Key Takeaways
The Cetus attack is one of the latest decentralized finance (DeFi) exploits that exposed a deep flaw in smart contract logic.
The attacker used fake tokens and a broken math function to drain over $220 million.
This article explains what happened, how the bug worked, who was affected, how Cetus will fix it and how it impacts the landscape.
Cetus is a decentralized exchange (DEX) and liquidity protocol that operates on the Sui and Aptos blockchains. It supports DeFi through concentrated liquidity.
Liquidity providers choose custom price ranges for their funds instead of spreading them across all prices.
The platform offers permissionless trading, low fees and latency, high speed and a user-friendly interface. This setup gives traders better prices and helps providers use their funds more effectively.
Cetus runs smart contracts on the Sui blockchain using the Move programming language. Developers use these contracts to set clear rules for trading and liquidity.
Liquidity providers choose how to set up their pools by deciding the price range where their funds stay active, giving them more control over how their money works.
The Sui network treats each action, like a trade or an update, as a separate item. This design speeds up processing and makes tracking easier.
With this structure, Cetus gives users real-time price updates, smaller price swings during trades, and fast transaction finality, which means trades are confirmed almost instantly and cannot be changed. Traders and liquidity providers can use these features to manage their activity efficiently.
A token spoofing attack is a cybersecurity threat in which a malicious actor manipulates, impersonates, or creates a token to deceive users or systems into believing it is legitimate.
In blockchain environments, this attack targets on-chain assets, such as fungible tokens or NFTs, by mimicking the properties of real tokens, including their name, symbol, and metadata.
This form of spoofing exploits users’ trust in token standards and blockchain explorers.
While Ethereum-based networks use standards like ERC-20 (fungible tokens) or ERC-721 (NFTs), blockchains like Sui use their own models based on the Move language, where tokens are represented as Move objects.
For example, an attacker on Sui might create a token that visually resembles a well-known asset like “SUI” or “USDC” traded on Cetus, using similar metadata to trick users into interacting with the fake token.
In this context, token spoofing differs from authentication or API token spoofing, which occurs in Web2 and Web3 applications and typically involves session hijacking or unauthorized access through fake access tokens.
Additionally, token spoofing creates a serious risk because it skips past strong security tools like multi-factor authentication (MFA).
The attacker does not need to steal or guess a password. Instead, they use a fake token to act like someone who has already passed all the checks. This lets them enter systems as if they were trusted users.
The Cetus exploit involved token spoofing as a component, where fake tokens were created to deceive the protocol into thinking valid liquidity was being provided. This was then compounded by a critical arithmetic overflow bug, which led to massive, unintended withdrawals.
The $220 million exploit targeting Cetus Protocol occurred on May 22, 2025, and is one of the most significant DeFi hacks of the year.
The exploit used a critical arithmetic overflow bug in a shared math library for liquidity pool calculations on the Sui blockchain.
Below is a detailed explanation of what happened, based on available information:
The attacker manipulated a pool parameter using an extremely large value, tricking the protocol into miscalculating pool balances.
Typically, the protocol calculates how much liquidity someone has added using the formula token amount × pool multiplier or rate.
This formula is typical in automated market makers (AMMs) like Cetus, which uses a concentrated liquidity model similar to Uniswap V3.
By using spoof tokens (like BULLA and MOJO), the attacker was able to deposit as little as 1 token unit.
However, due to an overflow bug in the math library, the result wasn’t just large—it became broken but falsely valid, making it appear that the attacker had added a massive liquidity position.
Because the protocol believed the attacker had contributed millions in liquidity, it allowed them to:
Within an hour, Cetus paused smart contracts and froze $162 million in stolen assets.
They offered the attacker a $6 million white-hat bounty, a reward to encourage ethical return of funds, and worked with law enforcement and Inca Digital on the investigation.
They also reassured the community with constant updates, Q&A sessions, public spaces on X, and social media reports.
On May 27, 2025, Cetus announced a full compensation plan for affected users, using its treasury and a loan from the Sui Foundation.
The team asked for community support in an upcoming vote to unlock frozen funds and promised recovery would begin immediately, regardless of the outcome.
An X user urged the team to “return Cetus tokens to their original point before the incident” to restore investor confidence.
The comment reflects a broader sentiment across the community, which has demanded swift action and transparency.
The attacker drained more than $223 million from Cetus Protocol by exploiting a math library vulnerability. The stolen assets included both major tokens and lesser-known ones across various liquidity pools.
Below is a breakdown of the affected tokens and the estimated losses:
According to the Cetus Protocol, the exploit came from a flaw in a math function called in the library used by its core contracts.
This function was supposed to prevent overflows when calculating liquidity values, but the check was implemented incorrectly. As a result, the system failed to block dangerous inputs.
The attacker used this flaw to trick the protocol into accepting fake liquidity deposits. By doing so, they paid almost nothing and withdrew real assets at full value.
Cetus clarified that the exploit had nothing to do with an earlier audit report that flagged a different overflow issue.
The Cetus exploit shows how one weak function can break an entire system. A mix of spoof tokens and poor math checks allowed a massive theft.
Cetus acted fast to freeze funds and support users.
But the case reminds all DeFi builders that even minor errors can lead to massive losses.
No, Cetus’s users could not have avoided the attack. This was a smart contract-level vulnerability caused by a flawed math function in a library used by Cetus. Users who interacted with the protocol had no way of knowing that the liquidity calculations were broken. The bug was deep in the codebase, not visible through a wallet interface or blockchain explorer. Users were affected because the attacker drained real tokens from the liquidity pools on Cetus, such as SUI, USDC, and others. Users deposit funds into these pools. When the exploit happened, users who provided liquidity lost access to their funds, partially or entirely. In some cases, token values dropped sharply due to the imbalance caused by the attacker withdrawing large amounts. Yes. Cetus announced it will update the math library, improve overflow protection, and work with external auditors to review all major contract modules. These changes aim to stop similar bugs from returning.Could users have avoided the exploit?
How were Cetus users affected by the attack?
Will Cetus change its smart contract system after this incident?