Cetus Protocol Loses $260 Million in DeFi Hack, SUI Token Drops 14%

On May 22, 2025, the decentralized exchange Cetus Protocol experienced a severe security breach, resulting in a loss of nearly $260 million from its liquidity pools. The exploit targeted vulnerabilities in the Sui Network’s smart contract architecture, specifically affecting liquidity pools such as the SUI/USDC pairing. The attack involved manipulating token prices using fake liquidity, which led to massive fund withdrawals. This exploit was facilitated by gaps in Cetus’s price oracle mechanisms, causing significant destabilization of the protocol’s operations. The incident is considered one of the largest DeFi hacks of 2025 and has raised critical questions about the overall security of the Sui Network.

In response to the breach, network validators swiftly froze $162 million in stolen assets to contain further damage. This action, however, sparked debates about the balance between decentralization principles and emergency intervention. The immediate market response was severe, with the SUI token price plummeting roughly 14%, from $4.19 to $3.62 within 24 hours. The Cetus Protocol’s native token, CETUS, also suffered a steep decline from $0.26 to $0.15, reflecting investors’ shaken confidence in the protocol’s security and the Sui Network’s robustness. The exploit has damaged Sui’s reputation as a secure and scalable blockchain, highlighting the need for stronger security measures in the DeFi space.

The network’s ability to freeze stolen funds demonstrated quick crisis management but also underscored a centralization tradeoff. The community is debating whether such freezes violate the decentralization ethos fundamental to blockchain philosophy. Cetus Protocol has suspended operations to investigate the breach and has offered a $6 million bounty to the hacker for the return of the funds. This incident emphasizes the critical need for enhanced security audits in DeFi protocols. Sui Network’s leadership has promised security upgrades and closer collaboration with security firms to prevent similar exploits in the future. Analysts warn that unless protocols improve their oracle and liquidity pool designs, similar attacks may increase, underscoring the need for DeFi security to evolve alongside growing market size and complexity.

The exploit was a meticulously planned attack, with the attacker's wallet, identified as 0xe28b50, currently holding over 12.9 million SUI, valued at approximately $54 million, with a total net position of 32.9 million SUI, worth around $137 million. The wallet remains active and appears to be obfuscating funds through multiple swap paths. Early reports indicate that the attacker utilized spoof tokens like BULLA to manipulate Cetus' pricing algorithms. By exploiting broken price curves and reserve logic, the attacker added near-zero liquidity and repeatedly withdrew real assets such as SUI and USDC without investing any real capital. This strategy effectively drained every major liquidity pool on Cetus.

In response to the exploit, the Cetus team confirmed the incident and paused smart contracts for safety measures. They are currently investigating the breach and have promised a full statement. However, the damage control efforts seem to be coming in late, as the CETUS token has already plummeted by 40%, and the broader Sui token ecosystem is in disarray. Liquidity pools are empty, charts are showing significant losses, and overall liquidity has vanished overnight. The Sui Foundation is expected to address the issue promptly, but until then, the network's entire DeFi narrative is hanging by a thread. This exploit is not just a protocol issue; it is a severe blow to the chain's ecosystem, liquidity, and investor trust. The broader implications of this exploit could have far-reaching effects on the trust and confidence of investors in the DeFi ecosystem.