Odaily Planet Daily News: Cetus officially released a report on the theft incident stating that on May 22, Cetus encountered a sophisticated smart contract attack targeting the CLMM liquidity pool. Cetus took immediate response measures to mitigate the impact. The attacker exploited an undiscovered vulnerability in an open-source library, lowering the pool price to establish a position in the high-price area, and used an overflow check flaw to inject a minimal amount of tokens into the inflated liquidity. They then repeatedly executed liquidity removal operations to extract assets from the pool, continuously exploiting unvalidated computational functions to carry out the attack, ultimately successfully stealing funds. In order to jointly maintain the maximum benefit of the entire ecosystem, with the support of most Sui verification nodes, Cetus urgently froze two Sui wallet addresses belonging to the attacker, which contained the majority of the stolen funds. The remaining stolen funds have been exchanged and cross-chain transferred to the Ethereum mainnet by the hacker. Cetus is collaborating with the Sui security team and several auditing firms to re-examine the contracts and conduct a multi-party joint audit, ensuring the secure restoration of CLMM services after validation. Additionally, Cetus will enhance on-chain monitoring, initiate further audits, and regularly publish security reports. To compensate affected LPs, Cetus is formulating a recovery plan with ecosystem partners and calling on Sui validators to support on-chain voting to expedite the return of user assets and rebuild confidence. While legal proceedings are ongoing, Cetus has also offered the attacker a white-hat return opportunity. Cetus will soon issue a final ultimatum to them. Any updates will be transparently communicated to the community by Cetus.

#ETH