On the evening of May 22, 2025, Cetus Protocol (CETUS)—a decentralized AMM DEX built on the Move language, operating simultaneously on the Sui and Aptos blockchains—became the victim of a serious protocol attack, resulting in the complete depletion of liquidity in its pools.
According to analysis from on-chain investigation experts, the attacker withdrew approximately $11 million worth of SUI tokens from the SUI/USDC pool, causing a price collapse of over 75% for most tokens, leading to a total drain of liquidity on Cetus.
A trace of the attacker’s wallet (address “0xe28b…e8ff06”) on Suiscan showed that the hacker withdrew liquidity from various Cetus pools and then swapped it for SUI. Currently, the hacker holds assets worth about $260 million, including 12.989 million SUI (equivalent to $54 million), and has begun transferring assets to other blockchains for money laundering.
The CTO of HackenProof initially hypothesized that the attacker exploited a vulnerability through the following process:
- Used spoofed tokens (e.g., BULLA → SUI) for swapping, exploiting flaws in the pricing mechanism or the reserve calculation formula of the pool.
- Added liquidity with a near-zero value, manipulating the internal state of the pool or creating fake trading pairs.
- Repeatedly withdrew liquidity, exploiting accounting discrepancies to drain real SUI/USDC without providing actual assets.
In a recent announcement, Cetus Protocol—leading DEX on Sui—confirmed that the hacker stole assets valued at $223 million. However, $162 million of that has been frozen on Sui and is likely to be recoverable. The project is closely coordinating with the Sui Foundation and related organizations to recover these funds.
Related: What is Cetus Protocol? Information about CETUS Token
The Sui Foundation stated that they have been working with most validators to reach a temporary consensus not to process transactions from the hacker’s suspicious wallets until a further course of action is determined, in order to protect the interests of the ecosystem and users.
However, the attack has had a severe impact on the entire Sui ecosystem. Tokens such as WAL, DEEP, NAVX, LOFI, and HIPPO have all plummeted, with declines ranging from 5% to 15% from their pre-hack price peaks. Many other altcoins and memecoins have even lost over 80% of their value and are unable to trade due to depleted liquidity.
In light of the serious situation, Binance founder CZ has committed to making every effort to support Sui in recovering from the damage and restoring confidence in the ecosystem.
