The Sui blockchain ecosystem was rocked on May 22, 2025, when Cetus Protocol—the largest decentralized exchange (DEX) and liquidity provider on Sui—suffered a massive security breach resulting in the theft of over $223 million in digital assets. This exploit sent shockwaves through the Sui community, causing sharp declines in SUI token prices and other ecosystem-linked assets.
#1
The Hack: Malicious actors exploited vulnerabilities in Cetus Protocol’s smart contracts by deploying spoof tokens to manipulate price curves and reserve calculations. This manipulation allowed them to drain liquidity pools of real assets, including SUI and USDC.
Funds Stolen: Approximately $223 million was siphoned from Cetus, with $162 million of the stolen funds “paused” or frozen by the team in an effort to recover them. The hacker’s wallet reportedly held about 12.9 million SUI (valued at $54 million) and had already converted large amounts of USDC into Ethereum to obfuscate the trail.
Immediate Response: Cetus Protocol paused its smart contracts to prevent further theft and is working closely with the Sui Foundation and other ecosystem members to recover the stolen funds. A detailed incident report is expected soon.
What Happened?
The Hack: Malicious actors exploited vulnerabilities in Cetus Protocol’s smart contracts by deploying spoof tokens to manipulate price curves and reserve calculations. This manipulation allowed them to drain liquidity pools of real assets, including SUI and USDC.Funds Stolen: Approximately $223 million was siphoned from Cetus, with $162 million of the stolen funds “paused” or frozen by the team in an effort to recover them. The hacker’s wallet reportedly held about 12.9 million SUI (valued at $54 million) and had already converted large amounts of USDC into Ethereum to obfuscate the trail.
Immediate Response: Cetus Protocol paused its smart contracts to prevent further theft and is working closely with the Sui Foundation and other ecosystem members to recover the stolen funds. A detailed incident report is expected soon.
#2
- SUI Token: The native SUI token price plunged from $4.18 to nearly $3.80 shortly after the news broke, a drop of about 9%. It has since partially recovered to around $3.89 but remains down 3.7% over 24 hours.
- Other Tokens: Several Sui ecosystem tokens took a heavier hit. For example, Lofi (LOFI) dropped 15%, Sudeng (HIPPO) 6%, and Squirtle (SQUIRT) plummeted 91% in the same period.
- Cetus Token: CETUS, the DEX’s native token, crashed over 30%, trading near $0.15-$0.16 after the exploit.
Market Impact
- SUI Token: The native SUI token price plunged from $4.18 to nearly $3.80 shortly after the news broke, a drop of about 9%. It has since partially recovered to around $3.89 but remains down 3.7% over 24 hours.- Other Tokens: Several Sui ecosystem tokens took a heavier hit. For example, Lofi (LOFI) dropped 15%, Sudeng (HIPPO) 6%, and Squirtle (SQUIRT) plummeted 91% in the same period.
- Cetus Token: CETUS, the DEX’s native token, crashed over 30%, trading near $0.15-$0.16 after the exploit.
#3
This hack is part of a troubling trend in decentralized finance (DeFi) where multi-million-dollar cyberattacks have surged. Chainalysis reports DeFi thefts reached $2.2 billion in 2024, a 21% increase from the previous year. Centralized platforms are also vulnerable; for instance, ByBit suffered a record $1.4 billion hack earlier this year.
The Cetus exploit highlights the ongoing risks in DeFi, especially with complex smart contracts and liquidity pools that can be manipulated using spoof tokens or oracle vulnerabilities. The attacker’s use of cross-chain bridges to launder funds further complicates recovery efforts
Broader Context: DeFi Security Challenges
This hack is part of a troubling trend in decentralized finance (DeFi) where multi-million-dollar cyberattacks have surged. Chainalysis reports DeFi thefts reached $2.2 billion in 2024, a 21% increase from the previous year. Centralized platforms are also vulnerable; for instance, ByBit suffered a record $1.4 billion hack earlier this year.The Cetus exploit highlights the ongoing risks in DeFi, especially with complex smart contracts and liquidity pools that can be manipulated using spoof tokens or oracle vulnerabilities. The attacker’s use of cross-chain bridges to launder funds further complicates recovery efforts
#4
2. Security Improvements: The incident underscores the urgent need for enhanced security audits, real-time monitoring, and possibly new governance mechanisms in DeFi protocols.
