On May 22, 2025, Cetus Protocol, a leading decentralized exchange (DEX) on the Sui blockchain, suffered a devastating $223 million exploit, shaking the DeFi community. In a bold move, the protocol has offered the hacker a $6 million “white hat” bounty to return the stolen assets, including $56 million in Ethereum (ETH) and $162 million in frozen funds on Sui. This strategic offer aims to recover user funds swiftly while avoiding prolonged legal battles.
The attack exploited vulnerabilities in Cetus’ liquidity pool smart contracts, using fake tokens like BULLA to manipulate pricing logic. The hacker drained millions in assets, including SUI and USDC, with $60 million quickly bridged to Ethereum and converted into 21,938 ETH. Cetus and Sui validators quickly froze $162 million of the stolen assets, mitigating further losses. The protocol has since patched the vulnerability and paused its smart contracts to secure the platform.
Cetus’ $6 million bounty proposal, co-signed by cybersecurity firm Inca Digital, offers the hacker 2,324 ETH (approximately $6 million) as a reward for returning 20,920 ETH and all frozen Sui assets. If accepted, Cetus will forgo legal action, but the deal is time-sensitive—if the funds are laundered or off-ramped, the offer is void. The protocol is collaborating with the Sui Foundation, law enforcement, and regulators like FinCEN to track the remaining assets.
The exploit sent shockwaves through the Sui ecosystem, with the CETUS token plummeting 40% to $0.17 and other tokens like HIPPO and SQUIRT losing up to 90% of their value. Despite recent security audits, the attack exposed flaws in Cetus’ pricing mechanisms, highlighting the risks of complex DeFi systems. The incident has also sparked debate about Sui’s decentralization, as validators’ ability to freeze transactions raised concerns among critics like Cyber Capital’s Justin Bons.
- Advertisement -
Also Read: Coinbase Hack Exposed: How a $20M Ransom Demand Shook the Crypto Giant
Cetus’ unconventional approach sets a precedent in DeFi, balancing recovery efforts with ecosystem stability. Cetus’ swift action, backed by Binance and cybersecurity specialists, highlights the need to tackle escalating crypto heists, with $1.6 billion stolen in Q1 2025 alone. As the investigation progresses, Cetus prioritizes rebuilding user confidence and retrieving the remaining funds.
- Advertisement -
FAQs
What caused the Cetus Protocol exploit?
The exploit stemmed from fake tokens manipulating Cetus’ liquidity pool pricing logic, allowing the hacker to drain $223 million in assets like SUI and USDC.
How is Cetus responding to the hack?
Cetus secured $162 million of stolen assets, fixed the exploit, and proposed a $6 million bounty to the hacker to return the remaining funds.
What happens if the hacker doesn’t accept the bounty?
If the hacker launders or off-ramps the funds, Cetus will pursue legal and intelligence actions with support from law enforcement and regulators.
