Cetus Protocol Exploit Drains $223 Million from Sui Blockchain, Tokens Plunge

On Thursday morning, the Sui blockchain ecosystem faced a significant setback as Cetus Protocol, a leading decentralized exchange (DEX) and liquidity provider, suffered a $223 million exploit. The incident triggered a sharp decline in several Sui based tokens on decentralized exchanges, with some assets losing over 90% of their value within hours. As the Cetus team works to address the breach, the broader Sui community is rallying to mitigate the damage and recover stolen funds.

Cetus Protocol, a cornerstone of Sui’s decentralized finance (DeFi) infrastructure, saw its liquidity pools drained of millions of dollars in the early hours of the exploit. Tokens such as LOFI and HIPPO plummeted by more than 50% within an hour, according to data from DEX Screener, while others collapsed by as much as 90%. The CETUS token itself experienced a steep decline, falling approximately 50% on decentralized exchanges and 30% across all markets, as reported by CoinGecko. While prices of Sui-based tokens on centralized exchanges initially remained more stable, the widespread liquidity drain eventually pressured broader market prices.

The attacker reportedly converted stolen assets into USDC, a stablecoin, and bridged roughly $60 million to the Ethereum blockchain, where funds were exchanged for ETH. Blockchain analytics firm Lookonchain estimated the total loss at over $260 million, though Cetus later confirmed the figure at $223 million. Security firm PeckShield corroborated the $60 million bridged USDC figure, aligning with reports of the attacker moving funds in batches of approximately $1 million. The rapid movement of funds across chains has complicated efforts to track and recover the stolen assets.

Cetus responded swiftly, pausing its smart contracts to prevent further losses. The team confirmed that $162 million of the compromised funds were successfully paused, leaving the remaining $60 million as the portion bridged off Sui. In a statement posted on X, Cetus acknowledged the incident and assured users that a thorough investigation was underway. The team is collaborating with the Sui Foundation and other ecosystem partners to develop recovery solutions and plans to release a detailed incident report.

Community Response and Clarifications

The exploit sparked debate within the Sui community about its root cause. Some argued that the incident stemmed from an oracle bug rather than a traditional hack, while others described it as an oracle exploit, given the deliberate draining of funds and cross-chain transfers. Oracles, which connect smart contracts to external data like asset prices, are critical to liquidity pools but can be vulnerable to manipulation. The exact nature of the vulnerability remains under investigation, with Cetus citing abnormal activity in its liquidity infrastructure.

The Sui Network clarified that the exploit was isolated to Cetus Protocol and did not affect the broader Sui blockchain. In a post on X, the official Sui account detailed the coordinated response, noting that Cetus worked with DeFi protocols, the Sui Foundation, and validators to protect the ecosystem. Validators identified addresses holding stolen funds and are currently ignoring transactions from those addresses to limit further damage. This collective action underscores the community’s commitment to safeguarding Sui’s DeFi landscape.

The incident has drawn attention to the risks inherent in DeFi protocols, particularly those relying on complex oracle systems. Despite the severity of the exploit, the SUI token itself has shown resilience, declining about 3.5% today amid the turmoil. The broader crypto community, including figures like Binance co-founder Changpeng Zhao, has expressed support, with major exchanges like Binance and Bybit offering assistance to Cetus and the Sui ecosystem.