TL;DR
- Cetus Protocol, the main liquidity provider on the Sui network, was exploited in an attack that drained over $260 million using fake tokens.
- The attacker manipulated price curves and reserve calculations to withdraw real assets like SUI and USDC.
- The protocol paused all smart contracts for security reasons, and CETUS fell 17.74%, currently trading at $0.1695.
In what marks the most significant blow to Sui’s DeFi ecosystem so far, Cetus Protocol—the most prominent decentralized exchange (DEX) on the network—has been the victim of a sophisticated exploit that drained approximately $260 million worth of tokens. The attacker employed a strategy involving fake tokens, such as BULLA, to manipulate price curves within liquidity pools and exploit flaws in reserve calculations. As a result, they were able to extract real assets without contributing any meaningful liquidity. This type of hack highlights the importance of continuously auditing smart contracts and reinforcing existing token verification mechanisms within the ecosystem to build stronger protocols.
Smart Liquidity Manipulation Using Counterfeit Tokens
The exploit was executed from wallet address 0xe28b50, which still holds over 12.9 million SUI tokens, worth around $54 million at the time of writing. However, on-chain analysis shows the wallet reached a net valuation exceeding $137 million in SUI, suggesting that some of the funds have already been bridged or routed through multiple paths and possibly mixed to hide origin.
This type of attack not only exposes specific technical vulnerabilities but also underscores the challenge of building more resilient infrastructures on emerging networks like Sui. Nevertheless, the crypto ecosystem continues to evolve thanks to a proactive and collaborative community: Binance, for example, has already reached out to Sui to offer immediate technical support and coordination.
Community Response And Outlook For The Sui Ecosystem
Following the incident, the Cetus team paused all smart contracts to prevent further damage and stated that they are conducting a thorough investigation. A detailed report is expected to be released soon. The market reaction was swift: CETUS initially plummeted by 40%, but later stabilized at $0.1695, showing a 17.74% drop over the last 24 hours. Its market capitalization remains at $122.97 million.
Although these kinds of vulnerabilities may impact short-term confidence, they also open the door to future improvements. Decentralization does not imply the absence of errors—it represents the ability to learn and adapt quickly. Ironically, the incident could end up strengthening both the Cetus Protocol and the broader Sui ecosystem in the medium term.
