The breach of the decentralized exchange Cetus was attributed to a vulnerability in the liquidity parameter verification of the automated market maker. This was detailed in a report by Dedaub.
The issue went undetected due to a lack of “code overflow” checks.
Hackers exploited an error in the verification of the most significant bits to artificially inflate liquidity values. This enabled them to create large positions with minimal investment and withdraw funds from the pools.
“The perpetrators added massive amounts of liquidity by investing just one token unit, then drained pools of hundreds of millions of dollars,” analysts explained.
On the day of the incident, validators and partners of the Sui ecosystem froze $163 million of the $223 million stolen.
We’ve learned that a Cetus smart contract was hacked this morning for approximately $223M and Cetus subsequently paused their smart contracts to prevent further theft.
Cetus worked together with the other DeFi protocols, the Sui Foundation, and the Sui validators to… https://t.co/Y1iw2sNnPW
— Sui (@SuiNetwork) May 22, 2025
The decision sparked mixed reactions within the crypto community. Proponents of decentralization criticized the validators for their intervention and control over the network.
SUI validators are actively censoring transactions across the blockchain.
This completely undermines the principles of decentralization and transforms the network into nothing more than a centralized, permissioned database.— Dave (@ItsDave_ADA) May 22, 2025
“Sui validators are censoring transactions, turning the network into a centralized database,” wrote one X user.
Earlier, the team behind the decentralized exchange offered the hacker $6 million for the return of 20,920 ETH. If accepted, the project promised not to contact law enforcement or disclose the perpetrator’s information.