Cetus Protocol Hack 2025: Crucial Lessons You Can’t Miss

2025-05-27
Cetus Protocol Hack 2025: Crucial Lessons You Can’t Miss

 

On May 22, 2025, the Cetus Protocol, a decentralized exchange on the Sui blockchain, suffered a major security breach, losing $223 million in a single exploit. This incident, detailed in the Cetus Protocol hack report released on May 27, 2025, sent ripples through the DeFi community, raising concerns about the safety of emerging blockchain platforms. 

For DeFi users and developers, this event is a critical reminder of the risks in decentralized finance and the importance of robust security measures. This article will break down the Cetus Protocol exploit, analyze the attacker’s actions, and share actionable lessons to help you navigate DeFi more safely. Let’s dive into what happened and how you can protect yourself.

sign up on Bitrue and get prize

What Triggered the Cetus Protocol Hack?

The Cetus Protocol hack stemmed from a vulnerability in its Concentrated Liquidity Market Maker (CLMM) pools. According to the official incident report, the attacker exploited an overflow check failure in the math_u256::checked_shlw function. This flaw allowed the attacker to mint infinite liquidity pool tokens using a single token input, draining $223 million in assets like SUI and USDC. 

The attack began at 3:52 AM PT on May 22, with Cetus transaction volumes spiking from $320 million to $2.9 billion in a day, as reported by Crypto News. The attacker bridged $60 million to $63 million in USDC to Ethereum, converting it into 21,938 ETH. The Cetus team responded swiftly, pausing smart contracts and freezing $162 million of the stolen funds, while collaborating with the Sui Foundation to mitigate further damage. This incident highlights how even small coding errors can lead to massive losses in DeFi protocols like Cetus.

Attacker’s Address and Exploit Mechanics

The attacker operated from a Sui blockchain address: 0xe28b50cef1d633ea43d3296a3f6b67ff0312a5f1a99f0af753c85bb85de8ff06. The exploit targeted an unchecked overflow in the inter_mate library, a key part of Cetus Protocol’s liquidity system. The attacker used a flash swap to suppress pool prices and empty reserves, then exploited the add_liquidity function to create fake liquidity values. By repeatedly opening positions at higher price ranges and draining reserves, the attacker siphoned funds systematically. 

Cetus Protocol Hack.png

The attack flow diagram from the Cetus report shows a cycle of overflowing, subtracting, and removing liquidity, which allowed the attacker to drain tokens with precision. This methodical approach underscores the sophistication of modern DeFi exploits and the vulnerabilities in Cetus Protocol’s smart contracts. Understanding these mechanics is crucial for users to recognize similar risks in other platforms.

Where Are the Stolen Funds Now?

Sui validators froze the majority of the stolen funds in two wallets linked to the attacker. The first wallet, 0xcdb8962dad278d8b50fa0fe1eb0186bf4cbdecc6d59377214c88d0286a0ac9562, and the second, 0xe28b50cef1d633ea43d3296a3f6b67ff0312a5f1a99f0af753c85bb85de8ff06, hold $162 million of the stolen assets. However, the attacker bridged $60 million to $63 million to Ethereum, now held in wallets 0x0251536bfc1f44b88e1afa8fe60184ffd4b2caaf16 and 0xe89012a55cdb68e8407c9d4ae9b3425f5929019b. 

This cross-chain transfer complicates recovery, as the funds may be laundered through Ethereum’s ecosystem. The quick freeze by Sui validators shows the power of community action, but the bridged funds highlight the challenges of cross-chain security in DeFi. Users should stay updated on recovery efforts through official Cetus Protocol channels.

Cetus Protocol Hack Attacker Address.png

Why Was Cetus Protocol Vulnerable to This Attack?

The Cetus Protocol’s vulnerability stemmed from flaws in its smart contract design. The incident report notes a lack of proper filters to verify token liquidity, allowing the attacker to use spoof tokens to manipulate pricing curves. Cybersecurity experts, as cited by Crypto News, identified this as oracle manipulation, where the protocol’s pricing mechanism became its weakness. 

Additionally, the absence of price deviation caps or circuit breakers enabled the rapid drainage of funds. While the Move programming language on Sui offers some security against low-level threats, it couldn’t prevent this high-level exploit. This incident reveals the need for emerging blockchains like Sui to adopt battle-tested security practices, similar to those on Ethereum. For Cetus Protocol, addressing these structural flaws is critical to rebuilding trust and preventing future attacks.

Read More: 
Sui Network Got Viral and Everyone Eyes on It: What’s Happened?
Sui Network's Stablecoin Supply Increases! Is SUI Preparing for a Bullish Surge?
Why SUI Might Start A New Bullish Interest: Analyzing the Narrative and SUI Price Prediction

Impact on the Sui Ecosystem and Cetus Users

The Cetus Protocol hack significantly impacted the Sui ecosystem. The SUI token dropped 14% from $4.19 to $3.40 within a day. 

