The Sui blockchain ecosystem has been rocked by a massive security breach

Cetus Protocol, its largest decentralized exchange (DEX) and liquidity provider, confirmed an exploit that has reportedly resulted in over $200 million of drained funds.

A massive security breach within the Sui blockchain ecosystem has come to light, with Cetus Protocol, the largest decentralized exchange (DEX) and liquidity provider on the network, confirming an exploit that has reportedly resulted in over $200 million being drained from its protocols.

The exploit, which came to light on Thursday, saw attackers utilize "spoof tokens" to manipulate Cetus Protocol's internal price curves and liquidity reserve calculations. By adding nearly zero liquidity with these artificial tokens, the malicious actors were allegedly able to trick the system into allowing them to repeatedly withdraw real assets like SUI and USDC from various liquidity pools without needing to meaningfully deposit any value.

The incident was confirmed by Cetus Protocol itself via an X post, in which it stated that its smart contracts have been temporarily paused out of safety precautions as a full investigation into the matter is ongoing. The protocol noted that approximately $162 million of the compromised funds had been "paused," indicating efforts are being made to recover a substantial portion of the stolen assets, potentially with cooperation from the Sui Foundation.

As of Thursday morning, Cetus Protocol's smart contracts have been paused to prevent further theft of funds. We have also engaged the broader Sui ecosystem and several third parties for incident analysis and fund tracing, successfully flagging the hacker’s accounts.

Moreover, we have identified and patched the root cause of the exploit, quickly notifying other ecosystem builders to avoid such vulnerabilities. We are also working with professional anti-cybercrime organizations for specialized support in tracing the funds and potentially negotiating with the hacker. Finally, we are in contact with relevant law enforcement to arrange further assistance.

On-chain analysis reveals that the attacker's wallet, (which we will not be linking out of respect for user privacy), is still active and holds millions in SUI tokens. A large sum of USDC has also been bridged to other chains, likely in an effort to quickly obfuscate the stolen funds.

This large-scale theft has exposed a critical vulnerability within the Sui DeFi infrastructure, as key token pools on the chain are now nearly empty, rendering trading functionality nearly impossible.

While the exact nature of the vulnerability is still being investigated by several community members, security experts are pointing towards an "oracle manipulation attack." This method involves deceiving a protocol's price oracle – the mechanism that feeds external price data to smart contracts – into misrepresenting asset values, allowing attackers to exploit discrepancies.

In the immediate aftermath, Cetus Protocol's native token, CETUS, has plummeted by over 40%, while numerous Sui-based meme coins experienced even steeper declines, with some losing over 90% of their value. Despite the widespread panic and significant disruption to the ecosystem's liquidity, the native SUI token itself has shown surprising resilience, with its price experiencing only minor fluctuations following the news.