Sui Network has announced a $10 million investment dedicated to strengthening security across its ecosystem, a move that follows a significant $223 million exploit targeting Cetus Protocol, a decentralized exchange built on Sui.
The substantial security initiative will fund crucial areas such as smart contract audits, bug bounty programs, and the development of formal verification tools. Sui also plans to collaborate directly with developers to reinforce dApp security.
While the recent exploit on May 22 was attributed to a bug within Cetus’s custom math library and not a flaw in the Sui blockchain or its Move language, Sui acknowledged that the impact on users ultimately reflects on the broader network. The new measures aim to shift Sui’s security approach from a platform-only responsibility to one of shared accountability across its entire ecosystem, directly supporting builders and mitigating the likelihood of similar future incidents.
The $223 million Cetus Protocol exploit saw attackers manipulate liquidity positions through an arithmetic overflow vulnerability within an Automated Market Maker (AMM) function. In response, Sui validators swiftly froze approximately $162 million of the stolen assets, though roughly $60 million was bridged to Ethereum before the freeze could be fully implemented.
The incident, while not a direct attack on the Sui network, has negatively impacted market sentiment. The SUI token has experienced a nearly 10% drop since the exploit, and the network’s Total Value Locked (TVL) sharply decreased from $2.1 billion on May 22 to $1.5 billion after the attack.
Sui has also faced criticism over the weekend for proposing an on-chain vote to return the frozen funds to Cetus. Despite the foundation’s pledge of neutrality, community members voiced concerns regarding validator power and potential centralization, drawing comparisons to Ethereum’s 2016 DAO incident and reigniting debates on blockchain governance and immutability.
In an effort to recover the stolen funds and identify the perpetrators, Cetus has offered a $6 million white-hat bounty, complemented by an additional $5 million reward from the Sui Foundation for information leading to the attacker’s identification.
