May 22, 2025 – The leading decentralized exchange (DEX) on the Sui blockchain, Cetus, has been hit by what appears to be a major security breach.
The breach has drained liquidity from the exchange’s token pairs, triggering a steep fall in the price of $CETUS while sending the Sui ecosystem into a near-panic mode. How bad is it? Well, the exchange’s like-named $CETUS token is down over 90% on the day in some reporting, leading to estimates of damage totaling somewhere between $14 million to $35 million.
The Event: Liquidity Crisis and Market Panic
Information disseminated through social media, particularly X (formerly known as Twitter), suggested that the liquidity pools on Cetus had been completely drained, setting off a catastrophic failure of several token pairs. This crisis, however, originated not from any liquidity issues on Cetus itself but rather from the Sui stablecoin, USDC, which had a massive drop in value (allegedly to zero). As panic spread through the DeFi community, the price of $CETUS—the native token of the Cetus exchange—plummeted by over 40% within hours, vaporizing a tremendous amount of value.
The incident sent shockwaves through the Sui network as well, with the price of $SUI, the blockchain’s native token, taking a hit as liquidity and confidence drained. Cetus was supposed to be the place for DeFi on the Sui blockchain, and in the wake of the attack, it was uncertain how deep the disruption to operations might go, especially in the context of the price depth and market stability.
The Cetus team’s first assertion was that a bug in the oracle caused the incident. But analysts and the community pointed out inconsistencies in this explanation almost right away. On-chain data told a different story. According to that data, what we were seeing was an exploit, not a failed component. CertiK won the day by explaining that a fake token had been used to carry out the exploit. The fake token was presented to the system as a real token, thus allowing the exploiters to pretend they were contributing real value to the pools.
Why the Incident Could Significantly Impact $SUI
The Cetus DEX incident has serious ramifications that reach well past the platform itself. Being the primary DEX on Sui, Cetus handles the bulk of DeFi action on the blockchain. Its pools provide vital liquidity to a variety of assets on the network, and any big interruption in that service has the potential to undermine the price stability of a bunch of assets on the network, leading to huge price swings that shake everybody’s confidence in the whole ecosystem.
When liquidity drains from key pools, trading pairs become highly susceptible to slippage, making it difficult for users to execute transactions at reasonable prices. This results in a cascade of issues that can trigger panic selling across the ecosystem. Consequently, the price of $SUI, which had been riding high on robust growth and institutional interest earlier in the month, has begun to plummet. The token was up nearly 71% in May, driven by excitement surrounding potential ETF listings and institutional interest, as well as growth in decentralized finance (DeFi), and user adoption on the Sui blockchain. However, a security breach of this magnitude threatens to reverse much of that positive momentum. The loss of trust in the ecosystem, combined with the liquidity crisis, has shaken investor confidence, which has led to sharp sell-offs and a halt in some trading activities. Stablecoins, especially USDC, are particularly sensitive to these issues, as any instability with these assets can lead to broader market contagion, which heightens fears and leads to further price declines.
New Evidence Points to a Targeted Exploit
As the investigation goes on, additional evidence has emerged to indicate that the event was not just a simple bug and was instead a targeted attack. On-chain analysis has revealed that the attackers have netted $164 million and that they have it all in one wallet, which really makes you question the reach and the scale of this exploit.
The attackers used a method involving the creation of a phony token and fooling the Cetus system into accepting it as a real one. They set up a false trading pair with a tiny amount of not-real liquidity that let them take real funds from the pool over and over, with nothing of any value put back in. This kind of exploit is notably hazardous because it sidesteps traditional security measures and hits directly at the platform’s liquidity.
This new information raises questions about the assertion that the problem was just a bug in the oracle system. The use of pool math, rather than external oracles, to price assets makes the oracle bug excuse seem less plausible. The attack looks more like a planned operation that took advantage of a recently discovered vulnerability in the DEX’s liquidity management system.
The Road Ahead: Recovery or Further Collapse?
At this moment, neither Sui nor Cetus has formally confirmed what kind of attack it was. But all the evidence is pointing toward a deliberate exploit, not a mere technical glitch. Yet again, this serves as a shrill reminder of the inherent vulnerabilities of DeFi platforms and the risks of their using cross-chain liquidity pools, especially in these nascent ecosystems. All the more reason for Sui developers, in particular, and DeFi developers in general, to take a long, hard look at these architecture decisions.
The short-term trajectory of the Sui blockchain and its native token, $SUI, seems likely to be downward. The market is still processing the news that Sui was exploited, and it is apparent that the Sui community—alongside all ecosystems that contain DeFi components—now must reckon with the reality that DeFi exploits likely cannot be fully prevented. Blocking stolen funds and stopping future exploits must now be the priority of the Sui and Cetus teams.
This week has underlined the need for strong security and clear communication in the blockchain world. With $164 million in lost funds, the Cetus exploit serves as a reminder to all DeFi platforms that they need to be on guard, especially when it comes to managing liquidity and securing user assets. The daylight between Sui and Cetus’s response and a lie/coverup tells us how to regard each platform in the future.
Disclosure: This is not trading or investment advice. Always do your research before buying any cryptocurrency or investing in any services.
Follow us on Twitter @themerklehash to stay updated with the latest Crypto, NFT, AI, Cybersecurity, and Metaverse news!
The post Cetus DEX on Sui Hit by Major Security Incident, Liquidity Drained and $SUI Faces Pressure appeared first on The Merkle News.
