My dear, the biggest news in the cryptocurrency world yesterday must be the hacking of Sui Chain's Cetus exchange! 💥 This operation has turned the entire ecosystem upside down. Let's have a detailed version🍉
Timeline of events
👉 At 18:31 UTC+8 on May 22, the hacker address 0xe28b...e8ff06 suddenly took action and emptied all the SUI-denominated mining pool liquidity on the Cetus platform like a swarm of locusts, and then transferred a large amount of USDC to Ethereum through the Wormhole cross-chain bridge. The whole process took only 30 minutes! 🚀 This speed is faster than me grabbing milk tea...
Hacker Techniques
Initial suspicion is that it is a reentry attack or oracle price manipulation, which is very similar to the routine of Cream Finance in 2021. Simply put, it is to repeatedly fleece the wool by exploiting the contract logic loopholes, and may even manipulate the price curve, using the pool as an ATM to withdraw SUI and USDC. 💸 At present, the hackers have taken away a total of 260 million US dollars, of which 60 million USDC was exchanged for ETH (average price of 2652 dollars), and the remaining 12.98 million SUI are still in their hands. This wave of operations is really 666...
Project side response
After discovering the anomaly, the Cetus team suspended the smart contract in seconds and joined hands with the Sui Foundation to freeze the stolen funds of $162 million. However, some netizens complained: "If the validator says to freeze, is this chain still decentralized?" Indeed, this wave of operations has questioned Sui's anti-censorship ability, just like your community security guard suddenly says to lock your safe. Although it is to prevent thieves, it always feels weird...
Market reaction
The price of SUI was a roller coaster that day🎢, but users asked to remove the plunge, let's just say "violent fluctuations"! Cetus's CETUS token fell 50% in 1 hour, and other eco-coins like HIPPO and LOFI were cut in half again and again. The depth of the liquidity pool directly returned to zero, and users were frantically withdrawing their funds. TVL fell from 30 million to 21 million. This wave of panic is comparable to the zombie siege...
Conspiracy theory?
Xiaopang's analysis: This wave of operations is most likely a pure technical loophole being exploited, rather than the capital deliberately releasing information. After all, the hacker directly cashed out 57.66 million USDC. If they really wanted to plot, they should cooperate with the market to dump the market and then absorb the funds at a low price. However, it is not ruled out that someone is taking advantage of the situation - for example, hackers and some big investors jointly shorted, or the project side directed and acted for the sake of popularity? But there is no solid evidence at present, so let's wait and see the follow-up progress.
Advice for leeks
1. Small currencies that have recently moved away from the Sui ecosystem, especially those with poor liquidity, are prone to being smashed
2. Cross-chain bridge projects are high risk. Wormhole was hacked for 326 million before, and it was hacked again this time. It is recommended to avoid it for the time being
3. If a DeFi project is hacked, don’t rush to buy at the bottom, wait for the security audit results to come out.
Finally, I would like to remind you that although DeFi is attractive, safety comes first! Next time you encounter flash exchange, high-yield mining pools, etc., think about whether the sickle is waiting for you. What do you think of this wave of operations? Chat in the comment section~
Remember to like + follow, your likes and attention are the motivation for Xiaopang to continue updating😘#sui #黑客攻击 $SUI