In May 2025, the DeFi world was rocked by one of the most significant security breaches in recent history. Cetus Protocol, a leading decentralized exchange (DEX) and liquidity protocol on the Sui blockchain, fell victim to a sophisticated hack that resulted in losses exceeding $200 million . This incident not only sent shockwaves through the DeFi community but also raised serious concerns about the security of smart contracts and the robustness of protocols built on emerging blockchains like Sui.

Cetus Protocol had established itself as the premier DEX on the Sui Network, offering users a platform for swapping tokens and providing liquidity. As a key infrastructure component within the Sui ecosystem, Cetus played a critical role in facilitating decentralized trading and contributing to the network’s overall liquidity. Its prominence made it an attractive target for malicious actors seeking to exploit vulnerabilities in its codebase.

The Cetus Hack Unfolds

The breach occurred on May 22, 2025, when attackers identified and exploited a critical flaw in Cetus’ smart contract logic. Specifically, the vulnerability stemmed from a subtle arithmetic overflow bug that allowed the hacker to manipulate the internal accounting mechanisms of the protocol. By deploying spoof tokens and manipulating price curves within liquidity pools, the attacker was able to drain vast amounts of funds without triggering immediate detection systems.

At approximately 3:52 AM PT (11:52 UTC), blockchain monitors began detecting irregular transactions across several liquidity pools on Cetus. Within hours, the extent of the damage became clear—over $260 million worth of assets had been siphoned from the protocol. The stolen funds were quickly swapped and bridged to other blockchains, complicating recovery efforts.

Impact on the Market and Sui Ecosystem

The aftermath of the hack was swift and severe. Trading on Cetus was immediately halted as developers scrambled to assess the situation and mitigate further losses. Meanwhile, the value of native tokens associated with the platform plummeted, with some experiencing drops as high as 80% in a matter of hours. Investors and users faced massive losses, and confidence in the Sui ecosystem was shaken.

One particularly alarming development came when the Sui network attempted a controversial countermeasure: voting to freeze the attacker's wallet containing $160 million of the stolen funds. While this move demonstrated a proactive approach to asset recovery, it also sparked debates about decentralization principles and whether such actions undermined trust in the immutability of blockchain transactions.

In a momentum, $SUI lost 5% and $CETUS +- 40%, that jump was both incredible and terrifying.

Technical Details of the Cetus Protocol Exploit

According to analysis provided by cybersecurity firm Halborn, the root cause of the exploit lay in how Cetus validated certain arithmetic operations during token swaps. An oversight in handling large numbers led to an overflow condition, which the attacker cleverly manipulated to create artificial imbalances in liquidity pools. These imbalances were then exploited to extract real assets from the system without proper compensation to liquidity providers.

This type of vulnerability is particularly insidious because it does not always manifest under normal operating conditions; instead, it requires specific edge cases involving very large values or unusual transaction sequences to trigger. Such bugs are notoriously difficult to detect during standard audits and testing phases, making them prime candidates for exploitation by well-resourced adversaries.

Response and Recovery Efforts from Cetus and Sui Foundation (aka Mysten Labs)

During the attack, around $160 million has reportedly been frozen and will be returned to Cetus pools. That's why all Sui foundation initiated a voting to unfreeze this tokens.

Following the attack, the Cetus team issued public statements acknowledging the breach and outlining steps toward resolution. They worked closely with blockchain analytics firms like Elliptic and Chainalysis to track movement of stolen funds and identify potential avenues for recovery. Additionally, discussions emerged around implementing emergency upgrades to patch existing vulnerabilities and enhance future resilience against similar attacks.

Community members expressed mixed reactions to these developments. While many praised the transparency shown by Cetus’ leadership post-hack, others criticized the lack of preparedness for such scenarios and questioned whether sufficient safeguards had been implemented prior to launch.