Cetus hack Sui blockchain, the major automated market maker and liquidity provider on the blockchain, stole almost $200 million in digital assets, hurting decentralised finance. Early evidence shows complex pricing oracle and liquidity curve manipulation, enabling an attacker to take tokens before market participants respond. This raises serious questions regarding smart contracts and the security of new DeFi networks.
Cetus on Sui Fast, Liquid, & Risk-Prone
Launched late 2023 as Sui’s principal distributed exchange (DEX), Cetus provides low-latency trading and cross-chain bridging. Thanks to incentives in its native CETUS token and extensive liquidity pools for stablecoins and altcoins, it has quickly garnered billions of dollars in total value locked (TVL). Fast finality made possible by Sui’s parallel execution engine makes Cetus a desirable substitute for Ethereum-based DEXs. However, because price-oracle design and pool invariants varied from more battle-hardened systems, this architecture also brought new avenues for exploitation.
Cetus Hack $ 200 M+ Drained via Fake Token Exploit
As of May 22, 2025, Web3 researcher COMDARE3 detected massive Cetus pool outflows on X (formerly Twitter), implying fast SUI/USDC sell-outs and big coin pairings. Blockchain analytics rapidly verified that one wallet had taken over $200 million, mainly in USDC, and crossed to Ethereum. Cetus trade was stopped using an emergency administrative tool within minutes; Sui Foundation monitoring started tracking the exploit vector. According to DEX Screener, many coins lost over 90% of their value due to attackers dumping before midday. According to on-chain data, the exploiter used fake tokens to influence the automated market maker algorithm to change absolute reserves withdrawal rates. The exact number varies depending on reports; some analytics estimate up to $260 million lost when other pools were accessed.
Price Manipulation via Fake Liquidity
According to the initial forensic investigation, the assailant used controlled pricing feeds. Their creation of harmful token pairings with ultra-low liquidity drove Cetus’s smart contracts to compute erroneous spot prices. The assailant then exchanged these fake assets for actual tokens at an advantageous ratio. Though the specifics are still under research, a flash or bridge loan most likely supplied the funds needed to start the exploit. PeckShield noticed further movements of $10 million in SUI into the Suilend lending system, presumably to collateralise borrowings in stablecoins.
Panic Selloff & Rapid Liquidation
Once word of the hack leaked, panic selling swept across SUI-based tokens. Reflecting worries about network health and contagion risk, the SUI token dropped by almost 8 per cent on main spot markets. Within hours, Cetus’s own CETUS coin fell by 40 per cent, wiping billions of dollars in market value. As pool reserves disappeared, liquidity providers discovered their collateral stranded, leading to immediate withdrawals and price slippage across other Sui DEXs.
On-chain data shows that the exploiter’s wallet had over 267 assets before experiencing outflows. Cross-chain bridge usage and speedy liquidation lowered the wallet’s balance from 12.9 million SUI (approximately $54 million) to less than $5 million in raw tokens in an hour.
Emergency Halt & Recovery Efforts
Cetus engineers issued an emergency statement confirming the exploit and stopping all smart contracts. They said they actively coordinated with law enforcement liaison teams and forensic companies. Once the root cause analysis is finished, a thorough post-mortem is guaranteed. While pushing community members to avoid engaging with dubious contracts, the Sui Foundation has provided technical help and incentives for identifying the attacker.
Users of Discord and Telegram noticed heavy traffic as they waited for word on possible refund policies and money recovery measures. Though official voting has not yet occurred, Cetus’s governance forum disclosed ideas to bootload an insurance fund using protocol fees.
Key Security Lessons for New Blockchains
This hack highlights the structural flaws in newly created blockchains. Sui’s new move model and parallel execution need tailored security checks, unlike Ethereum’s developed DeFi scene. Older audit companies like CertiK and SlowMist have to modify their systems to fit Sui’s object-centric smart contract language. Nowadays, regular monitoring via on-chain analytics tools such as Chainalysis, Astraea, and PeckShield is critical.
The event will probably hasten the acceptance of distributed oracles (such as Chainlink, Band Protocol) over self-managed pricing feeds. It also emphasises the importance of multi-sig governance over essential tasks and time-lock systems to provide an emergency freezing reaction window. DeFi customers can better grasp these changing risks by consulting our in-depth tutorial on smart contract audits and risk reduction.
Recovery Plans Underway
Cetus is looking at building a retroactive airdrop for liquidity providers who had assets at the time of the attack to make up for lost users. Talks at the forum on governance also review future protocol fee distribution to a community treasury. Third-party providers like Nexus Mutual and InsurAce may reimburse losses, although claim processes and damage evidence may take time.
Under a “no questions asked” approach, white hat hackers are open to returning pilferers free from consequence. Similar strategies have worked in earlier attacks, most famously the 2022 Cream Finance hack, in which the exploiter refunded most money under a reward deal.
Security Spotlight on Sui DeFi
The reported hack of Sui DEX Cetus might cost at least $200 million, putting the Sui network and DeFi ecosystem at risk. Security audits, distributed governance, and strong oracle architecture are needed while engineers persistently find defects and recover assets. Increased awareness and diverse risk control are more vital for DeFi users than anything else.
