The darkest moment of Sui ecosystem: Cetus was attacked and hackers took away 260 million US dollars

On May 22, 2025, Cetus Protocol, the core decentralized exchange (DEX) on the Sui blockchain, encountered a major security incident. Hackers swiftly swept away assets worth over $260 million, causing token prices in the Sui ecosystem to plummet like an avalanche, throwing the community into panic. This was not just a technical crisis, but a severe test of trust in an emerging blockchain ecosystem. That evening, sporadic messages began circulating on the X platform in the crypto community: Cetus's liquidity pools seemed to have anomalies. On-chain data showed that multiple SUI-denominated asset pools were quickly emptied, with trading volumes surging alongside eerie price fluctuations. Keen traders and data analysts were the first to sound the alarm, with anxious discussions flooding community groups: "Is it a protocol bug? Or a hacker attack?" Almost simultaneously, Cetus's native token CETUS price plummeted like a cliff. Market data showed that within just two hours, CETUS dropped from $0.257 to $0.146, a decline of over 40%. Although the price slightly recovered, hovering around $0.17, market panic had spread like wildfire. As time passed, the event's outline became clearer. On-chain data analysis platform Lookonchain released a heavyweight monitoring result: Hackers stole over $260 million in assets from the Cetus protocol. The attackers moved swiftly, converting part of the funds to USDC stablecoin and transferring them to the Ethereum network via cross-chain bridges. By that night, approximately $60 million in USDC had been cross-chained, with some converted to ETH, attempting to launder or cash out. As Cetus was the liquidity hub of the Sui ecosystem, its collapse triggered a devastating chain reaction. With core liquidity pools drained, token trading pairs dependent on these pools nearly completely paralyzed. Tokens like Lombard Staked BTC (LBTC) and AXOLcoin (AXOL) saw price crashes of 99%, with other major tokens generally dropping over 70%. The Sui native token SUI, while relatively resilient, still briefly slid from $4.01 to $3.89, indicating shaken market confidence. Community sentiment shifted from shock to anger. On the X platform, users questioned Cetus's security, with some even pointing fingers at the Sui blockchain itself: "Such a big vulnerability - isn't the Move language supposed to be secure?" Meanwhile, speculators tried to find opportunities in the chaos. Trader James Wynn went long 3.3 million SUI with 10x leverage, with a position value of $13.22 million, attempting to bet on SUI's rebound. Binance founder CZ also spoke on the X platform: "We are trying our best to help SUI. The situation is not good. Hope everyone stays safe!" This brief statement both revealed concern for the Sui ecosystem and reflected industry leaders' consensus on the event's severity. Facing the surge of negative news, the Cetus official team released a statement through Discord and X, confirming the security incident and suspending smart contracts to contain losses. In the statement, the team attributed the event to a "technical vulnerability", promising to publish investigation results soon. However, this vague wording failed to calm the community's doubts and instead sparked more speculation. Preliminary investigations pointed to calculation precision issues in Cetus's smart contracts. The CLMM model relies on complex mathematical formulas to determine price ranges and liquidity allocation, and any precision deviation could be exploited by hackers. Attackers might have manipulated pool asset pricing through carefully designed transaction sequences, ultimately draining massive funds. This vulnerability was not unique to Cetus. In 2023, Yearn Finance lost $11.54 million due to similar price manipulation vulnerabilities. Cetus's cross-chain bridge functionality might have also provided convenience for hackers. While the Wormhole SDK-based bridging mechanism is convenient, it has potential security design risks, as evidenced by the 2022 Wormhole hack where $320 million in assets were stolen. The Cetus event serves as a mirror, reflecting the fragility of the DeFi industry during rapid development. For the Sui ecosystem, this crisis exposed shortcomings in smart contract auditing and ecosystem governance. Although Cetus collaborated with security firms like OtterSec for regular audits, the complex CLMM model clearly exceeded traditional audit coverage. While Sui's Move language is known for security, it still requires more real-world testing. For the entire DeFi industry, the Cetus event rang an alarm. Complex technological innovations must be built on security, or prosperity is merely a castle in the air. Future DeFi protocols need improvements in several areas: - Dynamic Monitoring: Deploy real-time anomaly detection systems to immediately identify fund outflows or price manipulations. - Multi-dimensional Auditing: Combine formal verification and fuzzy testing to comprehensively cover boundary scenarios of complex models. - Insurance Mechanisms: Provide loss protection for users through DeFi insurance protocols like Nexus Mutual. - Cross-chain Security: Develop zero-knowledge proof-based bridging mechanisms to reduce fund transfer risks. Cetus's initial response also exposed crisis communication deficiencies. The community needs not just technical repairs, but transparent communication and concrete compensation plans. Learning from Curve Finance's 2023 experience, Cetus could compensate affected users through protocol revenues or token issuance to rebuild trust. Currently, the Cetus team is fully investigating the vulnerability's root cause and plans to upgrade smart contracts to address calculation precision issues. Meanwhile, the Sui Foundation and other ecosystem projects might provide technical or financial support to help Cetus through this difficult time. While the hope of recovering stolen assets is slim, some assets might be frozen or tracked through collaboration with Ethereum network exchanges and USDC issuer Circle. For the Sui ecosystem, this storm is both a crisis and an opportunity. By strengthening security standards, improving governance mechanisms, and enhancing user education, Sui can establish its position in the Layer 1 competition. If Cetus can respond to the crisis with transparency and responsibility, it might be able to reestablish its position in the community. The Cetus Protocol security incident was a storm sweeping through the Sui ecosystem, with $260 million in losses, token price collapses, and shaken community confidence forming the heavy footnote of this crisis. However, crises often breed transformation. Each DeFi pain point is a necessary path to industry maturity. Cetus and Sui need to learn from this storm, embracing the future with greater resilience and wisdom. For crypto world participants, this is not just a technical lesson, but a test of trust and responsibility. As CZ said, "Hope everyone stays safe." In this digital frontier of opportunities and risks, only by adhering to safety and transparency can DeFi's starlight never be extinguished.