Cetus Protocol hacked for $220M; $162M frozen by Sui validators.
$6M bounty offered to recover $60M in stolen ETH and frozen funds.
Hack exploited Cetus’s smart contract pricing oracle vulnerability.
Sui’s validator freeze raises concerns over network decentralization.
CETUS token drops 53%, SUI price falls 15% after exploit.
#CetusHack #SuiBlockchain #DeFiExploit #CryptoSecurity #Decentralization
On May 22, 2025, Cetus Protocol, a leading decentralized exchange on the Sui blockchain, suffered a $220 million exploit. Sui validators swiftly froze $162 million of the stolen assets, preventing further losses. The hack targeted vulnerabilities in Cetus’s smart contracts, draining liquidity pools and sparking debate about the Sui network’s decentralization.
Cetus paused its smart contracts immediately to limit damage. The attacker exploited a flaw in the Concentrated Liquidity Market Maker system, manipulating token prices with fake tokens. Approximately $60 million in stolen funds were bridged to Ethereum and converted to USDC, with two Ethereum wallets holding over $55 million in ETH.
Cetus offered a $6 million white hat bounty to the hacker. The deal allows the attacker to keep 2,324 ETH, worth $6 million, if they return the remaining funds. “Return the 20,920 ETH and frozen assets, and we’ll close the matter without legal action,” Cetus stated in a blockchain transaction message. Failure to comply could trigger legal and intelligence measures.
The Sui Foundation, alongside validators, blacklisted the attacker’s addresses. This rapid response recovered 73% of the stolen funds but raised concerns about centralized control. With only 114 validators, critics argue Sui’s ability to freeze funds undermines blockchain decentralization principles.
Swift Response Limits Damage
Sui validators acted within hours to block transactions from the hacker’s addresses. This froze $162 million in assets, protecting the ecosystem. Cetus collaborated with the Sui Foundation and cybersecurity firm Hacken to patch the vulnerability. Trading resumed after the fix.
The hack caused a 53% drop in CETUS token value and a 15% decline in SUI’s price to $3.65. Market volatility surged as confidence in Sui-based DeFi protocols wavered. The exploit exposed weaknesses in Cetus’s pricing oracle, which failed to detect the manipulation.
Cetus’s response mirrors a 2022 Solana project hack recovery strategy. Both projects, reportedly founded by Henry Du, used bounty offers to negotiate with hackers. The Solana case successfully recovered funds, raising hopes for a similar outcome. However, the hacker has not yet accepted Cetus’s offer.
Decentralization Debate Intensifies
The validator intervention sparked controversy. Freezing funds required coordinated action among Sui’s 114 validators, prompting criticism from the crypto community. Some argue this demonstrates centralized control, as validators can censor transactions. “Sui’s ability to freeze funds shows decentralization is just marketing,” one observer noted.
The Sui team explored an emergency whitelist function to bypass security checks, enabling the freeze. This move, while effective, fueled concerns about the network’s structure. With founders allegedly holding the majority of SUI’s supply, critics question the blockchain’s long-term decentralization.
Cetus continues working with law enforcement and cross-chain protocols to track the remaining $60 million. On-chain data shows the hacker’s wallet, identified as “0xe28b50,” holds 12.9 million SUI, valued at $54 million. Efforts to recover these funds are ongoing.
The incident marks the largest DeFi hack of 2025, surpassing previous breaches. It underscores persistent vulnerabilities in decentralized finance, particularly in smart contract design. Cetus’s swift action and validator coordination mitigated losses, but the event highlights the need for robust security measures.