According to Cointelegraph, blockchain security firm Dedaub has released a detailed report following the hack of the Cetus decentralized exchange, pinpointing the exploit of liquidity parameters as the root cause. The attack was facilitated by a flaw in the automated market maker's (AMM) code, specifically an oversight in the most significant bits (MSB) check. This vulnerability allowed hackers to manipulate liquidity values significantly, enabling them to establish large positions with minimal token input and subsequently drain pools containing hundreds of millions of dollars worth of tokens.
The incident highlights a growing concern within the crypto and Web3 sectors regarding cybersecurity vulnerabilities. Industry leaders have repeatedly emphasized the need for robust security measures to protect users and prevent regulatory intervention. The hack, which occurred on May 22, resulted in $223 million in losses for Cetus users within just 24 hours. In response, Cetus and the Sui Foundation announced that Sui network validators managed to freeze a substantial portion of the stolen assets, totaling $163 million, on the same day.
However, the decision to freeze these funds has sparked debate within the crypto community. Advocates of decentralization have criticized the move, arguing that it contradicts the fundamental principles of blockchain technology. Critics claim that the intervention by Sui validators represents a shift towards centralization, undermining the decentralized ethos that many Web3 projects claim to uphold. This sentiment was echoed by users on social media, with one post on X stating that the actions of the validators effectively transform the network into a centralized, permissioned database. Steve Bowyer, in a May 23 post, pointed out the irony of Web3 projects backed by venture capitalists leaning towards centralization despite their purported alignment with Bitcoin's decentralized philosophy.
