Cetus responds to the attack of smart contracts on the liquidity pool

According to BlockBeats, Cetus has published a report detailing a sophisticated smart contract attack on its CLMM liquidity pool that occurred on May 22. The attack exploited an undiscovered vulnerability in an open-source library, allowing the attacker to manipulate the pool's prices and inject minimal tokens into inflated liquidity. This was followed by repeated asset extraction through uncontrolled calculation functions, resulting in the theft of funds.

In response, Cetus quickly froze two Sui wallet addresses that contained the majority of the stolen funds, with the support of most of the Sui validating nodes. The remaining stolen assets were swapped and transferred cross-chain to the Ethereum mainnet.

Cetus is collaborating with the Sui security team and multiple auditing firms to review contracts and carry out a joint audit to ensure the safe resumption of CLMM services. The company plans to enhance on-chain monitoring, initiate additional audits, and publish security reports regularly. To compensate the affected liquidity providers, Cetus is working with ecosystem partners to develop a recovery plan and is urging Sui validators to support on-chain voting to expedite the return of assets and rebuild user trust.

While legal proceedings are underway, Cetus has offered the attacker the opportunity to return the funds under a white hat agreement and is preparing to issue a final ultimatum. Cetus will continue providing transparent updates to the community as developments occur.