This article will be updated with new developments.
On May 22, Cetus Protocol, the largest decentralized exchange on the SUI blockchain, suffered an exploit that resulted in over $260 million being drained from its liquidity pools. The team responded by pausing all smart contract operations and initiating an internal investigation. Trading on the platform has been suspended as the investigation continues.
According to the official statement from Cetus, the team detected an anomaly and paused the contracts as a precautionary measure. SUI, the network supporting Cetus, confirmed the incident and stated it is assisting in the ongoing investigation.
Major updates to this article:
• May 22, 15:20 UTC: New Cetus Protocol statement
Table of Contents
Technical Details
Initial reports suggested the issue was related to a bug in Cetus’ oracle system. The attacker reportedly exploited the pricing mechanism by using spoof tokens to manipulate liquidity pool values. This allowed the attacker to withdraw large amounts of real assets – primarily SUI and USDC – while supplying tokens with no actual value.
Blockchain analytics firm LookOnChain identified wallet activity consistent with a coordinated exploit. The attacker is believed to have converted significant portions of the stolen funds into USDC and bridged them to Ethereum, where they are being exchanged for ETH. Approximately $60 million in USDC had been moved across chains at the time of reporting.
Cetus employs both internal oracles and price data integration with the Pyth Network. It remains unclear whether the exploit originated from its internal system, the external oracle, or the way both were integrated.
Protocol Response and Recovery Efforts
Following initial assessments, Cetus Protocol released a new statement confirming that approximately $223 million in assets were stolen during the exploit. The team reported taking immediate action to lock the affected smart contract, halting further losses. Of the compromised funds, $162 million has since been successfully paused, meaning these assets are currently frozen and cannot be moved by the attacker.
Cetus is now collaborating with the Sui Foundation and other ecosystem partners to explore recovery options for the remaining funds. According to the update, the majority of the stolen assets are under control, and efforts are ongoing to recover the remainder. A full incident report is planned for release, and the team has stated that updates will continue to be shared through official channels as progress is made.
Impact on Markets
The immediate impact of the exploit was a steep drop in token prices associated with the Cetus Protocol and the broader SUI ecosystem. The CETUS token fell from $0.25 to $0.18, briefly dipping to $0.15. Other ecosystem tokens saw declines of up to 90%. DEX trading activity across SUI was severely disrupted, with many liquidity pools fully drained and swaps failing due to insufficient reserves.
Despite the exploit, the SUI token itself remained relatively stable on centralized exchanges. It fell briefly to $3.80 but recovered quickly. This occurred while broader crypto markets were performing strongly, with Bitcoin reaching a new all-time high.
Community and Industry Response
Cetus issued a public message thanking users for their patience and confirmed that no further activity would resume until the investigation is complete. Binance founder Changpeng Zhao (CZ) stated that he reached out to offer help and that multiple security teams are reviewing the incident. According to CZ, the Cetus team has been responsive and is cooperating with external efforts.
As of now, no official post-mortem has been released. Users are being advised not to interact with the affected contracts or pools until further notice.
Ongoing Developments
The incident is still under investigation, with more details expected in the coming hours. Cetus has not yet confirmed the total amount of funds affected, nor whether there will be compensation or recovery mechanisms for affected users.
Read also: Mantra (OM) Crashes 90% in One Hour
