Latest news
4 min read
128

Cetus DeFi Platform on Sui Blockchain Hacked for $260M, Majority of Funds Recovered

Julian Maddox
May 23, 2025
0
Cetus DeFi Platform on Sui Blockchain Hacked for $260M, Majority of Funds Recovered

Cetus, the largest decentralised finance (DeFi) platform on the Sui blockchain, was exploited on Thursday, 22 May, resulting in the theft of over $260 million in various crypto assets. The incident marks the biggest DeFi hack in Sui’s short history, dealing a significant blow to its growing ecosystem.

Major Exploit Targets CLMM Vulnerability

According to a postmortem report by blockchain security firm Dedaub, the attacker exploited a vulnerability in Cetus’s Concentrated Liquidity Market Maker (CLMM) system. At the core of the breach was an arithmetic overflow in the “tick account” mechanism, used to manage liquidity ranges.

Using a small initial investment and a flash swap of 10 billion haSUI tokens with maximum slippage, the attacker manipulated the tick range and added minimal liquidity. When withdrawing, the overflow bug enabled them to extract an outsized amount of real tokens. The hacker further used fake tokens such as BULLA to distort price feeds, enabling them to drain assets from other liquidity pools including SUI/USDC.

Assets Drained, Tokens Crash

The attack led to the loss of a broad range of assets:

  • 12.9 million SUI (approx. $54 million)
  • $60 million in USDC
  • $4.9 million in Haedal Staked SUI
  • $19.5 million in TOILET tokens
    Other lesser-known tokens like HIPPO and LOFI crashed by 75–80% due to vanishing liquidity. The exploit continued until Sui’s development team intervened by pausing the affected smart contract at 3:52 AM PT.

Swift Response Recovers Majority of Funds

In the hours following the attack, the hacker attempted to launder the stolen funds by bridging them to Ethereum in $1 million batches, with some routed through Tornado Cash. However, Sui validators quickly froze around $162 million of the stolen assets.

Cetus, in collaboration with the Sui Foundation and cybersecurity firm Hacken, patched the vulnerability and resumed operations. The team is actively investigating the remaining stolen funds.

As a recovery incentive, Cetus has offered a $6 million white hat bounty to the attacker for the return of 20,920 Ether (worth over $55 million) and other frozen assets. The message, embedded in a blockchain transaction, stated the hacker could keep 2,324 ETH ($6M) if they returned the rest, promising no legal or intelligence action if the offer is accepted. Cetus has also warned of “full legal and intelligence escalation” should the hacker attempt to off-ramp or further obscure the assets.

Controversy Over Emergency Measures

In a bid to recover funds, the Sui development team deployed an emergency function allowing select transactions to bypass typical security checks. This capability, likely used to retrieve funds linked to the exploit, involved cooperation from Sui validators.

Chaofan Shou, a software engineer at Solayer Labs, noted that the team had requested validators to implement the patched code that could facilitate fund recovery via an unsigned transaction. While validators have refrained from fully deploying the patch, they are currently blocking transactions tied to the hacker’s wallet.

The move has stirred debate among decentralisation advocates, who argue that such override mechanisms conflict with the ethos of a permissionless blockchain. However, others in the crypto community view the quick and coordinated action as a sign of maturity and evolving best practices in security response.

SUI Price Falls Amid Market Uncertainty

The hack has taken a toll on investor sentiment. SUI, the native token of the Sui blockchain, experienced a sharp drop after failing to sustain a rally past $4.20. At the time of writing, it is trading around $3.85, with daily trading volumes surging by 45% to $3.4 billion.

This comes just a week after SUI outpaced established tokens like XRP and ADA in institutional inflows, reflecting strong bullish momentum. However, the exploit has since cast doubt over the platform’s readiness for large-scale adoption.

As Cetus and the Sui Foundation work to recover the remaining stolen funds and strengthen the network’s security, the next few weeks will be critical in restoring user confidence and ecosystem momentum.

Tags:

About Author
Julian Maddox
View All Articles
Check latest article from this author !
Bithumb Recovers Nearly All Excess Bitcoin After Promotional Error

Bithumb Recovers Nearly All Excess Bitcoin After Promotional Error

February 8, 2026
Block May Cut Up to 10 Percent of Workforce as Part of Business Overhaul

Block May Cut Up to 10 Percent of Workforce as Part of Business Overhaul

February 8, 2026
Pump.fun Strengthens Trading Stack With Vyper Acquisition

Pump.fun Strengthens Trading Stack With Vyper Acquisition

February 6, 2026
Pakistan
Previous Post

Next Post

Related Posts

Hive Digital Pivots from Crypto Mining to AI Data Centers

Hive Digital Pivots from Crypto Mining to AI Data Centers

admin
September 30, 2024
Bitcoin Tumbles Below $64K as Surprise Japan Prime Minister Choice Triggers 5% Plunge in Nikkei

Bitcoin Tumbles Below $64K as Surprise Japan Prime Minister Choice Triggers 5% Plunge in Nikkei

admin
September 30, 2024
Bitcoin Price to Surge 210%, Predicts CleanSpark CEO

Bitcoin Price to Surge 210%, Predicts CleanSpark CEO

admin
October 1, 2024
Eigen Layer’s $EIGEN Token Debut markets at $6.51B FDV

Eigen Layer’s $EIGEN Token Debut markets at $6.51B FDV

admin
October 1, 2024

Cryptocruize is your trusted source for the latest news and insights in crypto and Web3. We provide timely updates and in-depth research to help you navigate the fast-paced digital asset landscape with confidence

Instagram X-twitter Linkedin Telegram

Blockchain

News

Copyright © 2024. All rights reserved.