Cetus, a primary decentralized exchange (DEX) on the SUI blockchain, recently fell victim to a sophisticated exploit that drained 46 liquidity pools, resulting in estimated losses of $260 million. According to blockchain security firm Cyvers, the attacker manipulated oracle pricing through spoof tokens to exploit vulnerabilities within Cetus’s system. This attack directly targeted the liquidity backing the SUI token, causing significant price distortions and trading disruptions.
Despite the severity, Cetus has yet to issue a public statement regarding the breach or its origin. The attack unfolded rapidly within minutes, shaking market confidence and triggering a series of price anomalies. However, prices and liquidity began to stabilize shortly after the initial shock.
Initial Losses Hit the Largest SUI Liquidity Pool
The attack’s first major blow came from the largest pool on Cetus, the SUI/USDC liquidity pool, which suffered an estimated loss of $11 million. Following the exploit, the pool recovered its pricing data, but liquidity dwindled sharply, holding only about $2.5 million in USDC.
The hacker’s wallet initially held over $12 million worth of assets spread across 267 different coins and tokens. Within just one hour, the wallet’s balance dropped to $5 million, highlighting a quick movement and possible attempts at laundering. Binance CEO Changpeng ‘CZ’ Zhao announced that the exchange would cooperate in intercepting the stolen funds, signalling industry collaboration to counter such exploits.
Widespread Impact on Cetus Pools and Meme Tokens
The exploit did not isolate itself to just a few pools; instead, it affected almost all liquidity pools on Cetus. This broad impact dragged down the prices of several meme tokens by as much as 78% in minutes, only to see a rapid rebound afterwards. Traders also experienced failed swap transactions and slower-than-usual response times on the DEX.
At the time of the attack, Cetus managed over $294 million in daily trading volume, indicating the attack struck during a period of heightened liquidity and activity. The draining of pools caused erratic price behaviour, with the depleted SUI/USDC pool particularly impacting all tokens paired with SUI.
Attack Highlights Vulnerabilities in Cross-Chain and DeFi Security
The hacker’s possession of over 12 million USDC at a secondary address and potential further draining of SUI pools reveals the ongoing challenges in DeFi security. Some of these funds are already moving, raising concerns over laundering attempts that leverage decentralized, permissionless protocols to mask illicit activities.
This incident starkly illustrates regulators’ and platforms’ difficulties in tracking and recovering stolen assets once they have traversed cross-chain bridges and DeFi ecosystems. It also highlights the risks associated with oracle manipulation, a growing attack vector within decentralized finance.
Cetus’s Growth Before the Hack and Its Ecosystem Position
Cetus had recently surged in total value locked (TVL), boasting $241.3 million after a rapid 70% growth spurt within the last month. It stands as the third-largest application on the SUI blockchain by locked liquidity and serves over 62,000 users, making it one of the most active decentralized platforms on the network.
Over the past month, Cetus boosted its total value locked by 70%, reflecting a broader rebound across decentralized exchanges amid the crypto market recovery. On-chain data from the SUI Layer 1 chain shows that Cetus serves 62,117 users, making it the second most active application on the network. Recently, the DEX reported daily fees exceeding $7.15 million, with overall activity increasing steadily throughout May.
The overall SUI ecosystem also reported strong fundamentals, with TVL peaking at an all-time high of $2.2 billion in native tokens and an additional $1.15 billion from stablecoins. Lending and other DeFi activities expanded alongside this growth, indicating a maturing platform that had rarely experienced security breaches until now.
Price Effects and Market Reaction
Following news of the exploit, SUI’s native token price fell from $4.18 to $4.00, though it remained near a three-month high. The incident has raised concerns about the impact of losing Cetus as a primary liquidity provider and the potential challenges in rebuilding liquidity.
SUI trades on major exchanges including Binance, OKX, and Coinbase, but the breach’s fallout could weigh on short-term market sentiment. Investors will closely watch how Cetus recovers and whether additional security measures will prevent future exploits.
Conclusion: A Wake-Up Call for DeFi Security
The Cetus exploit underscores the persistent vulnerabilities in decentralized finance, particularly within rapidly growing blockchains like SUI. While the DEX represented a critical pillar of liquidity and activity, this attack exposes the urgent need for more robust oracle protections, enhanced cross-chain security, and proactive risk management.
As DeFi expands, this incident serves as a wake-up call for developers, users, and regulators to prioritize security innovations. Collaborative efforts from exchanges like Binance and blockchain analytics firms will be vital in curbing such high-profile attacks and safeguarding the decentralized future.
