Sui’s Biggest Liquidity Provider, Cetus, Hit By $260M Hack; Sui-Based Tokens Plummet 90%

Cetus Protocol, Sui network’s leading decentralized exchange (DEX) and liquidity provider, suffered a significant exploit resulting in the loss of approximately $260 million in tokens. This incident, uncovered by blockchain security firm Lookonchain, highlights vulnerabilities within Sui’s burgeoning DeFi ecosystem.

The attacker, identified through the wallet address 0xe28b50, currently holds over 12.9 million SUI tokens, valued at roughly $54 million. However, on-chain analysis reveals the attacker’s total holdings exceed 32.9 million SUI ($137 million), suggesting a sophisticated strategy involving bridging and swapping assets across multiple platforms to obscure the stolen funds. The wallet remains active, actively working to obfuscate the illicitly obtained assets.

The exploit leveraged spoof tokens, such as BULLA, to manipulate Cetus Protocol’s internal mechanisms. By exploiting flawed price curves and reserve calculations, and adding near-zero liquidity to manipulate the internal liquidity pool (LP) state, the attacker repeatedly withdrew substantial quantities of SUI and USDC without making commensurate deposits. This sophisticated attack underscores significant weaknesses in the protocol’s design and security measures.

Following the attack, Cetus Protocol swiftly paused its smart contracts to prevent further losses and initiated an investigation. The team announced the pause on X (formerly Twitter), promising a detailed statement. Binance CEO Changpeng Zhao (CZ) publicly offered assistance to Sui, highlighting the gravity of the situation and the collaborative effort needed to address the vulnerabilities exposed.

The incident had immediate and severe market repercussions. CETUS token prices plummeted by 40% within hours, while Sui-based memecoins, including BULLA and MOJO, experienced even steeper declines, exceeding 90%. This widespread impact emphasizes the interconnectedness of the cryptocurrency market and the ripple effects of major security breaches on even seemingly unrelated assets. The Cetus Protocol hack serves as a stark reminder of the inherent risks within the decentralized finance space and underscores the urgent need for robust security protocols and thorough audits.