Cointelegraph bitcoin and atherium blockchain news

byaryoahuja@proton.me

When the liquidity attracts the attackers: what went wrong on Cetus?

On 22 May, 2025, Cetus Protocol, Primary Decentralized Exchange (DEX) on SUI blockchain, Had to face a major hackMarking one of the largest decentralized finance (DEFI) violations in cryptocurrency history.

An attacker exploited the pricing mechanism of the seat, stealing approximately $ 260 million in digital assets. This incident greatly influenced the SUI community, so that SUI (Needle) Token price to fall from 15% to $ 3.81 by 29 May.

Cetus dex facilitates skilled Token trade And liquidity provision within the needle ecosystem. The rapid growth of the forum made it a major goal for the attackers. According to Difilama, the quantity of trade on seat -dex Increased 1 and 31, 2023 from 182.47 million, 1 and 31, 2025 to 7.152 billion.

Quantity of business on seat

A pre -determined error in the cod of cetus Dex Permission to exploit the theft of millions. This incident highlights the ongoing challenges to ensure strong security in rapid expansion Deffi ecosystemsEven with important efforts to prioritize security.

Do you know Dex hacks can crash the entire ecosystem. When the Mango markets were exploited by $ 114 million in 2022, its rule declined by more than 50%, and in faith SolaThe DEFI ecosystem was shaken for weeks.

How Setus Dex was exploited: a step-by-step breakdown

Cetus became a victim of a calculated attack that manipulation in joint value, fake token injection and Crosschain Laundering.

Below is a step-by-step Breakdown How the attacker bypassed safety measures and drought liquidity pool using a defect in the internal pricing system of the seat:

  • Flash loan: Attacker, wallet addresses 0xe28b50, a drawn Flash loan To use immediate funds without collateral, enabling Swift transactions execution.
  • Insertion of fraud tokens: Fake tokens such as bulla, which lacks real liquidity, was introduced in various seats LiquidityTook the price feed mechanism for tokens swap.
  • Price curve deformation: These fake tokens mislead the internal pricing system, slant reserved calculations and generate artificial value benefits for legitimate assets such as SUI and USDC (USDC,
  • Liquidity pool exploitation: By exploiting pricing vulnerability, the attacker dried the 46 liquidity pairs, manipulating, instilling waste tokens for valuable assets at favorable rates.
  • Crosschain Fund Transfer: A fraction of stolen property, about $ 60 million to USDC, was transferred to the USDC Atherium networkWhere the attacker converted him to 21,938 ether (ET)) Per Ath at an average price of $ 2,658.
  • Market results: The attack led to a significant decline in the prices of tokens in needle ecosystem. CETUS fell more than 40%, with some tokens fell by 99%. Total value closed (TVL) By May 29, there was a decrease of $ 210 million, indicating the reputed losses suffering from the dex.

Here is a figure of how the attacker’s action resulted in some contract reactions, which led to the splash of money:

Cetus dex invasive action and contract response

Seatus dex exploitation timeline

A coordinated exploitation on the Cetus DEX manifested for more than eight hours, causing an emergency shutdown, contract freeze and a verifying-oriented response to block the attacker’s address.

Here is a timeline of how to exploit Cetus Dex:

  • 10:30:50 UTC: Exploitation begins with unusual transactions.
  • 10:40:00 UTC: The monitoring system detects irregular activity in the liquidity pool.
  • 10:53:00 UTC: The CETUS team identifies the source of the attack and informs members of the SUI ecosystem.
  • 10:57:47 UTC: The core CLMM pool is closed to prevent further damage.
  • 11:20:00 UTC: All related smart contracts are disabled throughout the system.
  • 12:50:00 UTC: The SUI verifications begin voting to block transactions from the address of the attacker; Once votes exceed 33% stake, these addresses are effectively frozen.
  • 18:04:07 UTC: This link sends an onchain dialogue message to the attacker.
  • 18:15:28 UTC: The weak contract has been updated and fixed, although not yet re -activated.

Why Audit Seatus Dax failed to stop exploitation

Despite many Smart contract audit And safety reviews, hackers were able to detect defects in the seat and take advantage of it. The vulnerability is in a mathematics library and a flawed pricing mechanism, issues that managed to slip in the previous several audits.

