SUI鏈的CETUS協議被黑客入侵，從LP池中排出超過2.6億美元

5月22日下午，SUI鏈上領先的DEX流動性協議CETUS協議的CETU突然急劇下降

On Monday, May 22, the token of leading DEX liquidity protocol Cetus Protocol on Sui Chain saw its price almost drop to zero. Afterward, multiple token trading pairs on Cetus experienced a sharp decline.

5月22日，星期一，SUI連鎖店領先的DEX流動性協議CETUS協議的代幣幾乎下降到零。之後，Cetus上的多個代幣交易對經歷了急劇下降。

Later in the evening, several KOLs posted on X that the Cetus protocol LP pool was attacked by hackers. According to on-chain monitoring, the Cetus attacker appears to have controlled all LP pools denominated in SUI. As of press time, the amount of theft has exceeded $260 million.

傍晚，在X上發布了幾個KOLS，稱CETUS協議LP池受到黑客攻擊。根據鍊鍊監測，CETUS攻擊者似乎控制了SUI中被計數的所有LP池。截至發稿時，盜竊金額已超過2.6億美元。

Currently, the hacker has begun converting funds into USDC and cross-chain to the Ethereum mainnet to exchange for ETH. About 60 million USDC has completed cross-chain transfers. The hacker's on-chain address is: 0xe28b50cef1d633ea43d3296a3f6b67ff0312a5f1a99f0af753c85b8b5de8ff06.

目前，黑客已經開始將資金轉換為USDC，並將交叉鏈轉換為以太坊主網以換取ETH。約6000萬美元已完成跨鏈轉移。黑客的鍊鍊地址是：0xE28B50CEF1D633EA43D3296A3F6B67FF0312A5F1A99F1A99F0AF753C85B8B8B5DE8FF06。

Mainstream Sui ecological tokens such as CETUS, WAL, and DEEP are also included, which shows that the scope of this hacker attack is extremely wide.

還包括主流Sui生態令牌，例如Cetus，Wal和Deep，這表明這種黑客攻擊的範圍非常廣泛。

On the evening of the 22nd, a member of the Cetus team said in the project Discord group chat that the Cetus protocol was not stolen, but a "oracle bug" appeared. But the on-chain data does not lie. According to statistics, the loss of the Cetus protocol LP pool exceeded US$260 million within 1 hour after the theft, exceeding the protocol TVL (US$240 million) and market value (US$180 million).

在22日晚上，Cetus團隊的一名成員在項目Discord Group聊天中說，CETUS協議沒有被盜，但出現了“ Oracle Bug”。但是鏈上的數據並不存在。根據統計數據，CETUS協議LP池的損失在盜竊後1小時內超過了2.6億美元，超過了TVL協議（2.4億美元）和市值（1.8億美元）。

On the morning of the 23rd, Cetus officially released the latest progress of the theft on social media, saying that the team has found the root cause of the vulnerability and fixed the relevant software packages, and hired a professional anti-cybercrime organization to support our fund tracking and negotiations on the safe return of funds. We are currently negotiating with law enforcement agencies and arranging further assistance.

23日上午，Cetus正式發布了社交媒體上盜竊的最新進展，稱該團隊找到了脆弱性的根本原因並修復了相關的軟件包，並聘請了一個專業的反過程組織，以支持我們的資金跟踪和談判，並在資金的安全返回方面進行談判。我們目前正在與執法機構進行談判，並安排進一步的幫助。

It is worth noting that the official said that it has confirmed the Ethereum wallet address controlled by the hacker in the earlier attack today, and has negotiated with him on the return of customer funds. It has been proposed to pay the outstanding balance in the name of the white hat hacker, but the time is limited. If the hacker accepts the terms, no further legal action will be taken.