3. Community Support: Industry leaders like Binance’s CZ have publicly offered support, signaling solidarity within the crypto space during this crisis.
What’s Next for Sui and Cetus?
1 . Recovery Efforts: Cetus and the Sui Foundation are actively investigating and exploring ways to recover stolen assets and restore user confidence.2. Security Improvements: The incident underscores the urgent need for enhanced security audits, real-time monitoring, and possibly new governance mechanisms in DeFi protocols.
3. Community Support: Industry leaders like Binance’s CZ have publicly offered support, signaling solidarity within the crypto space during this crisis.
#5
Main Exploit Method - Spoof tokens to manipulate liquidity pools
Wallet Involved - 0xe28b50 (active, holding ~$54M in SUI)
SUI Price Impact - Dropped from $4.18 to $3.80, partially recovered to $3.89
Other Tokens Impact - LOFI (-15%), HIPPO (-6%), SQUIRT (-91%)
CETUS Token Impact - Fell over 30% to ~$0.15
Recovery Status - $162 million paused; investigation ongoing
Quick Facts
Amount Stolen - $223 millionMain Exploit Method - Spoof tokens to manipulate liquidity pools
Wallet Involved - 0xe28b50 (active, holding ~$54M in SUI)
SUI Price Impact - Dropped from $4.18 to $3.80, partially recovered to $3.89
Other Tokens Impact - LOFI (-15%), HIPPO (-6%), SQUIRT (-91%)
CETUS Token Impact - Fell over 30% to ~$0.15
Recovery Status - $162 million paused; investigation ongoing
#6
The attack exploited smart contract vulnerabilities using fake tokens to drain real assets.
SUI’s price took a hit but showed signs of recovery, unlike some ecosystem tokens that remain deeply affected.
The incident reflects broader security challenges in DeFi and crypto exchanges.
Recovery and security upgrades are underway, with community and industry support rallying behind Sui.
Key Takeaways
The Cetus Protocol hack is one of the largest DeFi exploits on the Sui network, shaking investor confidence.The attack exploited smart contract vulnerabilities using fake tokens to drain real assets.
SUI’s price took a hit but showed signs of recovery, unlike some ecosystem tokens that remain deeply affected.
The incident reflects broader security challenges in DeFi and crypto exchanges.
Recovery and security upgrades are underway, with community and industry support rallying behind Sui.
#7
A: By using spoof tokens to manipulate liquidity pool prices and reserves, the attacker tricked the protocol into releasing real assets.
Q: Is the stolen money recoverable?
A: Part of the funds ($162 million) have been paused, and Cetus is working with the Sui Foundation to recover the rest, but full recovery is uncertain.
Q: How does this affect Sui’s future?
A: While the hack is a setback, Sui’s core token has shown resilience. The incident will likely prompt stronger security measures and governance reforms.
Q: Are other DeFi platforms safe?
A: DeFi remains high-risk due to complex smart contracts and cross-chain operations, with increasing attacks reported globally.
FAQ
Q: How did the attacker steal such a large amount?A: By using spoof tokens to manipulate liquidity pool prices and reserves, the attacker tricked the protocol into releasing real assets.
Q: Is the stolen money recoverable?
A: Part of the funds ($162 million) have been paused, and Cetus is working with the Sui Foundation to recover the rest, but full recovery is uncertain.
Q: How does this affect Sui’s future?
A: While the hack is a setback, Sui’s core token has shown resilience. The incident will likely prompt stronger security measures and governance reforms.
Q: Are other DeFi platforms safe?
A: DeFi remains high-risk due to complex smart contracts and cross-chain operations, with increasing attacks reported globally.
