CETUS協議智能合約利用耗費2.23億美元的SUI令牌

在CETUS協議的智能合約中利用漏洞的黑客漏掉了價值2.23億美元的SUI代幣，已經將被盜資金的近三分之一轉移到以太坊。

A hacker who exploited vulnerabilities in the Cetus Protocol’s smart contract to drain $223 million worth of SUI tokens has already moved nearly a third of the stolen funds to Ethereum.

在CETUS協議的智能合約中利用漏洞的黑客漏掉了價值2.23億美元的SUI代幣，已經將被盜資金的近三分之一轉移到以太坊。

The stolen funds were converted to USDC before being bridged to Ethereum and exchanged for ETH, according to blockchain analyst Lookonchain.

據區塊鏈分析師Lookonchain稱，被盜資金在被橋接到以太坊之前已轉換為USDC。

Ethereum is the only chain with large enough mixers, like Tornado Cash and Thorchain, to launder stolen funds measured in the hundreds of millions of dollars.

以太坊是唯一擁有足夠大的攪拌機的連鎖店，例如龍捲風現金和索氏（Thorchain），可以洗錢以數億美元的數億美元衡量。

Extractor, an online monitoring tool developed by cybersecurity firm Hacken, posted on X that “at least $63m was already bridged to Ethereum, 20k ETH was just transferred to a fresh wallet” in a single transaction. That 20,000 ETH is worth about $53 million.

Extractor是由網絡安全公司Hacken開發的在線監視工具，該工具在X上發布，“至少有6300萬美元已被橋接到以太坊，只有20K ETH剛剛轉移到新的錢包中”。那20,000 ETH的價值約為5300萬美元。

In an X post, Cetus said that the remaining $162 million of compromised funds have been paused, and they are “actively pursuing paths to recover the remainder.”

Cetus在X帖子中說，剩下的1.62億美元的折衷資金已暫停，他們正在“積極採取途徑來追回其餘的途徑”。

It added that “a large number of validators identified the addresses with the stolen funds and are ignoring transactions on those addresses until further notice.”

它補充說：“大量驗證者用被盜的資金確定了地址，並忽略了這些地址的交易，直到另行通知。”

Cetus declined to comment beyond their X posts when reached by The Defiant, but promised a full incident report would be forthcoming.

Cetus拒絕在挑釁時拒絕評論其X帖子，但承諾將要發表完整的事件報告。

Liquidity Pools Drained

流動性池耗盡

As the largest decentralized exchange on Sui, the loss of Cetus’ liquidity has reverberated across the Sui ecosystem, with many memecoins down by as much as 90%. DexScreener shows SQUIRT is down 92% and HIPPO is down 80%, and several dozen are down at least double digits. Cetus’s own CETUS token is down 42%.

作為SUI上最大的分散交流，CETUS流動性的損失在SUI生態系統中迴盪，許多紀念因素下降了多達90％。 Dexscreener顯示Squirt下降了92％，河馬下降了80％，並且幾十個下降至少兩位數。 Cetus自己的CETUS代幣下降了42％。

Remarkably, the SUI token is flat on the day at $3.88 despite the exploit.

值得注意的是，儘管有利用，Sui代幣當天持平，售價為3.88美元。

According to an X post, Cetus insiders said in the project’s Discord channel that there was a bug in the oracle.

根據X帖子的說法，Cetus內部人員在項目的Discord渠道中說，Oracle有一個錯誤。

Blockchain security firm Cyvers also said on X that the “initial reports show that it seems to be an oracle issue.”

區塊鏈安全公司Cyvers還在X上表示：“初始報告表明這似乎是甲骨文問題。”

Alex Horkan, CTO of Web3 bug bounty platform, said in an X post that the likely path of the exploiter was to swap in a spoof token, “taking advantage of miscalculated price curve or broken reserve math.”

Web3 Bounty Platform的首席技術官Alex Horkan在X帖子中說，剝削者的可能道路是交換一個欺騙令牌，“利用了錯誤計算的價格曲線或儲備金損壞的優勢。”

They then added liquidity in “near-zero” amounts to manipulate the internal liquidity provider state or initialize a fake pair, and then repeatedly remove liquidity, exploiting a mismatch in accounting to drain SUI and USDC stablecoins without providing any assets back in return.

然後，他們添加了“接近零”的流動性，量構成內部流動性提供商狀態或初始化偽造對，然後反复刪除流動性，從而在會計中利用不匹配以耗盡SUI和USDC Stablecoins，而無需提供任何資產。

This is the latest in a series of exploits this year, led by the $1.5 billion ByBit hack in February, the largest hack on record.

這是今年一系列漏洞的最新功能，由2月份的15億美元bybit hack領導，這是有記錄以來最大的黑客攻擊。