SUI on Cetus Attack.png

While the CETUS token fell from $0.26 to $0.15, per Crypto News data. Sui-based memecoins like BULLA and MOJO crashed over 90%, and liquidity for some trading pairs fell to $143,000, according to BanklessTimes. Other Sui platforms, like Haedal Protocol, suspended features to mitigate risks. 

For users, the loss of funds was a harsh blow, but the Cetus team’s response—freezing $162 million and offering a $6 million whitehat bounty—demonstrated accountability. However, the incident sparked debates about decentralization, as Sui validators’ ability to freeze funds raised questions about control, as noted by X user @DU09BTC. This event underscores the broader risks of using newer blockchains and the importance of user caution in DeFi.

Lessons for DeFi Users and Developers

The Cetus Protocol hack offers valuable lessons for both DeFi users and developers. For users, always research a protocol’s security practices—look for regular audits and transparent communication. Diversify investments to reduce risk, and avoid keeping large sums in one liquidity pool. For developers, thorough smart contract testing is essential, especially for edge cases like overflow checks. Implementing safeguards like price deviation caps and circuit breakers can prevent rapid fund drainage. 

The Cetus team’s crisis management, including pausing contracts and engaging the community, sets a strong example. Collaboration with cybersecurity firms and ecosystem partners, as Cetus did with the Sui Foundation, is key to building resilient platforms. By applying these lessons, the DeFi community can mitigate risks and foster safer innovation on platforms like Cetus Protocol.

Conclusion

The Cetus Protocol hack on May 22, 2025, exposed critical vulnerabilities in DeFi, with $223 million stolen due to a smart contract flaw. While $162 million was frozen, the attacker’s ability to bridge funds to Ethereum highlights ongoing cross-chain security challenges. 

This incident on the Sui blockchain emphasizes the need for rigorous audits, better smart contract design, and user awareness in decentralized finance. As the Cetus team works toward recovery, users and developers must learn from this event to build a safer DeFi ecosystem. Stay informed through official updates, research thoroughly, and approach DeFi with caution to protect your assets in this evolving space.

Stay updated on the latest crypto projects and blockchain ecosystem developments by visiting the Bitrue Blog. Don’t miss out on Bitrue’s ongoing events and promotions, where you can earn bonuses and receive free crypto tokens just by participating. Join Bitrue today to start trading top cryptocurrencies securely, sign up now and take advantage of exclusive features and rewards.

FAQ

What caused the Cetus Protocol hack in 2025?

An overflow check failure in the math_u256::checked_shlw function allowed the attacker to mint infinite liquidity tokens, draining $223 million.

How much was recovered after the Cetus Protocol exploit?

The Cetus team froze $162 million, but $60 million to $63 million was bridged to Ethereum as 21,938 ETH.

What happened to SUI and CETUS token prices after the hack?

SUI dropped 14% from $4.19 to $3.62, and CETUS fell from $0.26 to $0.15, reflecting market concerns.

How did the attacker exploit Cetus Protocol?

The attacker used a flash swap to suppress pool prices, exploited an overflow to add fake liquidity, and repeatedly drained token reserves.

What can DeFi users do to stay safe after the Cetus hack?

Research protocols for audits, diversify investments, avoid unverified platforms, and monitor official updates from Cetus Protocol.

What steps did Cetus Protocol take post-hack?

They paused smart contracts, froze $162 million, offered a $6 million bounty, and released a detailed report on May 27, 2025.

 

 

Cetus-protocolSUI

Disclaimer: The content of this article does not constitute financial or investment advice.

Register now to claim a 1012 USDT newcomer's gift package

Join Bitrue for exclusive rewards

Register Now
register

Recommended

The Fraud Triangle: Definition, Cases, and Analysis
The Fraud Triangle: Definition, Cases, and Analysis

Explore the Fraud Triangle: opportunity, pressure, and rationalization. How this model explains why fraud occurs and its relevance in traditional and crypto.

2025-05-27Read
What is SOXL? A Guide to Specialized Financial Assets
What is SOXL? A Guide to Specialized Financial Assets

Explore SOXL, a 3x leveraged ETF tracking the semiconductor index. Understand its mechanics, high risks, and why it's suited only for sophisticated investors.

2025-05-27Read
Is Crypto Insurance the Next Trend in Crypto?
Is Crypto Insurance the Next Trend in Crypto?

Is crypto insurance the next big trend? Explore its role, benefits, and challenges in protecting digital assets in the evolving crypto market. This article explores its current state, benefits, challenges, and future potential, helping investors understand its role in securing digital wealth.

2025-05-27Read