The Cetus protocol, the largest decentralized exchange on the SUI blockchain, offers a $6 million prize money to the hackers behind the massive $223 million exploit that occurred on May 22nd.
In a May 22 follow-up statement with chain-on-chain messages, the CETUS team confirmed that it had identified the attacker’s Ethereum wallet and offered a “white hat settlement” to retrieve the user fund. Hackers are being asked to return 20,920 ETH and all frozen assets to SUI (SUI) in exchange for 2,324 Ethereum (ETH), worth around $6 million, and exemption from legal action.
Cetus said this is a time-sensitive offer and if the funds are out of reach or mixed, the transaction is off. The team coordinates with law enforcement, cybercrime specialists, the SUI Foundation, and regulatory authorities including Fincen and the US Department of Defense. Cybersecurity company INCA Digital is leading negotiation efforts.
https://twitter.com/cetusprotocol/status/1925653859143172608?s=46&t = nznxks3debx8jihnzhmzw
This violation exploited the vulnerability of Cetus’ pricing mechanism and affected a concentrated liquidity market manufacturer pool. The attacker injected a small number of liquidity into the trading pool using spoof tokens, a fake or low-value asset using manipulated metadata.
Due to the distortion of internal accounting in these pools, hackers were able to retrieve a significant amount of valuable tokens, such as SUIs and USD coins (USDCs), at the wrong exchange rate.
The attackers deceived the system to believe in balancing the pool by carefully timing these spoofing token deposits with complex flash swaps and price manipulation. As a result, they were able to emit a considerable amount of actual assets without supplying equal value.
Cetus reportedly passed a recent security audit before the hack. However, by leveraging internal pricing logic and economic assumptions rather than simple code errors, the attacker’s method avoided the typical vulnerability scan.
After first draining $11 million from the SUI/USDC pool, the attacker quickly bolstered the attack. They bridged over $60 million with stolen funds to Ethereum and purchased over 21,900 ETH. They now have millions of SUI, ETH, and Stablecoins in their wallets.
The SUI ecosystem was severely damaged by the exploit. Small tokens like Axol, Hippo and Squirt lost almost all of their value, and Sui Token fell by 15%. Cetus, the Cetus token, fell by 20-33%. Transaction volumes skyrocketed when users scrambled to withdraw funds.
Cetus is trying to pause the smart contract following the Hack The Hack and secure the platform. This incident raises questions about the security of the Defi protocol against new chains such as SUI and Aptos (APT). While these ecosystems provide innovation, analysts warn that complex denial vulnerabilities remain a persistent risk.
Discover more from Earlybirds Invest
Subscribe to get the latest posts sent to your email.
