PANews May 24 news, Slow Mist released an analysis of the Cetus theft incident. The core of this incident is that the attacker carefully constructed parameters to cause an overflow while evading detection, ultimately exchanging a very small amount of tokens for a huge amount of liquidity assets. The attacker exploited a flaw in the checked_shlw function to acquire various assets including SUI, vSUI, and USDC at the cost of 1 token. The attacker transferred some funds (USDC, SOL, etc.) to EVM addresses through cross-chain methods like Sui Bridge. They deposited 10 million USD worth of assets into Suilend, and currently, 162 million USD of stolen funds has been frozen by the SUI Foundation. Cetus has fixed the vulnerability, and Slow Mist recommends developers strictly verify the boundary conditions of mathematical functions.
Previously, Cetus confirmed that hackers stole approximately 223 million USD, and 162 million USD of the stolen funds has already been frozen.
