Cetus Exchange Hacked for $223 Million, Sui Network Freezes Funds

The cryptocurrency ecosystem is currently facing two significant security crises that highlight growing concerns about decentralization and evolving attack vectors. On May 22, the decentralized exchange Cetus was exploited for $223 million due to a flaw in its automated market maker (AMM) code. This incident prompted a controversial decision by Sui network validators to freeze a majority of the stolen funds. Meanwhile, scammers impersonating hardware wallet manufacturer Ledger have taken phishing into the physical realm, mailing fake letters via the United States Postal Service (USPS) in an attempt to extract sensitive user data.

In a detailed post-mortem report, blockchain security firm Dedaub revealed that the root cause of the Cetus hack was a vulnerability in the AMM’s liquidity parameter code. Specifically, an ineffective "most significant bits" (MSB) check allowed attackers to artificially inflate their liquidity positions with minimal token input, creating an imbalance they could exploit to drain liquidity pools. This flaw allowed them to add massive liquidity positions with just one unit of token input, subsequently draining pools containing hundreds of millions of dollars worth of tokens. The exploit represents a particularly dangerous type of overflow bug where the parameters used to validate transactions fail to properly check the size of numeric values, allowing attackers to bypass normal safeguards and execute transactions that effectively broke the AMM’s logic.

Within hours of the attack being discovered, Cetus and the Sui Foundation acted swiftly, working with Sui network validators and ecosystem partners to freeze approximately $163 million of the stolen $223 million. While this rapid response significantly blunted the full potential impact of the exploit, it also sparked a heated debate within the crypto community. Some celebrated the freezing of assets as a necessary step to mitigate user losses, while others viewed it as a troubling act of censorship that undermines the principles of decentralization. On social media platforms, users accused the Sui validators of actively censoring transactions across the blockchain, transforming the network into a centralized, permissioned database. This incident joins a growing list of high-profile exploits that continue to shake confidence in DeFi systems, with billions lost across bridges, DEXs, and lending platforms due to similar overflow or unchecked math errors buried deep in smart contract code.

Industry executives and security researchers have stressed the need for protocols to prioritize robust auditing, stress testing, and formal verification to break the cycle of exploit and patch. The industry also faces the looming shadow of increased regulatory oversight, with experts arguing that if projects fail to implement adequate user protections, regulators will step in, potentially in ways that are incompatible with blockchain’s permissionless vision. Despite the controversy, Cetus has vowed to improve its codebase and restore user trust by working with Dedaub and other third-party auditors to revamp its AMM logic and enhance overall protocol security. The Sui Foundation has defended the validators’ decision to freeze funds, framing it as an emergency measure necessary to protect the broader ecosystem. However, the reputational and financial damage is done, and the hack stands as a defining moment for the Sui ecosystem as it balances innovation with operational maturity.

Meanwhile, the cryptocurrency industry is facing a new and unsettling evolution in phishing attacks. Scammers posing as hardware wallet maker Ledger have begun sending physical scam letters to unsuspecting users in an attempt to trick them into "validating" their wallets or risk losing access to their funds. The letters, delivered via the United States Postal Service (USPS), represent a significant shift in phishing tactics, adding a real-world component to an industry that has long battled digital deception. First revealed by BitGo CEO Mike Belshe, the scam includes a QR code that allegedly redirects victims to a phishing website designed to capture their seed phrases and private keys, ultimately draining their wallets. The physical phishing letter, designed to resemble official Ledger correspondence, urges users to scan a QR code to "validate" their wallets, claiming they risk losing access if they fail to do so. This attack highlights the long-term fallout from Ledger’s 2020 data breach, in which over 270,000 users' personal information was leaked, giving scammers a years-long head start on their social engineering efforts.

Phishing has long been a scourge in the cryptocurrency world, but 2025 has already seen a notable escalation. Earlier this year, $330 million in Bitcoin was stolen from a single elderly victim, suggesting growing professionalization of crypto crime, with scammers establishing entire call centers, hiring developers, and exploiting psychological vulnerabilities at a scale previously unseen. Just weeks later, on May 15, Coinbase disclosed that it had been the target of a $20 million ransom attempt following a significant internal leak. The leaked data included names, physical addresses, contact information, and other non-critical account details of a small subset of users. Coinbase stated that no private keys, login credentials, or access to Coinbase Prime accounts were compromised, and that the contractors involved had been terminated. Still, the breach drew sharp criticism from industry figures, warning of the potential for real-world violence against exposed users.