On May 22, at 18:55, I urgently @everyone in the WeChat group 'immediately short 10x, LP was stolen, the project is over'.$CETUS In the following hour, the CETUS price plummeted nearly 40%, and I also made a few thousand US from it.
But this is not the whole story. As a staunch supporter of the Sui ecosystem, I quickly began to closely track the entire event. The more I learned, the more I realized that this was not just a "crash site", but a real stress test of the protocol's resilience, governance capability, and ecological cooperation.
In the end, I decided to write this record: about black swans, compensation, and restart, but more about a team's choice to bear and repair during the storm.
➤ Cause: A major security incident triggered by a technical vulnerability.
On the evening of May 22, 2025, the Cetus protocol was attacked. The attacker did not directly target the assets themselves but exploited boundary vulnerabilities in the contract's intermediate function library for liquidity management, repeatedly performing Flashswap and adding and removing liquidity operations to create false liquidity states and price signals, thereby siphoning funds.
This attack method bypassed the paths that conventional security audits can capture; the core issue lies in how the system identifies whether 'liquidity is real'. At the protocol level, everything seemed normal, but funds had already been siphoned away in a short time.
According to community on-chain tracking, the fund flows at that time were as follows:
- Total stolen assets: approximately $220 million.
- Of which approximately $60 million was quickly transferred across chains to Ethereum.
- Approximately $162 million remained frozen on-chain by Sui validators in a timely manner, with the operation completed through governance voting.
The Cetus team and Sui community reacted quickly after the incident, suspending contracts, notifying collaborative projects, and simultaneously launching risk control, but the market had already been shaken.
Within an hour of the attack occurring, public opinion rapidly fermented, with a large amount of questioning and panic emerging in the trading community and social platforms. The token price quickly dropped from a high of $0.257 USDT to $0.146 USDT, a decline of over 40%, triggering a large-scale on-chain sell-off. During this process, the market did not wait for an official response but instead made a collective reaction first.
It should be emphasized that at the time, Cetus was the largest DEX by trading volume on the Sui chain, and its LP module also supported the operation of multiple ecological protocols. The attack not only caused direct financial losses but also created a chain reaction that affected the operational stability of the entire Sui DeFi infrastructure. This is why this incident is considered one of the most systemically impactful black swans on Sui to date.
In a subsequent community AMA, the Cetus team clearly acknowledged that the issue was not due to code execution errors, but rather stemmed from contract design and mechanism assumptions themselves. They stated that they would establish a tighter risk modeling system to fill the mechanism gaps exposed by this incident in the future.
➤ Emergency response and community AMA: Choosing not to evade in the face of crisis.
The official Cetus team completed on-chain asset freezing, protocol suspension, and announcement publication within hours after the incident, and held a two-hour public AMA on June 6. Several senior community members, including Feng Mi KuiGas, Feng Wuxiang, and Haotian, raised penetrating questions, engaging in in-depth dialogue around topics such as whether the team would abandon the project, the design of the compensation mechanism, systemic risk control, and the sustainability of DAO governance.
This AMA was primarily answered by project leader Henry, who is responsible for the overall protocol architecture and compensation plan design, maintaining a firm attitude throughout, emphasizing that the team would not abandon the project or evade responsibility. BD leader Amy added clarification on the subsequent ecological direction and responded to the community's concerns about insufficient external publicity, stating that they would strengthen market-side construction.
The following is a summary of several core questions and responses:
❚ Feng Mi KuiGas (@KuiGas): Have you considered abandoning the project? How many tokens are left after compensation? Are old users taken care of?
KuiGas's question directly targets the team's motives and beliefs. Henry stated that the initial occurrence of the incident indeed had a huge psychological impact on team members, with instances of anxiety and insomnia. However, within 24 hours, the team had fully reorganized and committed to repair work, and there was never any thought of giving up. He emphasized that Cetus is a product they built from scratch, and the team has a deep emotional connection to the Sui chain and the protocol itself, also understanding that this is a direct test of their sense of responsibility.
Regarding the adjustment of token economics, Henry clearly stated that the team has included 100% of the CETUS tokens held into this compensation plan and will not reserve any special treatment for the team. After compensation is completed, if the protocol still has unallocated income or remaining token resources, all will be injected into the treasury contract managed by DAO, with subsequent use decided by community votes. At the same time, the team has also reserved future incentives and airdrop plans for old users and early contributors. His conclusion is: 'We hope that everyone not only 'gets their assets back' but can 'together redefine' the future of this protocol.'
❚ Feng Wuxiang (@0x0xFeng): Is the restart time clear? How will Cetus rebuild user trust?
