The Cetus Protocol, $CETUS
a decentralized exchange (DEX) on the Sui Network, suffered a significant security breach on May 22, 2025, resulting in the loss of approximately $223 million in digital assets. This incident has raised concerns about the security of DeFi platforms, especially those on newer blockchains like Sui.
Cause of the Hack:
The attacker exploited vulnerabilities in Cetus Protocol's smart contracts by deploying spoof tokens—fake or low-value assets with manipulated metadata. These tokens were used to manipulate the protocol's pricing mechanisms, particularly within its concentrated liquidity market maker (CLMM) pools. By injecting these spoof tokens, the attacker skewed the price curves and reserve calculations, allowing them to extract substantial quantities of valuable tokens like SUI and USDC at incorrect exchange rates.
Impact:
Financial Loss: Approximately $223 million was drained from the protocol.
Token Prices: The native token, CETUS, plummeted by over 40%, and several Sui-based tokens experienced significant declines.
Platform Response: Cetus promptly paused its smart contracts to prevent further losses and is collaborating with the Sui Foundation and cybersecurity firms to recover the stolen funds.
Current Status:
As of now, Cetus Protocol is actively working to address the vulnerabilities and recover the lost assets. The incident underscores the importance of rigorous security measures and continuous auditing in the rapidly evolving DeFi landscape.
