Sui DEX Cetus Protocol restarts platform after recovering from $223 million exploit

Sui- and Aptos-based decentralized exchange Cetus Protocol relaunched on Sunday after recovering from a $223 million exploit on May 22, restoring the platform to full functionality and replenishing affected pools with 85% to 99% of their original liquidity, the Cetus team said. 

The hack, which occurred after an unknown attacker exploited an integer overflow flaw in a shared math library used by Cetus' contracts to make one deposited token seem like millions of dollars in value, was the most devastating attack on any DeFi protocol in May. Yet shortly after the hack, $162 million was frozen on Sui by validators and eventually returned to the protocol. 

Now, Cetus has relaunched, plugging the holes in affected liquidity pools with the recovered funds, its entire cash reserves worth $7 million, and a $30 million USDC loan from the Sui foundation, the protocol said in an announcement. The recovery rate for affected LPs ranges between 85% and 99%; the remainder will be returned as CETUS tokens over the course of 12 months following a linear unlock schedule, barring any further recoveries from the attacker. 

Cetus said it identified and patched the vulnerability that led to the exploit, thoroughly audited the protocol, and rebalanced all affected liquidity pools to prepare for the relaunch. Yet assets worth tens of millions of dollars still remain under the control of the hacker, who transferred some assets to an EVM address and has begun to launder some of the funds with transfers to "mixer" service Tornado Cash. 

"The attacker ignored our previous whitehat offer and has begun attempting to launder assets — a futile and traceable act," Cetus wrote. "We are highly confident that successful arrest and recovering the remaining assets is only a matter of time."

An analysis of the hack by blockchain security firm SlowMist found that the hacker prepared the attack two days prior by funding a wallet with enough funds for gas to carry out the attack, and even attempted an earlier version of the exploit which failed. The exploit affected only Sui-based pools, with the protocol's Aptos side unaffected. 

"The attacker precisely selected parameters and exploited the flaw in the checked_shlw function to obtain liquidity worth billions at the cost of only 1 token," SlowMist wrote. "This was an extremely sophisticated mathematical attack."

In the future, Cetus Protocol said it plans to initiate an additional round of comprehensive audits, upgrade the protocol's real-time monitoring system, initiate a new white-hat bounty program, and revise their roadmap for upcoming product features. 

"This restart signifies more than just a relaunch, but a renewal," Cetus wrote. 

Cetus Protocol's native token, CETUS, has fallen by around 44% since May 21, the day before the attack, according to CoinGecko data. 

Disclaimer: The Block is an independent media outlet that delivers news, research, and data. As of November 2023, Foresight Ventures is a majority investor of The Block. Foresight Ventures invests in other companies in the crypto space. Crypto exchange Bitget is an anchor LP for Foresight Ventures. The Block continues to operate independently to deliver objective, impactful, and timely information about the crypto industry. Here are our current financial disclosures.

© 2025 The Block. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.