Thursday, June 4, 2026
HomeCrypto NewsCointelegraph Bitcoin & Ethereum Blockchain News
Crypto News

Cointelegraph Bitcoin & Ethereum Blockchain News

David Graham
By David Graham
0
23

When liquidity attracts attackers: What went wrong on Cetus?

On May 22, 2025, Cetus Protocol, the primary decentralized exchange (DEX) on the Sui blockchain, suffered a major hack, marking one of the largest decentralized finance (DeFi) breaches in cryptocurrency history. 

An attacker exploited Cetus’ pricing mechanism flaw, stealing approximately $260 million in digital assets. This incident significantly impacted the Sui community, causing the Sui (SUI) token price to drop by about 15% to $3.81 by May 29.

The Cetus DEX facilitates efficient token trading and liquidity provision within the Sui ecosystem. The platform’s rapid growth made it a prime target for attackers. According to DefiLlama, trade volume on Cetus DEX grew from 182.47 million between Oct. 1 and 31, 2023, to 7.152 billion between Jan. 1 and 31, 2025. 

Trade volume on the Cetus DEX

A previously undetected error in the code of Cetus DEX allowed the exploit, enabling the theft of millions. This event highlights the ongoing challenges of ensuring robust security in rapidly expanding DeFi ecosystems, even with significant efforts to prioritize safety.

Did you know? DEX hacks can crash entire ecosystems. When Mango Markets was exploited for $114 million in 2022, its governance token plummeted by over 50%, and confidence in Solana’s DeFi ecosystem was shaken for weeks.

How Cetus DEX was exploited: A step-by-step breakdown

Cetus fell victim to a calculated assault that combined price manipulation, fake token injections and crosschain laundering. 

Below is a step-by-step breakdown of how the attacker bypassed safeguards and drained liquidity pools using a flaw in Cetus’s internal pricing system:

  • Flash loan: The attacker, using wallet address 0xe28b50, took out a flash loan to access immediate funds without collateral, enabling swift transaction execution.
  • Insertion of fraudulent tokens: Fake tokens, such as BULLA, which lack genuine liquidity, were introduced into various Cetus liquidity pools, disrupting the price feed mechanism for token swaps.
  • Price curve distortion: These counterfeit tokens misled the internal pricing system, skewing reserve calculations and creating artificial price advantages for legitimate assets like SUI and USDC (USDC).
  • Liquidity pool exploitation: By exploiting the pricing vulnerability, the attacker drained 46 liquidity pairs, exchanging worthless tokens for valuable assets at manipulated, favorable rates.
  • Crosschain fund transfer: A fraction of the stolen assets, about $60 million in USDC, was transferred to the Ethereum network, where the attacker converted them into 21,938 Ether (ETH) at an average price of $2,658 per ETH.
  • Market consequences: The attack caused a significant decline in token prices across the Sui ecosystem. CETUS dropped over 40%, with some tokens falling by up to 99%. The total value locked (TVL) had decreased by $210 million by May 29, indicating the reputational loss suffered by the DEX.

Here is a figure illustrating how the attacker’s action resulted in certain contract reactions, leading to the siphoning of funds:

Cetus DEX attacker actions and contract reactions

Timeline of the Cetus DEX exploit

A coordinated exploit on Cetus DEX unfolded over eight hours, triggering emergency shutdowns, contract freezes and a validator-led response to block the attacker’s addresses.

Here is a timeline of how the Cetus DEX exploit:

  • 10:30:50 UTC: The exploit starts with unusual transactions.
  • 10:40:00 UTC: Monitoring systems detect irregular activity in liquidity pools.
  • 10:53:00 UTC: The Cetus team identifies the attack source and notifies Sui ecosystem members.
  • 10:57:47 UTC: Core CLMM pools are shut down to stop further losses.
  • 11:20:00 UTC: All related smart contracts are disabled across the system.
  • 12:50:00 UTC: Sui validators begin voting to block transactions from the attacker’s addresses; once votes exceed 33% of the stake, these addresses are effectively frozen.
  • 18:04:07 UTC: This link sends an onchain negotiation message to the attacker.
  • 18:15:28 UTC: The vulnerable contract is updated and fixed, though not yet reactivated.

Why audits failed to prevent the Cetus DEX exploit

Despite multiple smart contract audits and security reviews, hackers were able to detect the flaw in Cetus and take advantage of it. The vulnerability lay in a math library and a flawed pricing mechanism, issues that managed to slip past several audits.

In its post-mortem, Cetus admitted that it was relaxed in its approach regarding vigilance as the past successes and widespread adoption of audited libraries had created a false sense of security. The incident underscores a broader industry problem about audits, which, though essential, are not foolproof. 

According to BlockSec’s chief commercial…

cointelegraph.com

Previous article
Trump’s media firm files S-1 with SEC for Bitcoin ETF
Next article
Supreme Court Backs Catholic Charity Denied Exemption in Tax Case
RELATED ARTICLES

Most Popular

Load more

Recent Comments

EDITOR PICKS

POPULAR POSTS

POPULAR CATEGORY

ABOUT US

Newspaper is your homepage for Forex news, Markets outlook, UK politics , US Politics, Economy Energy news , Stocks exchange , investing EFTS and crypto News. We provide you with the latest breaking news and videos straight from the global industry.

Contact us: [email protected]

FOLLOW US

Copyright © 2019 - 2026 by FXNews24 . All rights reserved.