Cetus Protocol, the Largest DEX on the Sui Network, Drained of $260M in Tokens

Cetus Protocol, the largest decentralized exchange (DEX) and liquidity provider on the Sui network, has been drained of $260 million worth of tokens

Cetus Protocol, the largest decentralized exchange (DEX) and liquidity provider on the Sui network, has been drained of $260 million in tokens.

The protocol’s team has paused the smart contracts and is actively investigating, it said in an X post. According to early analysis by crypto sleuth Lookonchain, the attacker used spoof tokens like BULLA to exploit broken price curves and reserve calculations. They then added near-zero liquidity to manipulate internal LP state and repeatedly removed real assets like SUI and USDC without depositing anything meaningful.

"The miscalculation in price curve & broken reserve math enabled the attacker to perform profitable arbitrage in the beginning," Lookonchain said. "After that, the attacker started to add liquidity with a nearly zero amount to manipulate the internal LP state."

According to Lookonchain, the attacker was able to withdraw around 134,444 SUI and 717,778 USDC, while only adding 0.000001 SOL to the liquidity pool. They also seem to have exploited the protocol’s new features, such as "concentrated liquidity" and "multi-hop swaps."

"Finally, the attacker sold the SUI and USDC on another exchange for 188.8 ETH, which is around $340,000," Lookonchain added. "The total profit is huge, but it may be even greater if we consider the value of BULLA and MOJO tokens used in the attack."

The Cetus team confirmed the incident, adding that the contract has been paused "for safety." A detailed statement will follow, it said.

CETUS is down 40% in the past few hours, while Sui-based memecoins like BULLA and MOJO have dropped over 90%.