Sui’s Cetus DEX Faces Hack, $260M of Crypto Stolen

On the 22nd of May 2025, 2025 the Sui blockchain’s main DEX, a decentralized exchange (DEX), Cetus Protocol, was hacked as part of one of the biggest Decentralized Finance (DeFi) hacks that have occurred to the present. An attacker took advantage of a weakness in the pricing mechanism of Cetus, leading to the theft of around $260 million worth of digital assets. The attack shook the community and knocked the SUI token down about 15% to around $3.81. This hack has not just shaken the Sui community but also raised serious concerns regarding the security and reliability of the DeFi platforms.

The Attack: How It Unfolded

Exploitation of a Pricing Vulnerability

An attacker who was identified with the wallet’s address “0xe28b50” leveraged a security flaw in Cetus’s internal system. The system, intended to provide real-time price feeds to exchanges of tokens, was tricked by spoofing tokens such as BULLA. They were with no actual liquidity, were inserted in the pools of liquidity, which distorted the price curves as well as reserve calculations. This enabled the attacker to take out significant amounts of important assets like SUI and USDC and USDC, at artificially attractive rates.

Execution of the Exploit

The attack started by granting a cash loan in a flash, then the addition of fake tokens to the liquidity pools. Utilising the flaws in the pricing mechanism, the attackers drained funds from 46 liquidity pairings. The money stolen was later transferred over to the Ethereum network, which converted it into ETH. About 60 million dollars in USDC were transferred into Ethereum, with a substantial part of it swapped for 21,938 ETH at an average of $2,658 for each coin.

Immediate Consequences

The incident caused a sharp drop in prices for tokens throughout in the Sui ecosystem. The CETUS token dropped by more than 40%, while other tokens saw losses ranging between 75% and 99%. The total value of the locked (TVL) within the Sui ecosystem fell by $2.13 billion, to $1.92 billion, which reflects the wide-ranging consequences of the hack.

Response by Cetus Protocol and the Sui Foundation

Pausing of Smart Contracts

In response to the attack, Cetus Protocol paused its smart contracts to stop any further transactions that were not authorized. The team, working with Sui Foundation, initiated an investigation to determine the severity of the breach and determine the weaknesses exploited by the attacker.

Community Proposal for Fund Recovery

On the 25th of May, Cetus announced a public Q&A session to discuss a strategy to recover the funds stolen. A community-based proposal entitled “Whether to return stolen assets in Cetus Protocol Cetus Protocol Through a Special Transaction” was proposed. The plan received more than 53% of the vote and 52 votes favor, two against and 60 validators deciding to abstain. The approval permitted the transfer of $1.2 million of the wallet of the attacker to a multisig-based wallet that was managed through OtterSec as well as Sui Foundation. Sui Foundation.

White hat Deal and Bounty Offer

Cetus offered a white-hat deal to the hacker and offered the attacker a bounty that was 2,324 ETH (approximately six million dollars) as a condition for repayment of the stolen money. The agreement stipulated that if the money were returned without legal action, they would not be taken. Furthermore, Cetus announced a $5 million reward for information that led to the arrest and identification of the hacker.

Broader Implications for the Sui Ecosystem

Impact on Token Prices

The hack triggered significant instability within the Sui ecosystem. The SUI token saw a loss of 14% in value, ranging from $4.19 to $3.62. The other tokens, such as AXOL, HIPPO, and SQUIRT and SQUIRT, experienced price drops of 75% to 91%. Its CETUS token was hit with a significant decrease, dropping between $0.26 to $0.15.

Strain on DeFi Infrastructure

The vulnerability was exposed in the DeFi platform of Sui. The exploit exposed weaknesses in the DeFi infrastructure of the Sui blockchain. A manipulation in the Oracle system as well as the introduction of counterfeit tokens, exposed flaws in the protocol’s structure and application. This incident caused the re-evaluation of security methods within the Sui community and in the wider DeFi community.

Response from other Sui protocols

After the incident, other Sui-based protocols took preventive measures. Bluefin and Momentum suspended trading activities, as well as Haedal Protocol suspended its haeVault feature. This action highlighted the interdependence of DeFi platforms and the shared obligation to protect the integrity and security of the entire ecosystem.

Technical Analysis of the Exploit

Flaw in the Pricing Mechanism

The principal vulnerability exploited by the hack was due to a flaw within Cetus’s price mechanism. Cetus’s internal Oracle system relied on the use of concentrated liquidity pools to calculate real-time prices. However, the system did not have adequate validation of token legitimacy, which allowed the introduction of fake tokens that altered price calculations.

Manipulation of Liquidity Pools

By inserting spoof tokens into the liquidity pools, the attacker altered the reserve balances as well as the price curves. This allowed the theft of important assets at artificially favourable prices, which led to the depletion of the pools as well as the theft of significant quantities of cryptocurrency.

Insufficient Input Validation

The attack also exposed flaws in the validation of inputs within the smart contracts that regulate liquidity pools. The absence of checks for the authenticity of tokens and the inadequate validation of inputs allowed the attacker to take advantage of the system without activating any security measures.

Recovery Efforts and Future Security Measures

Fund Recovery Initiatives

Cetus Protocol, in collaboration with the Sui Foundation and other ecosystem members, is currently seeking to recover stolen funds. A transfer from $162m to the multisig wallet is an important stage towards this end. Furthermore, the whitehat deal and bounty program aim to encourage to return of the funds and to identify the perpetrator.

Allocation of Security Resources

As a result of the hack in response to the hack, in response to the breach, Sui Foundation has allocated $10 million to strengthen the security of the Sui ecosystem. The funds will be used to conduct audits and bug bounty programs, formal verification, as well as other initiatives that will strengthen the security of the Sui blockchain and its associated protocols. Sui blockchain and its protocols.

Implementation of Enhanced Security Measures

Cetus Protocol has initiated a comprehensive examination of its pricing and smart contracts. The team is currently working to improve security measures, such as an improved input validation process, more effective authenticating tokens, and more secure protection against manipulation. These measures are designed to stop similar attacks from happening in the future and to increase confidence in the platform.

Importance of Robust Security Practices

The Cetus hack underscores the vital importance of implementing solid security procedures for DeFi-based platforms. Complete audits, thorough testing, and ongoing monitoring are vital to detect weaknesses before they are exploited.

Need for Improved Input Validation

The incident has highlighted the need for better security of inputs within smart contracts. Making sure that only authentic tokens are introduced to the liquidity pool and all inputs are verified can help prevent attacks similar to this one.

Collaboration Within the Ecosystem

The coordinated response of Cetus Protocol, the Sui Foundation and other members of the ecosystem demonstrates the importance of cooperation when it comes to addressing security issues. Sharing resources, information, and knowledge can help facilitate the most efficient recovery efforts as well as increase total security for the entire ecosystem.

Conclusion

The $260 million breach of Cetus Protocol serves as a clear reminder of the security issues present in the DeFi platforms. Although Sui has taken significant steps to improve its security, the Sui platform has already taken important steps to recover, but the attack highlights the need for continual improvement in the security methods and the infrastructure. As the DeFi industry is evolving, focusing on security and resilience will be crucial in ensuring the long-term viability and security of decentralized finance.