Sui’s Biggest DEX Exploited for $220M - Unchained

Cetus, the largest decentralized exchange and liquidity provider on the Sui blockchain, has suffered a massive exploit resulting in the theft of $220 million of digital assets.

The attacker exploited vulnerabilities in Cetus’s smart contracts by sending “spoof,” or fake, tokens with no real value to the protocol. The fake tokens manipulated Cetus’s price oracles and reserve calculations, tricking the protocol into treating them as valuable assets.

The attacker then used the spoof tokens to distort price data and drain liquidity pools, repeatedly withdrawing real assets such as SUI and USDC without depositing equivalent value.

The total value locked on Cetus dropped by more than $200 million, and the protocol’s native CETUS token plunged by over 40%.

This story is an excerpt from the Unchained Daily newsletter

To get these updates in your email for free, subscribe here.

Cetus promptly paused its smart contracts to prevent further losses, a move that allowed the protocol to safeguard and freeze between $160 million and $162 million of compromised assets.

The Sui Foundation and a large number of validators collaborated to identify wallet addresses linked to the stolen funds. The validators are now ignoring transactions from those addresses, effectively freezing the majority of the stolen assets on the network.

Despite those efforts, more than $60 million was successfully bridged to Ethereum and laundered through various wallets, with a portion swapped for USDC stablecoins.