值得注意的是，這位官員說，它已經確認了黑客在今天的較早襲擊中控制的以太坊錢包地址，並在客戶資金返回後與他進行了談判。有人建議以白帽黑客的名義支付未償還的餘額，但時間有限。如果黑客接受該條款，則不會採取進一步的法律訴訟。

Community opinion points out that the team has a history of theft

社區意見指出，團隊有盜竊的歷史

Interestingly, when Cetus caused the SUI ecosystem to plummet, many community members also pointed out on Twitter that Cetus and the previous Solana ecosystem DeFi protocol Crema Finance were developed by the same team, and Crema had suffered a theft incident.

有趣的是，當Cetus導致SUI生態系統暴跌時，許多社區成員還在Twitter上指出，Cetus和先前的Solana Ecosystem Defi Protocal Crema Crema Finance是由同一團隊開發的，Crema遭受了盜竊事件。

On July 3, 2022, Crema Finance was also attacked by hackers using Solend flash loans, and the LP fund pool was drained, with a loss of more than $8 million. Then on July 7, the hacker returned $7.6 million worth of stolen cryptocurrency after negotiation with the team. According to the negotiation agreement between the two parties, the hacker was allowed to keep 45,455 SOL ($1.65 million) as a bounty.

2022年7月3日，Crema Finance也遭到黑客使用Solend Flash貸款的攻擊，LP Fund Pool耗盡了，損失了超過800萬美元。然後在7月7日，黑客與團隊談判後返回了價值760萬美元的被盜加密貨幣。根據雙方之間的談判協議，黑客被允許將45,455 SOL（165萬美元）保留為賞金。

Looking back at the Cetus theft, the protocol also suffered losses because the attacker controlled the LP pool, and the team also proposed to negotiate with the hacker by paying the outstanding balance in the name of the white hat hacker. There is currently no public information to prove that Crema and Cetus were indeed developed by the same team, but at present, both are indeed consistent in terms of the cause of the theft and the subsequent handling method.

回顧CETUS盜竊案，該協議也遭受了損失，因為攻擊者控制了LP池，並且該團隊還建議以White Hat Hacker的名義支付未償餘額，以與黑客進行談判。目前尚無公共信息可以證明Crema和Cetus確實是由同一團隊開發的，但是目前，兩者在盜竊案和隨後的處理方法方面確實是一致的。

Sui officials freeze hacker transactions, "on-chain censorship" raises questions about centralization

SUI官員凍結黑客交易，“鏈審查”提出了有關集中化的問題

According to DeFiLlama data, Cetus has been the leading DEX and liquidity gathering place in the Sui ecosystem, accounting for more than 60% of the transaction volume of the entire ecosystem. This "clearance-style" attack undoubtedly directly destroyed the liquidity center of the ecosystem. For any "second-tier public chain", this is a devastating blow.

根據Defillama數據，CETU是SUI生態系統中領先的DEX和流動性收集地，佔整個生態系統交易量的60％以上。這種“清除式”攻擊無疑直接摧毀了生態系統的流動性中心。對於任何“二線公共連鎖店”，這都是毀滅性的打擊。

Since March last year, the transaction volume on the Sui ecosystem chain has been on an overall upward trend, and the prices of mainstream ecosystem tokens such as CETUS, DEEP, and WAL have also been soaring. It is generally regarded by the community as the public chain with the greatest return potential in this cycle and the "next Solana."

自去年3月以來，SUI生態系統連鎖店的交易量一直處於總體上升趨勢，而主流生態系統令牌（例如Cetus，Deep和Wal）的價格也在飆升。它通常被社區視為在本週期中具有最大回報潛力的公共連鎖店和“下一個Solana”。

However, what’s interesting is that according to Dune data, there have always been a large number of wash trades on the Sui chain, and the ecological liquidity toxicity has been close to 50% for a long time. This is also part of the reason why the community has reported that the Sui ecosystem "has nothing, but the price keeps rising."

但是，有趣的是，根據沙丘數據，SUI鏈上總是有大量的WASH交易，並且長期以來，生態流動性毒性接近50％。這也是社區報告說Sui生態系統“什麼都沒有，但價格不斷上漲”的部分原因。

Caption: The radius of the circle in the figure below shows the total transaction volume of a single address

標題：下圖中圓的半徑顯示了單個地址的總交易量