crucial as it highlights the responsibility of individual protocols to secure their infrastructure.
For further insights, Sui Network’s announcement offers more details regarding the incident and the measures taken post-attack.
| Disclaimer: The content on defiliban.com is provided for informational purposes only and should not be considered financial or investment advice. Cryptocurrency investments carry inherent risks. Please consult a qualified financial advisor before making any investment decisions. |
