Cetus DEX Loses $223 Million in Sophisticated Hack

In a significant event of 2025, the decentralized exchange Cetus experienced a sophisticated attack resulting in the loss of $223 million in crypto assets. The incident, referred to as ‘The Cetus Hack,’ involved token spoofing, smart contract manipulation, and a meticulously planned escape route that led to the apparent disappearance of tens of thousands of Ether.

The attack began with the creation of a fake token, which was injected with minimal liquidity into a Cetus pool. This action triggered an overflow in the automated market maker’s mathematical logic, disrupting its balance calculations and allowing the attacker to extract large quantities of legitimate tokens, including $SUI and $USDC, without providing any corresponding value. Within a few minutes, the attacker managed to siphon off approximately $223 million worth of tokens. About $60 million was successfully transferred out of the protocol before countermeasures were implemented. The stolen funds were then bridged to Ethereum, where they were converted into around 22,000 ETH.

Despite the severity of the incident, the Sui blockchain, which hosts the Cetus DEX, remained stable and operational. While parts of the DeFi ecosystem experienced panic, the Sui infrastructure maintained real-time coordination and zero downtime. This resilience highlighted the robustness of Sui’s architecture and its ability to handle extreme stress without halting operations or rolling back transactions, unlike many other layer-1 blockchains that rely on centralized interventions or pauses to mitigate damage.

The attack’s precision and audacity caught many in the DeFi world off guard. Memecoins across the Sui ecosystem saw price drops of up to 90%, and satellite tokens associated with the Sui ecosystem experienced significant price declines. Even the stablecoin $USDC temporarily lost its peg. However, the native token of the blockchain, $SUI, remained relatively stable, underscoring the resilience of the Sui ecosystem.

In response to the attack, Cetus offered a $6 million bounty, payable in $SUI tokens, for the return of the stolen funds. This move was seen as a last-ditch effort to negotiate the return of the assets before they could be laundered using privacy tools and mixers. Sui also deployed emergency tools, including a whitelist function that allows certain transactions to bypass standard security protocols and a restore module accessible to a select few. These tools aim to reclaim control over the situation and potentially recover the stolen assets or compensate liquidity providers whose funds were misappropriated.

The incident serves as a stark reminder of the vulnerabilities inherent in complex smart contracts and the importance of robust security measures. Despite the significant damage suffered by Cetus and the broader DeFi space on Sui, the Sui chain demonstrated its resilience and responsiveness, passing a significant stress test. The next steps involve the attacker’s potential response to the bounty and the ongoing recovery efforts by Sui and Cetus.