In response to the community's high concern for product recovery, Feng Wuxiang raised very specific questions. Henry responded that the team has entered the countdown phase for the restart and expects to fully restore all functions within 24 hours, including Swap, LP management, reward collection, and other modules. Before going live, the final repair of user transaction data, liquidity pool reinjection, and security cross-testing still need to be completed.
As for how to restore user confidence, Henry believes this incident is an opportunity for systematic reflection. He stated that Cetus has been favored by miners and traders due to high APY and low trading costs, and the team values this trust greatly. In the future, the team will enhance system resilience from three aspects:
- Establish internal economic model simulation mechanisms and extreme scenario stress tests;
- Fully open-source contract code to enhance external scrutiny and transparency;
- Launch a white hat reward program to encourage developers to participate in finding vulnerabilities early.
He stated: We do not just want to fix a product, but to show everyone that Cetus is moving towards a safer, more transparent, and more trustworthy direction.
❚ Haotian (@tmel0211): Do you acknowledge that this is a systemic flaw in the design layer? Are losses from other protocols included in the compensation?
As a security practitioner, Haotian's question is very direct. He pointed out that the root of the vulnerability this time is not a single-point bug in the traditional sense, but a problem that crosses the boundary conditions of product design, algorithm derivation, and contract interaction. He also questioned whether the team's review was sufficiently honest and expressed concern over whether other protocols built on the foundation of Cetus would also be compensated.
Henry acknowledged this. He admitted that the team did neglect the interactive boundaries while pursuing higher performance, and that the AMM logic used concealed structural vulnerabilities that are not code-level issues, which cannot be discovered by traditional auditing tools. He added: Security is not just throwing the code to an auditing company; it requires the overall risk control ability from model to execution.
Regarding the scope of compensation, Henry emphasized that this compensation mechanism is not only aimed at Cetus users but also covers protocol parties that suffered indirect losses due to liquidity dependencies, module references, and other reasons. The relevant registration process has currently begun, and subsequent systematic subsidies and resource allocations will be provided according to the degree of impact.
❚ CRYPTO MIAO (@KaMiaoRich): After the tokens are compensated, what does Cetus have left? Can the DAO continue?
Crypto MIAO's question focuses on governance sustainability and the protocol's self-sustaining ability. He is concerned whether the team would still have governance control and the protocol's sustainability after exhausting all tokens.
Henry responded that in the past six months, Cetus' average monthly profit was approximately $1.5 million, with an annualized figure exceeding $18 million. Achieving this scale while Sui is still in its early stages indicates that the protocol itself has a stable self-sustaining ability. Future debt repayment will rely entirely on real revenue, not on issuing new tokens or diluting users.
Regarding DAO governance rights, he stated: The team will continue to propose and promote community governance in the future, and in the long term, will gradually hand over all governance rights to the community. The consensus and vitality of Cetus DAO are not supported by large holders, but rely on the long-term persistence and trust of the community.
❚ CryptoPanda (@crypandapto): Does freezing assets on Sui destroy decentralization? What do you value most in handling this?
CryptoPanda's question carries a governance philosophical tone, asking whether the freezing of assets by the Sui community through validator voting violates the principles of decentralization. Henry responded that this is a real contradiction, but also a necessary choice in reality. He stated that freezing assets in extreme risk scenarios is the optimal strategy for protecting user assets, rather than a betrayal of decentralization. He emphasized: We do not see freezing hacker assets through governance votes as centralization, but rather as the most reasonable coordination of the community in extreme situations.
He also added that what the team valued most during the entire crisis management process was not a single-point action, but three things:
- Quickly freeze assets to prevent outflow;
- Report all linked protocols in the first instance to prevent the spread of risks;
- Insist on information disclosure and transparency to ensure the community can participate in governance pace.
❚ Bxxing: Did you take the initiative to compensate due to legal pressure or moral responsibility?
Bxxing's question directly points out the general market doubt: Is Cetus's compensation plan sincere, or is it forced by circumstances?
Henry did not avoid the topic: We take this responsibility not because of legal pressure, but because it is indeed our fault. He said that in the early development stage of Sui, Cetus assumed infrastructure responsibilities, so when encountering systemic issues, it should take the initiative to shoulder the responsibility. Compensation is not the end, but a precondition for a new beginning.
In this crisis public response, the Cetus team addressed questions regarding 'whether to abandon', 'scope of compensation', 'system vulnerabilities', 'governance transfer', and 'value conflicts' one by one. Overall, the team showed a willingness to take responsibility for errors, maintain transparency, and re-establish trust with the community, while also releasing a clear roadmap for DAO governance and long-term operations. The AMA was not just an explanation meeting but an important step for Cetus to rebuild trust structures with the community.
➤ Compensation Plan: Triple funding sources + NFT voucher mechanism
In the face of over $200 million in asset losses from the protocol, Cetus launched a multi-level compensation mechanism in an attempt to restore user assets as much as possible without issuing new tokens, and to ensure the basic operation of the protocol.
