A seemingly minor yet critical bug in the code of the decentralized protocol Cetus has cost users a staggering $223 million. A detailed analysis by the cybersecurity firm Dedaub revealed a serious flaw in the logic of Cetus' automated market maker (AMM), which hackers were able to exploit on a massive scale.
⚠️ Subtle Bug, Devastating Consequences
According to Dedaub, the main cause of the exploit was an "overflow" bug—a technical vulnerability that arises when a system fails to handle large numerical inputs correctly during mathematical operations.
Instead of rejecting these oversized values, the system improperly truncated them, which made the resulting output appear far smaller than it actually should have been. The attacker exploited this flaw by depositing only a single token, yet the protocol mistakenly credited them with a massive liquidity position. That position was then used to withdraw substantial real assets from liquidity pools.
💻 The Bug Survived Migration to Sui Network
Even after the Cetus codebase was migrated to the Sui blockchain, the critical vulnerability remained intact. Developers did attempt to implement security checks, but the overflow protection was flawed, allowing the same type of exploit to slip through unnoticed once again.
“This incident highlights why edge cases in DeFi cannot be overlooked,” Dedaub warned, emphasizing that the complex math behind decentralized finance systems requires rigorous manual auditing and extreme caution.
📉 Fallout: Token Crash and Market Panic
The Cetus exploit occurred in the early hours of May 22, marking one of the largest financial losses ever recorded within the Sui ecosystem. Initial reports pointed to a potential Oracle error, but deeper investigation revealed that the core issue was much more serious.
The exploit led to over $223 million in losses across various liquidity pools. The breach immediately triggered a massive token sell-off, with SUI and CETUS tokens plummeting over 40% in just a few hours. Smaller memecoins and low-cap tokens suffered even more dramatic drops—some losing more than 90% of their value.
🔒 Response: Freezing Funds and Bounty Offer
In a coordinated response, the Sui Foundation worked with validators in an attempt to freeze approximately $163 million of the stolen assets. Cetus also announced a $5 million bounty for information that could lead to identifying the attacker.
📌 Summary
🔹 A simple code bug caused one of the biggest DeFi thefts
🔹 The attacker exploited an overflow bug to gain a huge liquidity position
🔹 Token prices plunged as panic spread across the market
🔹 Efforts are underway to freeze stolen funds and track the perpetrator
What’s your take on this? Are DeFi protocols still too vulnerable to replace traditional financial systems?
#defi , #CryptoNewss , #BlockchainSecurity , #CryptoSecurity , #CyberSecurity
Stay one step ahead – follow our profile and stay informed about everything important in the world of cryptocurrencies!
Notice:
,,The information and views presented in this article are intended solely for educational purposes and should not be taken as investment advice in any situation. The content of these pages should not be regarded as financial, investment, or any other form of advice. We caution that investing in cryptocurrencies can be risky and may lead to financial losses.“