Cetus Protocol faced a major security breach on the Sui blockchain. The protocol, known as the largest decentralised exchange on Sui, lost roughly $223 million in crypto assets. 

Hackers took advantage of a weakness in Cetus’s smart contracts tied to its liquidity pools. Some stolen funds were swapped into USDC and then converted to ETH.

Bounty Offer and Negotiations

Late on Thursday night, Cetus published a notice on X(Twitter) revealing they had traced the hacker’s Ethereum wallet. The notice stated that Cetus, alongside data analytics firm Inca Digital, had reached out to the attacker.

🚨ANNOUNCEMENT

As of earlier today, we have confirmed that an attacker has stolen approximately $223M from Cetus Protocol. We have took immediate action to lock our contract preventing further theft of funds.

$162M of the compromised funds have been successfully paused. We are…

— Cetus🐳 (@CetusProtocol) May 22, 2025

 

They asked for a return of 20,920 ETH, about $56.3 million, and all frozen assets in the hacker’s Sui wallets.

In return, the hacker could keep 2,324 ETH, which is roughly $6 million, as a bounty. Cetus warned that legal action would begin if the stolen crypto was moved off a known path or mixed to hide its origin.

How the Breach Happened?

The hacker exploited a flaw in Cetus’s pricing mechanism, affecting its concentrated liquidity market maker pools. 

By creating spoof tokens, fake or low-value assets with altered metadata, the attacker slipped tiny amounts of these tokens into trading pools.This skewed the pools’ internal accounting.

Through a series of flash swaps and careful timing, the hacker forced the protocol to treat pools as balanced when they were not.

This let them pull out large amounts of genuine tokens, including SUI and USDC, at incorrect rates.

Also Read: ZKsync and Matter Labs Confirm Their X Accounts Are Still Under Hacker Control and Caution Users

Audits and Oversight

Before the attack, Cetus had passed recent security checks. However, the vulnerability lay not in a simple coding mistake but in the protocol’s internal pricing logic and economic rules. That made it far harder to detect with normal scans. 

This kind of exploit shows that even audited systems can fall prey to attacks that play against underlying financial assumptions.

Community and Network Response

In a joint statement, the Sui Network said the Sui Foundation and its validators are blocking transactions linked to the hacker’s addresses. They noted that many validators identified the suspicious wallets and ignored any new transactions from them.

We’ve learned that a Cetus smart contract was hacked this morning for approximately $223M and Cetus subsequently paused their smart contracts to prevent further theft.

Cetus worked together with the other DeFi protocols, the Sui Foundation, and the Sui validators to… https://t.co/Y1iw2sNnPW

— Sui (@SuiNetwork) May 22, 2025

Cetus also stated it patched the exploited vulnerability and is working closely with other DeFi projects, the Sui Foundation, and validators to secure the wider ecosystem.

📜 Dear Sui community, thank you for your patience while our team works on the incident investigation and resolution.

Since taking the actions indicated in our previous announcement, we have also done the following:

1. We engaged the broader ecosystem, Sui team, and related… https://t.co/Gs1EWXZ6AD

— Cetus🐳 (@CetusProtocol) May 22, 2025

CETUS Price Actions

The price of CETUS, the protocol’s native token, has taken a hit. Over the past day, it slipped 30% to trade around $0.1708. 

Meanwhile, trading volume jumped more than 1,000% over the same period. These figures reflect users’ concerns about security and show how a single exploit can ripple through a token’s market dynamics.

Cetus Protocol’s rapid response and bounty offer aim to recover as many stolen funds as possible. By tracing the hacker’s wallets and patching the vulnerability, they hope to restore confidence in their platform.

Also Read: Coinbase Data Breach Hacker Mocks ZachXBT After Major $42.5M Swap