TLDR:
- Incident: Cetus Protocol, a leading AMM DEX on the Sui blockchain, suffered a security breach on May 22, 2025, with hackers draining liquidity pools, resulting in an estimated loss of over $260 million.
- Response: Cetus Protocol confirmed the hack, pausing smart contracts, while Sui Foundation and other entities are working to recover $162 million of the frozen assets.
Cetus Protocol (CETUS), being a prominent Automated Market Maker (AMM) Decentralized Exchange (DEX) on the Sui and Aptos chains, fell prey to a significant security flaw at the early hours of May 22, 2025. Hackers emptied out the liquidity pool and withdrew an approximate $260 million value in funds. The attack sent waves through the Sui ecosystem and far beyond.
In their latest update, Cetus Protocol reaffirmed the hackers made off with $223 million but also stated $162 million worth of assets are also frozen in the Sui blockchain and can potentially be recovered. The development team is collaborating with the Sui Foundation and other stakeholders in recovering the funds. The Sui Foundation also contacted a significant majority of validators to seek a consensus to freeze the suspected hacker addresses until further action can take place in the highest interests of the ecosystem and users first.
Initial reports from users and on-chain investigators revealed that the attackers withdrew approximately $11 million worth of SUI tokens from the SUI/USDC liquidity pool, causing most token prices to plummet by over 75% and depleting the liquidity in Cetus’s pools. The hacker’s wallet address “0xe28b50cef1d633ea43d3296a3f6b67ff0312a5f1a99f0af753c85b8b5de8ff06,” traced on Suiscan, shows they drained liquidity from multiple Cetus pools and subsequently swapped these assets for SUI. Currently, the hacker holds assets worth around $260 million, including 12.989 million SUI (approximately $54 million), and has begun laundering these funds across other blockchains.
Cetus Protocol developers have acknowledged the hack and indicated that their smart contracts are frozen temporarily for security purposes in the network. They have yet to release a detailed description of the reason behind the hack and are requesting users to wait until further findings are released. HackenProof’s Chief Technology Officer suspects initially that the hacker exploited a weak pricing function or reserve formula through swapping with false tokens (e.g., BULLA → SUI), gaining near zero liquidity to manipulate the pools’ states and removing liquidity periodically to cash in the accounting loopholes while draining actual SUI/USDC without bringing in any assets.
The actual reason behind the hack is still unclear—whether it is a bug at the protocol level or a liquidity provider position being compromised and having a cascade effect on the protocol. Either way, the impact has been devastating, having reached the whole Sui ecosystem. WAL, DEEP, NAVX, LOFI, and HIPPO tokens have all taken a big hit, with their losses ranging anywhere from 5% to 15% from their pre-incident peak prices. Most memecoins and altcoins have lost over 80% in value since the hack and are no longer being traded as they lack liquidity.
CETUS itself was hit the worst, with a “dump god” candle and more than a 16% plunge in price to its present trading level of approximately $0.176 per CETUS from the $0.24 level prior to the incident.
Visit Cetus on MevX for more information
The severity of the issue has led to Binance founder CZ publicly vowing to provide complete support in aiding Sui to counter the damage. Bluefin and Momentum, two other prominent Sui DEXs, have suspended their activities temporarily until the issue is addressed in light of the possible risks.
This exploit exposes the vulnerabilities of the most advanced DeFi protocols and their far-reaching implications on the Sui network. The crypto community holds its breath and expects a quick resolution and restoration while the investigations are still ongoing.
Read the latest news on the MevX Blog!
Share on Social Media:
