The Cetus Exploit: A Shock to the Sui Ecosystem
In late May 2025, the Sui network faced a major security crisis when Cetus Protocol, its largest decentralized exchange (DEX) and liquidity provider, was exploited for an estimated $223 million. The incident immediately impacted the Sui ecosystem, causing the value of its native token, SUI, to drop and triggering a collapse of over 90% in some Sui-based tokens. The hack targeted the core liquidity pools, directly threatening market depth and stability on one of Sui’s most critical DeFi infrastructures.
How the Attack Unfolded
The attacker exploited a flaw in Cetus’s smart contract code, specifically targeting its pricing mechanism . The method involved a calculated series of steps:
-
Manipulating the Price Feed: The attacker used fake or “spoof” tokens (such as BULLA) to inject into Cetus’s liquidity pools. These tokens, which had no real value, were used to distort the protocol’s internal price calculations and reserve logic.
-
Draining Real Assets: By exploiting this broken price curve, the attacker was able to repeatedly withdraw valuable assets like SUI and USDC from the liquidity pools without depositing any meaningful collateral, effectively draining them of real funds.
-
Cross-Chain Obfuscation: In an attempt to launder the stolen funds, the attacker quickly bridged a portion of the assets—over $60 million—to the Ethereum network, converting them into other cryptocurrencies to obscure their trail.
Immediate Fallout and Market Impact
The exploit sent ripples across the Sui ecosystem and broader market, highlighting several vulnerabilities:
-
Liquidity and Token Prices: The direct draining of pools led to a dramatic loss of liquidity. Cetus’s native token, CETUS, fell by 40%, while many other tokens in its pools lost most of their value. The event also jeopardized the bullish momentum SUI had built in the preceding weeks.
-
Contagion and Protocol Halts: The shockwaves prompted other protocols on Sui to take preventative measures. For instance, the money market Scallop halted all borrowing on its platform as a safety precaution, indicating a loss of immediate confidence in the ecosystem’s stability .
-
The Audit Dilemma: Preliminary analysis revealed that the vulnerability lay in a math library and a flawed pricing mechanism, issues that had managed to slip past several prior smart contract audits. This underscores a persistent industry-wide challenge where audits, while essential, are not a foolproof guarantee against novel attack vectors.
The Unconventional Recovery Effort
The response to the hack was notable for its speed and the unconventional measures taken by the Sui community:
-
Freezing the Funds: Sui network validators collaboratively identified and voted to freeze the attacker’s addresses, successfully locking approximately $162 million of the stolen funds on-chain .
-
A Governance Vote to “Hack Back”: In a controversial move, the Sui community voted on a governance proposal to forcibly retrieve the frozen funds from the attacker’s wallet. This action, which some critics argue challenges the trustless nature of blockchains, was passed to return the assets to their rightful owners.
-
Ensuring User Compensation: To make affected users whole, Cetus secured a loan from the Sui Foundation. This, combined with the protocol’s own treasury and the recovered frozen funds, aims to ensure 100% reimbursement for users affected by the exploit.
