Cetus Protocol, the top decentralized exchange (DEX) on the Sui blockchain, has officially restarted its operations after a major exploit on May 22, 2025, which led to the loss of around $233 million in digital assets. This relaunch is a significant move towards rebuilding trust in the Sui ecosystem, as the protocol has enacted a thorough recovery strategy to compensate users for their losses and enhance security measures.
What Led to the Exploit?
On May 22, 2025, a hacker took advantage of a weakness in Cetus Protocol’s Concentrated Liquidity Market Maker (CLMM) system by targeting a flaw in a shared calculation library for liquidity pools. By introducing fake tokens such as BULLA, the hacker skewed price curves and reserve data, draining over $220 million from various liquidity pools, including key trading pairs like SUI/USDC. Approximately $60 million in the stolen assets, mainly in USDC, were moved to Ethereum and exchanged for 21,938 ETH at an average price of $2,658 each. The attack caused massive market instability, leading to drops of 70-90% in many Sui-based tokens like LOFI, HIPPO, and AXOL, while Cetus’s native token, CETUS, fell over 40%.
The incident revealed underlying structural issues in Cetus’s pricing logic, which depended on concentrated liquidity pools for real-time price updates. The hacker used counterfeit tokens to trick the protocol into accepting non-existent liquidity, exacerbated by a math overflow bug that allowed for excessive withdrawals. Despite prior security audits, this unique attack strategy went undetected, stressing the need for more effective monitoring and layered security in decentralized finance protocols.
Quick Action and Recovery Efforts
Cetus responded swiftly by pausing its smart contracts soon after discovering the breach. Sui validators, in collaboration with the Sui Foundation and other DeFi projects, successfully froze approximately $162 million of the stolen assets on-chain, blocking the hacker from moving or laundering these funds. The malicious wallet identified as 0xe28b50 continues to hold over 12.9 million SUI (around $54 million) and other digital assets, with recovery efforts still underway.
In an attempt to reclaim losses, Cetus offered the hacker a $6 million white-hat bounty for the return of 20,920 ETH and the frozen SUI assets, stating that any laundering attempt would nullify the deal. As of now, the hacker has remained unresponsive, while Cetus works alongside law enforcement, cybersecurity firms, and regulatory agencies to pursue legal recourse and trace the remainder of the funds.
On May 29, 2025, the Sui community voted in favor of a governance proposal with 90.9% approval to transfer the $162 million in frozen assets into a multisignature wallet managed by Cetus, the Sui Foundation, and security auditor OtterSec. This approval set the stage for user reimbursements and the relaunch of the protocol.
Recovery and User Compensation Plan
Cetus has successfully restored liquidity pools to between 85% and 99% of their levels before the exploit, leveraging a $30 million bridge loan from the Sui Foundation, all cash reserves, and the recovered $162 million in frozen funds. Additionally, a compensation program for affected users has been established, allocating 15% of the total CETUS token supply to a different contract. This includes a prompt distribution of 5% of CETUS tokens, with another 10% vesting over the next year. Users can start claiming their compensation by linking their wallets to a specified section on the Cetus platform beginning June 10, 2025. Any further recovered funds will be monetarily distributed to users in lieu of CETUS tokens.
The Sui Foundation has dedicated an additional $10 million to bolster ecosystem security, financing audits, bug bounty programs, and verification initiatives. They clarified that the exploit was caused by a flaw in Cetus’s calculation library, rather than a vulnerability within the Sui blockchain or its Move programming language.
Market Repercussions and Ecosystem Recovery
The exploit had a profound effect on the Sui ecosystem, with total value locked (TVL) plummeting from $284 million to $124 million after the attack. The SUI token fell from $4.15 to $3.44, and CETUS’s value dropped from $0.48 in November 2024 to $0.12 on June 10, 2025, marking a 75% decrease from its peak value. Other Sui-based tokens, including LBTC and AXOL, nearly lost all of their value. Despite these challenges, the SUI token showed signs of improvement, trading at $3.44, a 5% increase over the last day.
This situation has ignited discussions regarding decentralization, with critics arguing that the validator-led freezing of assets mirrored centralized intervention. However, the Sui Foundation’s Managing Director Christian Thompson defended the coordinated response, stating, “True decentralization isn’t paralysis—it’s coordination among independent parties who can act decisively when it matters.
