Blockchain Security Firm Releases Cetus Hack Post-Mortem Report
The recent hack on the Cetus decentralized exchange has left a trail of $223 million in user losses, with most of the stolen funds frozen by Sui network validators and ecosystem partners. In a bid to shed light on the incident, blockchain security firm Dedaub has released a comprehensive post-mortem report, detailing the root cause of the attack and offering insights into how such vulnerabilities can be exploited.
The Cetus hack saw hackers successfully manipulate liquidity parameters using an exploit in the most significant bits (MSB) check, allowing them to establish relatively large positions with just one keystroke. This vulnerability went undetected by a code "overflow" check, highlighting the need for more robust security measures within the industry.
"The incident and the post-mortem update reflect the unfortunate trend of cybersecurity exploits and hacks impacting crypto and the Web3 industry," wrote Dedaub security researchers. "Executives in the industry have continually warned that industry firms must establish safeguards and protect users before regulators clamp down and impose safeguards on the industry."
The Cetus Hack: A Glimpse into the World of Crypto Hacks
On May 22, the Cetus exchange was breached, resulting in $223 million in user losses within a 24-hour period. The hack not only shook the confidence of users but also sparked a heated debate about decentralization and the role of validators in the Sui network.
Cetus and the Sui Foundation announced that Sui network validators froze a majority of the stolen assets, with $163 million of the total amount being frozen on the same day as the hack. While this move was seen as a positive step by some, others criticized it for undermining the principles of decentralization and transforming the network into a centralized, permissioned database.
"Sui validators are actively censoring transactions across the blockchain," wrote one user on X, echoing many other posts. "This completely undermines the principles of decentralization and transforms the network into nothing more than a centralized, permissioned database."
A Call to Action: Industry Must Prioritize User Security
The Cetus hack serves as a stark reminder of the importance of prioritizing user security in the crypto industry. As executives continue to warn about the need for safeguards and protection measures, it is clear that industry firms must take concrete steps to prevent such incidents from occurring in the future.
"It's interesting how many Web3 projects backed by VCs lean heavily on centralization, despite borrowing Bitcoin's ethos," Steve Bowyer wrote in a May 23 X post. "The industry must recognize the risks associated with centralization and work towards creating more decentralized and secure systems."
A Lessons Learned: The Importance of Transparency and Accountability
The Cetus hack post-mortem report offers valuable insights into the incident, highlighting the need for transparency and accountability within the crypto industry. By sharing their findings and lessons learned, security firms like Dedaub can help prevent similar incidents from occurring in the future.