Cetus Protocol Suspends Operations After $223 Million Exploit

Coin WorldThursday, May 22, 2025 1:55 pm ET

1min read

ETH--

Cetus Protocol, a decentralized exchange (DEX) operating on the

Sui

Network, has suspended its smart contract operations following a significant security breach. The platform confirmed the exploit on May 22 through its official X account, stating that the shutdown was necessary to prevent further fund loss. The incident resulted in a loss of approximately $223 million, with $162 million of the compromised funds successfully paused. Cetus Protocol is currently working with the Sui Foundation and other ecosystem members to recover the remaining stolen funds.

The exploit was first detected when an attacker drained over $260 million from the protocol. The stolen assets were reportedly being swapped into USDC and bridged to Ethereum, where they were exchanged for ETH. Approximately $60 million in USDC had already been transferred across chains at the time of reporting. Data from DeFiLlama showed a steep drop in the platform’s total value locked (TVL), which fell by more than $200 million to around $75 million.

Early analysis suggests the exploit may be linked to a flaw in the protocol’s pricing mechanism. Alex Horlan,

CTO

of web3 security firm HackenProof, explained that the attacker likely used a near-zero liquidity injection to manipulate the pools’ internal state. This allowed them to extract valuable SUI and USDC tokens without contributing real assets. He added that the team needs to check the

math

behind addLiquidity, removeLiquidity, and swap functions, especially where they compute token ratios, round small values, and handle tokens with decimals equal to zero.

Cetus Protocol employs a dual approach to oracles within its ecosystem. It uses internal oracles via concentrated liquidity pools, which provide real-time liquidity data and historical price information. This mechanism allows external developers and platforms to access accurate market data derived directly from actual trading activities, reducing reliance on off-chain data sources. Additionally, Cetus contributes its

DEX

price data to the Pyth Network, a decentralized oracle solution. As of the latest reports, Pyth Network has not commented on the incident, so it is unclear whether the pricing issue originated from the on-chain oracles or Pyth.

Despite the incident, the project has received support from the broader crypto community. Binance founder and former CEO Changpeng Zhao noted that his team has reached out to help Cetus resolve the situation. The broader Sui ecosystem also saw a selloff, with seven out of 11 Sui-based tokens tracked registering losses of around 5% or more. However, the SUI token itself seems to be holding up relatively fine, only down slightly for the day.

Comments

﻿

Add a public comment...

No comments yet

Disclaimer: The news articles available on this platform are generated in whole or in part by artificial intelligence and may not have been reviewed or fact checked by human editors. While we make reasonable efforts to ensure the quality and accuracy of the content, we make no representations or warranties, express or implied, as to the truthfulness, reliability, completeness, or timeliness of any information provided. It is your sole responsibility to independently verify any facts, statements, or claims prior to acting upon them. Ainvest Fintech Inc expressly disclaims all liability for any loss, damage, or harm arising from the use of or reliance on AI-generated content, including but not limited to direct, indirect, incidental, or consequential damages.