Sui Token Drops 2.4% as Cetus DEX Hack Recovery Efforts Continue

Sui's latest price was $3.85, down 2.4% in the last 24 hours. The Cetus DEX, a decentralized crypto exchange built on the Sui blockchain network, reported that $162 million of the $220 million stolen in a May 22 hack has been frozen. The Cetus team is collaborating with the Sui Foundation and other ecosystem entities to recover the remaining funds. The Sui Foundation confirmed that a significant number of validators have identified the addresses with the stolen funds and are ignoring transactions on those addresses until further notice. The Cetus team is exploring paths to recover those funds and return them to the community.

The Cetus hack is the latest in a series of incidents impacting crypto and Web3 in the first half of 2025. Cybersecurity remains a major issue in the crypto sector, with many industry executives calling for the sector to police itself and establish more robust defenses to avoid increased regulatory scrutiny.

On May 22, the Cetus DEX was hacked in what is believed to be a smart contract code exploit that saw the DEX drained of approximately $223 million in user funds. The recovery efforts and the asset freeze coordinated by different projects, platforms, and validators in the Sui ecosystem drew mixed reactions from the crypto community. One user wrote, "Good news for the victims, but if validators, only 114 in total, can freeze wallets when they want, it raises a major question about the network's censorship resistance. Sui is anything but decentralized."

Cetus, a liquidity provider on the Sui network, confirmed a loss of $223 million due to a hack and stated that it is taking steps to recover the funds. The protocol was able to safeguard $162 million out of the compromised assets by halting smart contract activity. The remaining funds are being transferred across multiple Sui wallets, many of which have already been blacklisted. Cetus is working with the Sui Foundation to contain the damage and recover as many funds as possible. The Sui Foundation noted that validators have taken steps to ignore transactions originating from wallets linked to the hack.

Cetus worked together with other DeFi protocols, the Sui Foundation, and the Sui validators to collectively protect the ecosystem. A large number of validators identified the addresses with the stolen funds and are ignoring transactions on those addresses until further notice. The hack ignited criticism on social media, where users raised concerns about centralization. Many pointed to the ability of Cetus to pause its smart contract as evidence that the project lacks true decentralization. In a decentralized finance protocol, no single party should have the authority to halt execution unilaterally. Cetus paused the contract immediately after revealing the breach. Criticism was also directed at the Sui Foundation, particularly its role in censoring transactions linked to the attack. One user commented, "What’s worse? A hacker stealing funds, or validators freezing wallets."

Neither the Sui Foundation nor Cetus has responded directly to these concerns. The exploit comes as the decentralized finance sector has struggled to weather an increasing number of multi-million-dollar cyber attacks over the past few years. A Chainanalysis report shows that stolen funds in the DeFi sector totaled $2.2 billion in 2024, a 21% increase from the year prior. More broadly, centralized trading platforms for digital assets have also suffered due to critical cyberattacks on their infrastructures.

Although Sui’s flagship token has largely recovered since the Cetus attack, other digital assets linked to its ecosystem are still struggling to retrace their losses. The exploit also triggered a broader selloff in the Sui ecosystem, with seven out of 11 Sui-based tokens tracked by CryptoSlate registering losses of around 5% or more. Rosco Kalis, the founder of Revoke Cash, pointed out, "The stolen funds mostly belonged to the LPs of the DEX. But this also caused a lot of Sui token prices to crash, affected normal users as well. The SUI token itself seems to be holding up relatively fine so far though, only down slightly for the day."

Early analysis suggests the exploit may be linked to a flaw in the protocol’s pricing mechanism. Blockchain analytics firm Lookonchain revealed that the attacker drained over $260 million from the protocol. The stolen assets are reportedly being swapped into USDC and bridged to Ethereum, where they are exchanged for ETH. Lookonchain reported that approximately $60 million in USDC had already been transferred across chains at the time of reporting. Data from DeFiLlama supports this, showing a steep drop in the platform’s total value locked (TVL), which fell by more than $200 million to around $75 million.

Recent events surrounding the Sui network have captured widespread attention. The major incident involves a hack on Cetus Protocol, the most prominent decentralized exchange (DEX) on the Sui network, resulting in the draining of approximately $223 million in user funds. The attack occurred when an individual exploited pricing flaws on the protocol, minting spoof tokens and cashing them out for real SUI, USDC, and various other cryptocurrencies.

In response to the situation, the Sui team acted swiftly, pausing smart contracts to prevent further damage. Additionally, a coordinated effort involving numerous validators led to the freezing of a substantial portion of the stolen assets—totaling around $160 million. This action, while successful in recovering some funds, raises questions about the network's decentralization, as it suggests the presence of privileged actors who can halt and reverse transactions on demand.

Despite freezing a significant amount, the attacker still managed to transfer about $60 million to Ethereum, converting USDC into ETH. This incident underlines the complexities involved in the security and decentralization of blockchain networks, particularly when considering the balance between user protection and the principles of immutable decentralized finance.

The security breach has also put a spotlight on the Move programming language, which the Sui network uses. While Move is promoted as being "secure by default," the incident demonstrates that security is not solely dependent on language but also on economic design and privilege safeguards. This hack on Sui is the largest known attack on a Move-based chain, overshadowing previous incidents like the $25 million loss suffered by Aptos' Thala money market.

Interestingly, Aptos co-founder Mo Shaikh seized the opportunity to distinguish the security structure of Aptos from that of Sui. He emphasized Aptos' modular architecture and secure execution as superior features, suggesting that these advantages would eventually be recognized by the market.

The fallout from the Cetus hack is significant, with liquidity pools severely impacted and trading volumes reaching abnormal highs as exploiters moved funds off-platform. The hacked token ecosystem within the Sui network has prompted various considerations regarding its future stability and the effectiveness of its security measures as developers and stakeholders work towards fortifying the network against further vulnerabilities.

The incident has arrived at a pivotal time for Sui, which was previously gaining traction as one of the leading Layer 1 tokens alongside other notable cryptocurrencies. As the network faces scrutiny, it will need to bolster confidence in its foundational technology and security capabilities to sustain growth and establish itself as a resilient player in the competitive blockchain landscape.