The core strategy proposed by the team is "three types of funding to replenish the pool + token compensation" as follows:
❚ Three types of funding sources to supplement liquidity
To restore the attacked liquidity pools (CLMM), the project team utilized three types of asset sources:
- Attacker frozen assets: Approximately $162 million was frozen on Sui and will be returned after governance voting by validators. To reduce volatility, some assets will be exchanged on OTC or CEX and then reinjected into the pool.
- Team treasury funds: Cetus will allocate approximately $7 million in mainstream assets (such as SUI, WAL, USDY, etc.) to directly purchase missing tokens to complete each trading pair.
- Sui Foundation loan support: obtained a $30 million USDC loan from the foundation, specifically for enhancing the overall liquidity recovery speed and stability.
❚ CETUS token compensation mechanism
For users with a restoration rate of less than 100%, the protocol will compensate using CETUS tokens:
- Total compensation amount is 15% of the total supply of CETUS.
- - Of which 5% can be claimed immediately.
- - The remaining 10% will be released linearly over 12 months.
- - The first unlocking time will be June 10, 2025, UTC.
- This portion of tokens all comes from the original team holdings and unlocked portions and will not increase the total amount of tokens, therefore not constituting inflation pressure.
❚ NFT voucher mechanism
To ensure the traceability and fairness of the compensation process, Cetus has introduced a new operational process:
- All affected LP positions will receive an NFT voucher.
- Users can claim CETUS compensation with this NFT.
- Even if LPs are cleared in the future, this NFT will still be valid and will not be destroyed.
This design ensures that users can independently control their compensation eligibility while maintaining verifiable records on-chain.
➤ Supporting logic underlying Cetus: After the crisis, the foundational position becomes more evident.
The confidence in a protocol has never been built solely on growth curves and financing data; it depends more on how it demonstrates its response capability, ecological support strength, and sustainability after facing risks. From these three aspects, even though the Cetus protocol has experienced significant setbacks, it still demonstrates its core position in the Sui ecosystem.
Cetus is the first usable DEX protocol after the launch of the Sui chain and is one of the first Move applications to implement concentrated liquidity market making (CLMM) mechanisms. Many other protocols on Sui are directly or indirectly based on components or interfaces developed by Cetus. This not only means that Cetus has the label of being 'the earliest launched', but also that it is the foundational piece in the decentralized finance system of Sui.
From community feedback and official records, it can be seen that less than an hour after the incident occurred, the Sui community, validation nodes, ecological projects, and security teams quickly intervened and completed on-chain freezing of malicious addresses. Thanks to the timely response, the attack did not spread to other protocols, and the entire chain did not experience a chain reaction. This emergency response is not something that regular PR can provide, but rather a structure that the ecosystem has demonstrated in the field.
Another key fact is that after most DeFi protocols were hacked, the teams mostly chose to evade responsibility, lower compensation expectations, or even dissolve entirely. But the Cetus team made a completely different choice: to use 100% of the available team tokens for compensation, mobilizing approximately $7 million in cash from the entire treasury, and accepting a $30 million USDC loan from the Sui Foundation to cover liquidity gaps. According to AMA data, Cetus' current protocol monthly profit still maintains in the range of $1 to $2 million, and even without accounting for growth from ecological recovery, it has the ability to repay all debts within 2 to 3 years. This self-healing model based on product performance indicates that the team still has a foundation for operational capability, with no room for resource complacency.
Regarding the discussion of governance and decentralization, some external voices believe that the freezing of assets by validators is a form of centralization intervention. However, in fact, Sui has stated in its white paper that each validator node can autonomously filter address transactions in extreme scenarios, and the subsequent process of returning the frozen funds was completed entirely through on-chain voting. For ordinary users, whether the discussion is about being 100% purely decentralized may not be that important, but whether they can receive compensation in a timely manner through established governance paths when their assets are harmed is a more direct safety guarantee in reality.
On the day of the incident, the CETUS price once dropped from $0.257 to $0.146, almost halving in a short time. However, the market did not become completely disappointed; after the compensation mechanism was announced, the price stabilized in a relatively mid-range, and trading volume gradually warmed up, indicating that many users still chose to stay on-chain rather than completely exit.
The security of a protocol is not only about whether it has vulnerabilities but also whether it can quickly stop losses, protect users, and restore the system once vulnerabilities appear. Cetus's crisis management path provided a real stress test for the entire Move and Sui ecosystem and allowed people to redefine what an essential ecosystem protocol is. In this type of protocol, while technological vulnerabilities are frightening, they are more repairable and compensable than losing a sense of responsibility and community foundation.
