Cetus Protocol is a decentralized exchange deployed on the Sui and Aptos blockchains, which resumed operations on Sunday just 17 days after suffering an attack worth $223 million.
The protocol has successfully recovered approximately $162 million in funds and has resumed operations with the help of a $30 million loan provided by the Sui Foundation. The affected liquidity pools have been restored to at least 85% of their initial value, with the remaining portion compensated in the form of CETUS tokens.
Cetus is currently pursuing legal accountability against the attacker. The attacker has rejected the settlement negotiations proposed by the protocol party and has begun attempting to launder the stolen assets.
This decentralized trading platform based on Sui and Aptos announced the restoration of all functions on Sunday after being attacked on May 22, and supplemented the original liquidity of the damaged pools by 85% to 99%. The Cetus team stated that this attack exploited an integer overflow vulnerability in the shared math library of the protocol’s smart contracts, allowing the attacker to disguise a small amount of tokens as millions of dollars in value for theft. This was the most severe attack incident in the DeFi sector in May.
However, shortly after the attack occurred, Sui validators froze funds worth $162 million and eventually returned these assets to the protocol.
Currently, Cetus has resumed operations, with the funding gap from the exploit filled by recovered assets, a cash reserve totaling $7 million, and a $30 million USDC loan provided by the Sui Foundation. Affected liquidity providers will receive compensation of 85% to 99% of their funds, with the remaining portion being released linearly over the next 12 months in the form of CETUS tokens; if more stolen assets can be recovered later, the compensation ratio may further increase.
Cetus has stated that it has identified and fixed the root cause of the vulnerability and has conducted a comprehensive audit of the protocol, while rebalancing the affected liquidity pools for relaunch.
However, assets worth tens of millions of dollars are still in the hands of the hacker, some of which have been transferred to EVM addresses and attempts are being made to launder through the mixer Tornado Cash.
Cetus stated in its announcement: "The attacker has rejected our proposed white hat settlement and has begun attempting to launder assets—this is a futile and traceable action. We are very confident that we will ultimately succeed in apprehending the attacker and recovering the remaining assets."
Blockchain security company SlowMist pointed out in its analysis of the attack that the attacker had prepared sufficient gas fees for the attack wallet two days in advance and attempted a failed version of the attack. The attacker precisely chose parameters and exploited the checked_shlw function to acquire liquidity worth billions of dollars at an extremely low cost (1 token).
SlowMist stated that this was an 'extremely complex mathematical attack.'
Cetus indicated that it will conduct a new round of comprehensive audits, upgrade the protocol's real-time monitoring systems, launch a new white hat bounty program, and revise the upcoming product roadmap.
"This relaunch is not just about the platform going back online, but it represents a rebirth," wrote Cetus.
