Cetus Protocol, a decentralized exchange on the Sui and Aptos blockchains, relaunched on June 8, 2025, just 17 days after suffering a $223 million exploit. Here is a detailed account:
The Exploit Incident
Cause: On May 22, 2025, an attacker exploited a pricing mechanism flaw in Cetus Protocol’s concentrated liquidity market maker smart contract. Specifically, they manipulated pool prices using a flash swap, taking advantage of an overflow check error in an open – source library. This allowed them to inject artificially large liquidity value with a minimal amount of tokens and repeatedly remove liquidity to siphon assets.
Impact: The attack resulted in approximately $260 million in digital assets being stolen, causing the Sui token price to drop by about 15%.
Response and Recovery
Freezing Assets: After the attack, the Cetus team quickly suspended smart contract operations and worked with the Sui foundation and validators to identify and freeze the attacker’s wallet addresses, managing to secure around $162 million of the compromised assets.
Relaunch Preparations: The Cetus team obtained a $30 million USDC loan from the Sui foundation and used $7 million of its own reserves. They patched the software vulnerability that led to the hack, restored pool data to the correct pricing, and conducted security audits on all code fixes and contract upgrades.
Liquidity Pool Restoration: Affected liquidity pools were replenished using a combination of the recovered assets, cash reserves, and the loan. The current recovery rate is between 85% and 99%, depending on how much each pool was drained during the attack. For users whose positions were in pools that weren’t affected, liquidity stays the same. Those who have positions in compromised pools will see their liquidity provider services return to normal, and their position NFTs will serve as proof that they can seek compensation through the protocol’s new Cetus token mechanism.
Compensation Plan: As part of a compensation plan for affected users, 15% of the protocol’s native Cetus token supply is being set aside, with 5% available immediately and 10% linearly unlocked every month over the next year, starting June 10.
Future Plans
Open – Source Initiative: The Cetus team is moving toward being fully open – sourced, with a new white – hat bounty program to “encourage collective technical and security contributions”. By opening up its code, Cetus hopes to leverage the collective intelligence of the developer community to identify and address potential vulnerabilities more effectively.
Enhanced Security Measures: There are plans to upgrade the protocol monitoring system and conduct additional rounds of security audits. The team also wants to improve its real – time monitoring systems.
Legal Action: Cetus said legal action is still on the cards, with legal proceedings launched in “multiple jurisdictions” and law enforcement agencies “actively involved” as well. The team is highly confident that the successful arrest of the attacker and the recovery of the remaining assets is only a matter of time.
Related topic:
- Pakistan’s crypto minister met with Wall Street giants to discuss the prospects of Web3 cooperation
- Sky Lianchuang has used pledge rewards to repurchase 4.33 million SKY tokens in the past two days
- After being silent for three years, a certain whale deposited 10.045 billion SHIB into Binance, worth approximately 1.21 million US dollars
