Cetus Protocol hacked for $220M; $162M frozen by Sui validators.
$6M bounty offered to recover $60M in stolen ETH and frozen funds. Hack exploited Cetusās smart contract pricing oracle vulnerability. Suiās validator freeze raises concerns over network decentralization.CETUS token drops 53%, SUI price falls 15% after exploit.
#CetusHack #SuiBlockchain #DeFiExploit #CryptoSecurity #Decentralization On May 22, 2025, Cetus Protocol, a leading decentralized exchange on the Sui blockchain, suffered a $220 million exploit. Sui validators swiftly froze $162 million of the stolen assets, preventing further losses. The hack targeted vulnerabilities in Cetusās smart contracts, draining liquidity pools and sparking debate about the Sui networkās decentralization.
Cetus paused its smart contracts immediately to limit damage. The attacker exploited a flaw in the Concentrated Liquidity Market Maker system, manipulating token prices with fake tokens. Approximately $60 million in stolen funds were bridged to Ethereum and converted to USDC, with two Ethereum wallets holding over $55 million in ETH.
Cetus offered a $6 million white hat bounty to the hacker. The deal allows the attacker to keep 2,324 ETH, worth $6 million, if they return the remaining funds. āReturn the 20,920 ETH and frozen assets, and weāll close the matter without legal action,ā Cetus stated in a blockchain transaction message. Failure to comply could trigger legal and intelligence measures.
The Sui Foundation, alongside validators, blacklisted the attackerās addresses. This rapid response recovered 73% of the stolen funds but raised concerns about centralized control. With only 114 validators, critics argue Suiās ability to freeze funds undermines blockchain decentralization principles.
Swift Response Limits Damage
Sui validators acted within hours to block transactions from the hackerās addresses. This froze $162 million in assets, protecting the ecosystem. Cetus collaborated with the Sui Foundation and cybersecurity firm Hacken to patch the vulnerability. Trading resumed after the fix.
The hack caused a 53% drop in CETUS token value and a 15% decline in SUIās price to $3.65. Market volatility surged as confidence in Sui-based DeFi protocols wavered. The exploit exposed weaknesses in Cetusās pricing oracle, which failed to detect the manipulation.
Cetusās response mirrors a 2022 Solana project hack recovery strategy. Both projects, reportedly founded by Henry Du, used bounty offers to negotiate with hackers. The Solana case successfully recovered funds, raising hopes for a similar outcome. However, the hacker has not yet accepted Cetusās offer.
Decentralization Debate Intensifies
The validator intervention sparked controversy. Freezing funds required coordinated action among Suiās 114 validators, prompting criticism from the crypto community. Some argue this demonstrates centralized control, as validators can censor transactions. āSuiās ability to freeze funds shows decentralization is just marketing,ā one observer noted.
The Sui team explored an emergency whitelist function to bypass security checks, enabling the freeze. This move, while effective, fueled concerns about the networkās structure. With founders allegedly holding the majority of SUIās supply, critics question the blockchainās long-term decentralization.
Cetus continues working with law enforcement and cross-chain protocols to track the remaining $60 million. On-chain data shows the hackerās wallet, identified as ā0xe28b50,ā holds 12.9 million SUI, valued at $54 million. Efforts to recover these funds are ongoing.
The incident marks the largest DeFi hack of 2025, surpassing previous breaches. It underscores persistent vulnerabilities in decentralized finance, particularly in smart contract design. Cetusās swift action and validator coordination mitigated losses, but the event highlights the need for robust security measures.