On May 22, hackers exploited a vulnerability in the Cetus Protocol, a decentralized liquidity provider on the SUI blockchain, resulting in the theft of approximately $223 million in digital assets. The breach, attributed to a flaw in an open-source library used by Cetus’ smart contract for liquidity pools, allowed the attackers to manipulate pool pricing and repeatedly drain token reserves.
According to a post-mortem released by Cetus, the attackers exploited weaknesses in the protocol’s tick and liquidity mechanisms. By leveraging this vulnerability, they managed to extract funds across several cycles of the exploit.
Attack Sequence and Fund Movement
The hackers initially converted USDT into USDC — stablecoins issued by Tether and Circle, respectively. They then bridged the funds to the Ethereum blockchain and swapped them into Ethereum’s native token. Blockchain analytics firm Elliptic confirmed the path and identified two SUI wallet addresses and two Ethereum wallets linked to the attackers.
Response and Asset Recovery
Cetus immediately paused the affected smart contracts upon discovering the attack. The company, working alongside the Sui Foundation and other ecosystem partners, successfully froze $162 million of the stolen assets, limiting the attackers’ access to the full sum. Despite the breach, Cetus confirmed that plans are underway to restore all affected funds.
“We are actively working on recovery efforts and collaborating with the community to retrieve the remaining funds,” the protocol stated.
Whitehat Bounty and User Reimbursement
In a bid to recover more funds, Cetus has offered the attackers a “whitehat settlement,” allowing them to keep $6 million as a bounty if they return the rest of the stolen assets.
Cetus also announced plans to fully reimburse users. Using its cash reserves, token treasuries, and a critical loan from the Sui Foundation, the protocol claims it can cover all off-chain losses—pending approval in an upcoming community vote.
“This plan makes 100% recovery for all affected users possible,” the company shared on X.
Context
This breach ranks as the second-largest crypto hack of 2025, trailing only the $1.5 billion theft from Bybit earlier this year. It underscores the persistent security risks associated with decentralized finance protocols and the critical importance of rigorous smart contract auditing.
