Sui DEX Cetus Suspected of Being Hacked, Liquidity Pools Drained and Token Prices Plunge
Cetus Protocol, a key decentralized exchange and liquidity provider on the Sui network, suffered severe disruption in the early hours of Thursday after over $220 million was drained from its liquidity pools. Initial reports from users and on-chain data indicate that approximately $11 million worth of SUI was withdrawn from the SUI/USDC liquidity pool on the Cetus Protocol.
Immediately after the incident surfaced, the price of SUI fell sharply by around 7%, dropping to $3.9, according to data from CoinGecko. As of press time, SUI was trading near $3.8. Meanwhile, numerous liquidity pool tokens on Cetus experienced severe drawdowns, with some plunging by as much as 80% amid the widespread liquidity exodus.
Cetus Protocol’s CETUS token crashed around 33% after the exploit. At the time of writing, the crypto asset was changing hands at around $0.16. According to Lookonchain, the hacker behind the exploit swapped stolen assets for USDC and bridged them to Ethereum. As of the latest update, the exploiter had spent around $58 million to acquire 21,938 ETH, averaging $2,658 per ETH.
The Exploitation: A Detailed Breakdown
According to Lookonchain, the hacker took advantage of a vulnerability in Cetus Protocol's smart contract. The exploiter swapped stolen assets for USDC and cross-chained them to Ethereum to exchange for $ETH, with ~60M $USDC already cross-chained.
The Aftermath: A Widespread Impact
Following the incident, Sui-based DEXs Bluefin and Momentum announced temporary suspensions of activities, stating they would resume once the ecosystem stabilizes. To protect their users, both exchanges temporarily paused all activities on their platforms as a precautionary measure.
"To protect our users, we’ve temporarily paused actions on Bluefin Spot as a precautionary measure. We want to emphasize that Bluefin remains fully secure. Our team is actively monitoring the situation." - Bluefin (@bluefinapp)
Due to the ongoing exploit on Cetus, we temporarily paused all activities on Momentum as a precautionary measure. All funds are 100% SAFE. We are in communication with the Sui foundation regarding next steps." - Momentum (@MMTFinance)
A Developing Story
This is a developing story. We’ll give an update as we learn more.
Investigation Underway
In a statement issued shortly after the incident surfaced, the Cetus team said it had paused its smart contract as a precautionary measure following the detection of an anomaly in the protocol. According to the team, an investigation is underway, and more details will come as soon as they become available.
"There was an incident detected on our protocol and our smart contract has been paused temporarily for safety. The team is investigating the incident at the moment. A further investigation statement will be made soon. We are grateful for your patience." - Cetus (@CetusProtocol)
Collaboration with Sui Network
Sui confirmed that it is working closely with the Cetus team to assess the scope of the disruption and will provide updates as available.
"At 3:52 AM PT, we became aware of an incident concerning Cetus. The Cetus team has our active support in this ongoing investigation and will provide further updates as soon as they become available." - Sui (@SuiNetwork)