In his post -mortem, Cetus admitted that the vigilance was rested in his perspective as the previous successes and the wide adoption of the audited libraries created a false sense of protection. This phenomenon underlines the problem of a comprehensive industry about audit, however, however, are not silly.

According to the Blocksac Chief Commercial Officer, the Crypto Industry active as Orlando on X Spent More than $ 1 billion on security audit in 2023, yet more than $ 2 billion was still stolen through various hacks and adventures. Audits can detect known risk patterns but often fail to estimate the novel, creative attack vectors. Cetus hack serves as a reminder that the ongoing monitoring, code reviews and layered security practices are important, even for well audited protocols.

Do you know In 2021, Poly Network Hack was one of the largest Defy feats ever stolen over $ 600 million. Surprisingly, the hacker returned most funds, claiming that it was just for “fun” and to highlight security flaws. This incident debated morality and White hat hacking In Defee.

Recovery and compensation scheme of cetus dex

After hack, CETUS team suspended it Smart contract Operations to prevent further damage. Subsequently, the SUI community quickly launched a structured recovery and compensation strategy.

On May 29, SUI verification allowed A governance vote votes to transfer $ 162 million to a seat-managed property in a seat-managed property Multi -level walletStarting the process of reimbursement of affected users. Frozen money will be placed in the trust until they can be returned to users. In governance vote, 90.9% of the voting favor (yes), 1.5% avoid (neutral) and not taking 7.2% part (passive).

On May 30, Seatus Dex Posted Its recovery roadmap on X:

  1. Protocol upgrade: The SUI verification will apply a network upgrade to move frozen funds to the multicing trust of Cetus. Multisig is controlled by Cetus, OttersC and Sui Foundation as keyhlders (executed on 31 May).
  2. CLMM contract upgrade: Advanced CLMM (focused liquidity market manufacturer) contracting emergency pool recovery is completed and currently undergoing an external audit.
  3. Data restoration: Cetus will restore historical pool data and calculate the loss of liquidity for each affected pool.
  4. Assets Conversion and Deposit: Due to several swaps executed by the attacker during exploitation, several recovered property has become distracted by its original forms. CETUS will convert the required conversion using minimal-effect strategies, aimed at avoiding major swaps or excessive slippery and ensuring fair and skilled pool rebalansing.
  5. Compensation contract: A dedicated compensation is subject to contract development and will be presented for the audit before deployment.
  6. Peripheral Product Upgradation: Associated modules are being upgraded to ensure complete compatibility with the new CLMM contract, which supports a smooth relay.
  7. Full protocol restarted: Core product functions will resume. The liquidity provider (LPS) in the affected pools will achieve access to the recovered liquidity, with any remaining damage covered by the compensation contract. Unaffected pools will continue without interruption.
  8. Service restoration: Cetus will be completely operational.

Cetus is planning to resume the protocol within a week. Once the active, affected liquidity provider will use the recovered funds, with any remaining damage covered through the compensation system.

Do you know Crosschain Bridge Dex Hack has consistent weak points. The attackers exploited him to quickly move the stolen property in the network, making him more complicated recovery. Hacked to more than 50% of bridges of the stolen crypto price stolen in 2022.

Lessons learned from seat -dex exploitation

Cetus dex exploitation highlighted significant weaknesses that go beyond a single protocol, providing valuable insight to the broad DEFI community.

Since decentralized platforms continue to grow in complexity and scale, this phenomenon highlights the major areas where the ecosystem should develop user funds for better security and maintain confidence:

  • Risk of open-source dependence: Cetus hack highlights the risks of over-neutrality on the open-source library. While these devices speed up development and encourage cooperation, they may have hidden flaws, as seen in the calculation library in this attack. Many audit failed to detect this vulnerability, showing that the audit alone is insufficient.
  • Leveled safety requires: A strong defense strategy is important to protect from new exploits. This includes continuous code monitoring, real -time detection of abnormal activity and automatic circuit breakers to prevent suspicious transactions.
  • Decentralization vs. Safety Debate: The event indicates the importance of balanced decentralization with user safety. Verification actions, such as Solid And recovering the property was important in maintaining users’ confidence, but they question the range of centralized control in a decentralized system.
  • Call for active security: Hack emphasizes the need for adaptive safety measures in DEFI. Protocols should prefer user safety through active strategies that go beyond basic compliance, ensuring flexibility against developing dangers.

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *