$SUI On May 22, 2025, Cetus Protocol, a leading decentralized exchange (DEX) and liquidity provider on the Sui blockchain, was reportedly exploited, resulting in significant financial losses. Here’s a detailed breakdown based on available information:
- **Incident Details**: The exploit led to a massive drain of liquidity from Cetus Protocol’s pools, with estimates of losses ranging from $11 million to over $260 million in digital assets. The attacker manipulated vulnerabilities in the protocol’s smart contracts, specifically using spoof tokens (e.g., BULLA) to exploit miscalculated price curves and broken reserve mathematics. This allowed the attacker to extract real assets like SUI and USDC without depositing equivalent value.[](https://coindoo.com/cetus-protocol-hacked-for-260m-sui-defi-in-crisis-as-binance-steps-in/)[](https://www.banklesstimes.com/articles/2025/05/22/cetus-main-sui-lp-provider-drained-of-260m-following-alleged-hack/)
- **Impact on the Sui Ecosystem**: The hack caused widespread panic, leading to a severe depegging of USDC on the Sui network, which traded at fractions of a cent, and significant price drops for various tokens. Assets like Lombard Staked BTC (LBTC), AXOLcoin (AXOL), BULLA, and MOJO saw losses of 75% to nearly 100%. Liquidity for some trading pairs dropped to as low as $143,000, and trading functionality on Cetus was halted.[](https://cryptonews.com/news/cetus-protocol-hacked-for-200m-sui-price-crashes-as-60m-usdc-moved-to-ethereum/)[](https://www.banklesstimes.com/articles/2025/05/22/cetus-main-sui-lp-provider-drained-of-260m-following-alleged-hack/)
- **Attacker’s Actions**: The attacker’s wallet (address 0xe28b50) reportedly holds over 32.9 million SUI, valued at approximately $54 million, with evidence of funds being converted to USDC and bridged to Ethereum for further exchange into ETH. Approximately $60 million in USDC was cross-chained to Ethereum.[](https://coindoo.com/cetus-protocol-hacked-for-260m-sui-defi-in-crisis-as-binance-steps-in/)[](https://www.banklesstimes.com/articles/2025/05/22/cetus-main-sui-lp-provider-drained-of-260m-following-alleged-hack/)
- **Cetus Team’s Response**: The Cetus team paused their smart contracts to prevent further losses and announced an ongoing investigation. They attributed the issue to a potential oracle bug rather than a direct hack, though no official statement has confirmed the root cause as of the latest updates.[](https://crypto.news/sui-lp-provider-cetus-allegedly-drained-of-11m-sui-hack-or-bug/)[](https://x.com/CetusProtocol/status/1925515662346404024)
- **Market Reaction**: The $SUI token experienced a sharp price drop due to panic selling, with trading volume spiking by over 35% within hours of the incident. However, SUI prices remained relatively stable on centralized exchanges. High-leverage traders, such as James Wynn Real, capitalized on the volatility, with one trader reportedly earning $257,000 in unrealized profits from a long position on SUI.[](https://blockchain.news/flashnews/cetus-protocol-hack-on-sui-chain-causes-sui-price-drop)
- **Security Context**: Cetus Protocol had previously emphasized robust security through audits by firms like OtterSec and MoveBit, focusing on its open-source smart contracts and permissionless design. The incident has raised concerns about the security of DeFi protocols on emerging blockchains like Sui, highlighting vulnerabilities in oracle integrations and smart contract logic.[](https://www.cetus.zone/)[](https://www.kucoin.com/blog/en-kucoin-ama-with-cetus-protocol-cetus-pioneer-dex-and-concentrated-liquidity-protocol-built-on-sui-and-aptos)
- **Current Status**: The Cetus team has advised users to avoid interacting with affected contracts or pools until further notice. Binance CEO CZ expressed support, indicating potential coordination to address the crisis. The Sui ecosystem remains in crisis mode, with ongoing investigations to assess the full extent of the damage.[](https://coindoo.com/cetus-protocol-hacked-for-260m-sui-defi-in-crisis-as-binance-steps-in/)[](https://www.banklesstimes.com/articles/2025/05/22/cetus-main-sui-lp-provider-drained-of-260m-following-alleged-hack/)
