Major Breach Hits Sui Ecosystem: Cetus DEX Drained of Over $200M; Negotiations Underway

The Sui blockchain ecosystem has been rocked by a massive security breach, with Cetus Protocol, its largest decentralized exchange (DEX) and liquidity provider, confirming an exploit that has reportedly resulted in over $200 million in drained funds.

The exploit, which came to light on Thursday, saw attackers leverage "spoof tokens" to manipulate Cetus Protocol's internal price curves and liquidity reserve calculations. By adding near-zero liquidity with these artificial tokens, the malicious actors were allegedly able to trick the system into allowing them to repeatedly withdraw real assets like SUI and USDC from various liquidity pools without depositing meaningful value.

Cetus Protocol confirmed the incident via an X post, stating that its smart contracts have been temporarily paused for safety while a full investigation is underway. The protocol noted that approximately $162 million of the compromised funds had been "paused," indicating efforts are being made to recover a substantial portion of the stolen assets, with cooperation from the Sui Foundation.

In an update provided earlier today, the Cetus team outlined its immediate response and ongoing efforts . They have engaged the broader Sui ecosystem and third-parties for incident analysis and fund tracing, successfully flagging the hacker's accounts. Crucially, Cetus claims to have identified and patched the root cause of the exploit, swiftly informing other ecosystem builders to prevent further vulnerabilities. The protocol has also engaged professional anti-cybercrime organizations for specialized support in fund tracing and potential negotiations. Furthermore, Cetus is now in communication with law enforcement to arrange further assistance.

On-chain analysis reveals the attacker's wallet remains active, holding millions in SUI tokens and having already bridged a significant amount of USDC to other chains, suggesting a rapid attempt to obfuscate the stolen funds. This large-scale theft has exposed a critical vulnerability within the Sui DeFi infrastructure, as key token pools now stand drained, impacting trading functionality across the network.

While the exact nature of the vulnerability is still under investigation, security experts are pointing towards an "oracle manipulation attack." This method involves deceiving a protocol's price oracle – the mechanism that feeds external price data to smart contracts – to misrepresent asset values, allowing attackers to exploit discrepancies.

The immediate aftermath saw Cetus Protocol's native token, CETUS, plummet by over 40%, while numerous Sui-based meme coins experienced even steeper declines, some losing over 90% of their value. Despite the widespread panic and significant disruption to the ecosystem's liquidity, the native SUI token itself has shown surprising resilience, with its price experiencing only minor fluctuations following the news.