According to Cointelegraph, Cetus Protocol, a decentralized exchange native to the Sui blockchain, is transitioning to an open-source model following a significant security breach in May that resulted in a $220 million exploit. The attack, which occurred on May 22, exploited a flaw in the pricing mechanism, allowing the attacker to drain tokens from the exchange's major liquidity pools. In response, Cetus managed to freeze $162 million of the stolen funds shortly after the incident.
Prior to the attack, Cetus had been experiencing a surge in trade volume, with over $5 billion recorded in both April and May, despite the shutdown following the exploit. In a Medium post dated June 7, the Cetus team announced their move towards becoming fully open-sourced, introducing a new white bounty program aimed at encouraging collective technical and security contributions. As part of their relaunch efforts, the team worked tirelessly to patch the software vulnerability, restore pool data to accurate pricing, and conduct comprehensive security audits on all code fixes and contract upgrades.
To replenish the affected liquidity pools, Cetus utilized a combination of $7 million in cash reserves, a $30 million USDC loan from the Sui Foundation, and some of the recovered assets from the attacker. However, not all pools were fully restored, with recovery rates ranging from 85% to 99%, depending on the extent of the drain during the attack. In an effort to compensate affected users, Cetus has allocated 15% of its native token supply, CETUS, for a compensation plan. This includes 5% available immediately and 10% to be unlocked linearly over the next year, starting June 10.
Despite the relaunch, the CETUS token has seen a decline, dropping over 12% in the last 24 hours to trade at $0.11, as reported by CoinGecko. The protocol is also planning to enhance its monitoring system and conduct additional security audits. Legal actions are underway, with proceedings launched in multiple jurisdictions and law enforcement agencies actively involved. Cetus remains confident in the eventual recovery of the remaining assets, despite the attacker's attempts to launder the stolen funds. The day after the hack, Cetus had offered a white hat bounty of up to $6 million to the exploiter for the return of the stolen 20,920 Ether and the $162 million in frozen funds on the Sui blockchain.
