Key Takeaways
- Cetus DEX relaunched its platform on June 8, nearly two weeks after the $230 million exploit.
- The relaunch comes after the approval of the fund recovery plan, with most of the affected pools recovering 80-90% of their liquidity.
- The exploit led to $230 million in stolen assets, including SUI and USDC.
- Sui validators quickly froze over $160 million of the stolen funds.
Sui’s top DEX and liquidity protocol is live again, nearly two weeks after it was hacked for $230 million. The platform restart comes after the community voted on a complete recovery plan for the affected users.
The Sui community has voted to return over $230 million in stolen assets to users affected by the recent Cetus exploit, clearing the way for full reimbursement.
This decision follows a May 22 attack that drained liquidity from the decentralized exchange’s pools, dealing a blow to Sui’s growing DeFi ecosystem.
The exploit, which targeted a vulnerability in Cetus’ Concentrated Liquidity Market Maker (CLMM), gave the attacker access to multiple SUI-based pools. This triggered a crash that significantly damaged Sui’s growing DeFi ecosystem.
Cetus DEX Restarts Platform
The Sui-based DEX and liquidity provider Cetus is back online, relaunching its DEX services nearly two weeks after the hack.
After approving a recovery strategy, the DEX relaunch includes restoring 85–99% of the liquidity in the impacted pools. Here is the breakdown of the fund recovery:
- $162M in recovered funds (on-chain vote approved)
- ~$7M from the treasury
- $30M emergency credit from the Sui Foundation
To fully cover user losses, 15% of the total CETUS supply, including unallocated team tokens, will be used.
Within 24 hours of the relaunch, the Cetus protocol entered the top-10 DEX by trading volume, indicating strong support.
Cetus Refund Proposal Receives Majority Vote
The Sui community has approved the proposal titled “Whether to Return Stolen Assets of the Cetus Protocol Through a Special Transaction” with a majority vote.
The proposal received 52 votes in favor, two against, while 60 validators abstained from voting.
With the approval, approximately $162 million in frozen assets will be transferred from the attacker’s wallet to a multisig address jointly controlled by OtterSec and the Sui Foundation.
Both Sui and Cetus have emphasized that fully reimbursing affected users remains their top priority.
Cetus previously committed to using its treasury, cash, and tokens and a loan from the Sui Foundation to make users whole if the recovery effort succeeded.
Sui to Allot $10 Million for Security Initiative
Sui has allocated $10 million to enhance ecosystem security, which includes audits, bug bounty programs, formal verification, and other security initiatives.
In an X post, Sui noted that the Cetus incident was caused by a flaw in Cetus’s math library rather than a vulnerability in Sui or Move.
“We’re kicking this off by committing to spend an additional $10 million on security initiatives. These funds will be spent on audits, bug bounty programs, formal verification, and other ways to harden Sui — we’ll figure out the details in collaboration with our developer community,” the team wrote.
The Cetus team, on the other hand, is currently formulating a voting system to reimburse users from the $160 million frozen funds by Sui validators.
Cetus Outlines Recovery Plan
In a blog post, the Cetus team explained that the compromised funds fall into two categories: assets still within the Sui network and those bridged out, primarily held in Ethereum.
The proposal calls for an on-chain community vote to authorize a recovery strategy, which could include negotiating a whitehat return or pursuing legal action against the attacker.
The team said funds outside the Sui ecosystem are “proactively in discussion with relevant parties and working towards a solution.”
Cetus emphasized its commitment to reimbursing impacted users, stating:
“We are fully committed to doing everything within our power to pursue the maximum possible recovery of affected users’ liquidity funds. Cetus will mobilize all available financial resources of the protocol to restore as much as we can, with the ultimate goal of covering user losses to the greatest extent possible.”
The protocol urged validators to vote promptly on the proposal so that it could begin estimating the total amount of funds that could be recovered.
Cetus Exploited for $230 Million.
According to a postmortem by security firm Dedaub, the hacker found a flaw in Cetus’s “tick account” system, a mechanism used in CLMMs to manage liquidity ranges.
At the core of the issue was an arithmetic overflow that miscalculated liquidity withdrawal values.
Using only a minimal initial investment, the attacker manipulated this vulnerability to drain real tokens.
The attacker began by flash-swapping 10 billion haSUI with maximum slippage, setting the stage for the exploit.
They then opened a liquidity position using an extreme tick range and added only a tiny amount of liquidity.
When they withdrew it, the system’s arithmetic overflow bug kicked in.
This flaw allowed them to walk away with an outsized amount of real tokens. After pocketing the excess assets, the attacker repaid the flash loan and kept the profits.
To compound the attack, the hacker used fake tokens like BULLA to distort price feeds, allowing further manipulation of pools like SUI/USDC, ultimately siphoning tens of millions in assets.
Sui’s Largest-Ever DeFi Hack
The attack drained a wide range of assets:
- 12.9 million SUI (~$54 million)
- $60 million in USDC
- $4.9 million in Haedal Staked SUI
- $19.5 million in TOILET
- Other tokens like HIPPO and LOFI crashed by 75–80% as liquidity vanished
The exploit continued until the Sui team paused the smart contract at 3:52 AM PT, halting further damage.
Response: $162M Frozen, Funds Traced
After the hack, the attacker attempted to launder funds by bridging USDC to Ethereum (ETH) in $1 million batches, some of which were funneled through Tornado Cash.
However, Sui validators quickly intervened, freezing approximately $162 million of stolen assets. The remaining funds remain under investigation.
Cetus has since patched the vulnerability and resumed trading, working closely with the Sui Foundation and cybersecurity firm Hacken.
Impact on Sui’s Ecosystem
Once hailed as a next-gen blockchain rivaling Solana (SOL), Sui has drawn attention for its fast-growing DeFi protocols.
However, the Cetus exploit—the largest in its short history—has raised concerns over smart contract security and ecosystem maturity.
With crypto markets entering a new bullish phase, how Sui and Cetus respond in the coming weeks will be critical to restoring trust and momentum.
Prashant Jha is a seasoned crypto journalist based in Delhi, India, with a Bachelor’s Degree in Computer Science Engineering. Passionate about the evolving world of blockchain and cryptocurrencies, he has been a dedicated voice in the industry since 2018. Prashant’s expertise lies in regulatory reporting, where he unravels complex legal and financial developments with clarity and precision. Before joining CCN in 2024, he honed his craft at Cointelegraph, establishing himself as a trusted name in crypto journalism.
His coverage spans major industry events, including the high-profile collapses of FTX, Three Arrows Capital (3AC), and LUNA, offering readers insightful analyses of their regulatory and market implications. Prashant’s technical background enables him to bridge the gap between intricate blockchain technology and its real-world applications, making his work accessible to novices and experts.
Beyond his professional pursuits, Prashant is an avid music enthusiast, often exploring diverse genres to unwind. A sports lover, he has a particular passion for cricket and frequently engages in discussions about the game. His multifaceted interests and sharp journalistic instincts make him a valuable contributor to CCN, where he continues shaping the crypto landscape's narrative.
