Cetus Protocol, a decentralized exchange (DEX) operating on Sui and Aptos, has confirmed a major security breach. The platform reported that hackers stole $223 million worth of cryptocurrency through a smart contract exploit.
The incident prompted immediate action. Cetus paused its smart contracts and began investigating the vulnerability. A portion of the stolen funds—$162 million—has been successfully frozen with support from the Sui blockchain community.
Hack Linked to Package Exploit, Root Cause Fixed
The breach occurred due to a vulnerable package in Cetus Protocol’s codebase. While full technical details remain undisclosed, developers claim they identified the flaw, deployed a fix, and shared it across the ecosystem to prevent further exploits.
Cetus uses a Concentrated Liquidity Market Maker (CLMM) model that allows liquidity providers to set price ranges for their capital. This improves trading efficiency but also increases the complexity of its smart contract logic, which may have contributed to the attack surface.
Whitehat Offer and Legal Threats
To recover the funds, Cetus extended a “whitehat settlement” offer to the attacker. If the full amount is returned promptly, the platform promises not to pursue legal action. Simultaneously, Cetus announced a $5 million bounty for anyone who provides information leading to the hacker’s identification and arrest.
The platform has already flagged the hacker’s Ethereum wallet address and is working with blockchain security firms and law enforcement agencies.
Blockchain Firms Trace Attacker’s Activity
Blockchain analytics company Elliptic released a report outlining the exploit. It highlighted a flaw in AMM logic, possibly involving price manipulation or flash loan tactics. The hacker moved funds via token swaps and cross-chain bridges from Sui to Ethereum.
All wallets tied to the hacker have now been blacklisted by major exchanges and virtual asset service providers, severely limiting laundering attempts.
DEX Growth Overshadowed by Attack
Before the breach, Cetus Protocol reported impressive performance:
- $57 billion in total trading volume
- Over 15 million registered accounts
- More than 144 million trades executed
This incident marks one of the largest DEX-related hacks of 2025, raising new concerns over smart contract vulnerabilities in decentralized finance (DeFi).
