On June 8th, the decentralized trading platform Cetus Protocol - operating on both Sui and Aptos blockchains - officially restarted after a severe security exploit worth $223 million that occurred on May 22nd. According to the Cetus team, the protocol has fully recovered its functionality and restored 85% to 99% of the original liquidation for the affected pools.
The attack occurred when an unknown perpetrator exploited an integer overflow error in the shared mathematical library of Cetus smart contracts. This error caused the protocol to misinterpret input values - a single token was mistakenly calculated as millions of dollars. This was the most serious DeFi hack in May, shocking the blockchain community.
Immediately after the incident, validators on the Sui network froze $162 million and returned it to the Cetus protocol. With this recovered amount, plus the entire reserve fund of $7 million and a $30 million USDC loan from the Sui Foundation, Cetus compensated the damaged pools. According to the recovery plan, 85-99% of the original liquidation was immediately restored, with the remainder to be refunded as CETUS tokens through a linear unlocking schedule over 12 months - unless additional assets are recovered from the attacker.
The Cetus team stated they have identified and fixed the vulnerability that caused the attack, conducted a full protocol audit, and rebalanced liquidation before officially restarting. However, tens of millions of dollars in assets are still controlled by the hacker, with part of it transferred to an EVM wallet address and beginning to be washed through Tornado Cash - an anonymous coin mixing service.
"The hackers have ignored our 'white hat' proposal and are attempting to launder money - a futile action that can be traced," Cetus declared. "We are highly confident that capturing the attacker and recovering the remaining amount is just a matter of time."
According to an analysis report from blockchain security company SlowMist, the hacker prepared for the attack two days in advance by funding gas into the wallet and even previously attempting an exploit that failed. SlowMist emphasized that the attacker precisely selected parameters to exploit the vulnerability in the checked_shlw function, stealing liquidation worth billions of dollars with just 1 token. SlowMist assessed this as an extremely sophisticated mathematical attack. Notably, the vulnerability only affected pools on the Sui network, while pools on Aptos remained safe.
Cetus also announced they will deploy another comprehensive audit, upgrade real-time monitoring systems, launch a white-hat bounty program, and adjust the product development roadmap going forward.
"This restart is not just simply restarting the system, but a comprehensive innovation," the Cetus team shared.
As of now, the CETUS token price has dropped approximately 44% since May 21st - a day before the hack occurred, according to data from CoinGecko.
