CETUS协议黑客擦除2.6亿美元的最新SUI利用

5月22日，CETUS协议（CETUS）是SUI（SUI）区块链上的主要分散交易所和流动性提供商，经历了重大的安全漏洞。

Major decentralized exchange and liquidity provider Cetus Protocol (CETUS) on the Sui (SUI) blockchain was breached, and an exploit quickly unfolded, draining an estimated $223 million and immediately disrupting DeFi activity.

SUI（SUI）区块链上的主要分散交易和流动性提供商CETUS协议（CETUS）被违反，并迅速展开了漏洞，估计耗资2.23亿美元，并立即破坏了Defi活动。

The exploit began at 3:52 AM PT (11:52 UTC on May 22) with irregular movements in the SUI/USDC liquidity pool, initially reported as a $11 million outflow.

漏洞利用始于PT的3:52 AM（UTC 11:52 UTC），SUI/USDC流动性池中的运动不规则，最初据报道为1100万美元的流出。

However, further analysis revealed that the exploit spanned across several pools and may have resulted in a total loss of around $260 million.

但是，进一步的分析表明，这种利用在几个池上跨越，可能导致总损失约为2.6亿美元。

The incident unfolded as Cetus, launched in 2023, had become a primary exchange and liquidity provider on the Sui chain, facilitating token swaps and yield farming for more than 62,000 active users. The protocol also generated over $7.15 million in daily trading fees.

该事件于2023年推出，该事件已于CETUS展开，已成为SUI连锁店的主要交易所和流动性提供商，促进了代币掉期，并为超过62,000名活跃用户提供了耕作。该协议还产生了超过715万美元的每日交易费用。

SUI, the native token of the Sui blockchain, fell sharply from $4.19 to $3.62 by the time of writing on May 23, marking a nearly 14% drop within a day.

SUI是SUI区块链的本地令牌，到5月23日写作时，Sui从4.19美元下降到3.62美元，在一天之内下降了近14％。

CETUS, the native token of the affected protocol, declined from $0.26 to $0.15 during the immediate aftermath of the breach. Its current price of $0.17 indicates only a partial recovery.

受影响协议的本地令牌Cetus在违规后立即下降到0.26美元至0.15美元。其目前的价格为0.17美元，仅表示部分恢复。

Tokens across the wider ecosystem reacted with similar volatility. Memecoins native to Sui, including LOFI, HIPPO, SQUIRT, SLOVE, and MEMEFI, experienced losses ranging from 51% to 97%. Although prices have since stabilized, investor confidence remains low.

整个更广泛的生态系统的令牌与相似的波动率反应。 SUI本地人的Memecoins，包括LOFI，河马，Squirt，Slove和Memefi，经历了51％至97％的损失。尽管价格稳定下来，但投资者的信心仍然很低。

Among the top 15 assets listed on Cetus, more than 75% of the total value was erased. Some tokens, such as LBTC and AXOLcoin, saw their prices collapse to nearly zero.

在CETUS上列出的前15个资产中，删除了总价值的75％以上。有些令牌，例如LBTC和Axolcoin，它们的价格下跌了几乎为零。

The broader impact went beyond token prices, with Sui’s total value locked dropping from $2.13 billion to $1.92 billion by the time of writing, highlighting a contraction over a matter of hours.

更广泛的影响力超出了代币的价格，SUI的总价值从21.3亿美元下降到写作时的19.2亿美元，突出了几个小时内收缩。

Let’s delve into how the exploit was carried out, what structural flaws it exposed, and how the community is preparing its response.

让我们深入研究如何进行利用，其暴露的结构缺陷以及社区如何准备其反应。

Sui hacker triggers liquidity drain on Cetus Protocol

SUI Hacker触发CETUS协议上的流动性耗尽

SUI Hacker触发CETUS协议上的流动性耗尽

The incident began with a vulnerability in the smart contract system underpinning Cetus’s pricing mechanism.

该事件始于CETUS的定价机制的智能合同系统中的脆弱性。

At the heart of the issue was the protocol’s oracle, designed to provide real-time price data to the platform for enabling fair trading across token pairs. In this case, the oracle served as the entry point for the exploit.

该问题的核心是协议的甲骨文，旨在向平台提供实时价格数据，以使跨令牌对实现公平交易。在这种情况下，甲骨文作为漏洞的入口点。

The wallet address involved, identified as “0xe28b50,” deployed spoof tokens such as BULLA to manipulate pricing curves and disrupt reserve balances.

涉及的钱包地址（被确定为“ 0xe28b50”）部署了欺骗令牌，例如Bulla，以操纵定价曲线并破坏储备金的余额。

Despite these tokens having minimal real liquidity, they were used to skew internal pool metrics, making valuable assets like SUI and USDC appear undercollateralized. This destabilization of the pricing logic allowed the attacker to extract real tokens from the pools without providing proportional value.

尽管这些代币具有最小的真实流动性，但它们仍用于偏向内部池指标，使SUI和USDC等有价值的资产看起来不足。定价逻辑的这种不稳定使攻击者能够从池中提取实际令牌而不提供比例值。

On-chain analysts observed the attacker transferring around $63 million in USDC from Sui to Ethereum (ETH) in the hours following the exploit.

链上分析师观察到攻击者在利用后的几个小时内将大约6300万美元的USDC从SUI转移到以太坊（ETH）。

Conversion data showed that $58.3 million was swapped for 21,938 ETH at an average rate of $2,658 per coin. The pace of execution, estimated at approximately $1 million per minute, indicated a coordinated and pre-planned operation.

转换数据表明，每枚硬币的平均价格为21,938美元，将5830万美元交换为21,938 ETH。执行步伐估计为每分钟约100万美元，表明进行了协调和预先计划的操作。

Cetus initially described the issue as an “oracle bug,” a term that drew immediate criticism from developers and security experts due to the scale and precision of the exploit.

Cetus最初将该问题描述为“ Oracle Bug”，该术语由于漏洞的规模和精度而引起了开发人员和安全专家的立即批评。

The incident began with an anomaly in the SUI/USDC liquidity pool on Cetus, as reported by blockchain monitor TokenInsight.

正如区块链显示器TokenInSight报道的那样，该事件始于CETUS上SUI/USDC流动性池的异常。

At 3:52 AM PT (11:52 UTC), there was a sudden surge in activity, with an abnormal liquidity addition of 10,000 SUI and 3,000,000 USDC.

PT上午3:52（UTC 11:52），活动突然激增，流动性异常增加了10,000 SUI和3,000,000 USDC。

Almost simultaneously, an equal amount of SUI was removed from the pool, along with 2,999,969 USDC, resulting in a net loss of 31 USDC for the pool.

几乎同时，从游泳池中删除了相等数量的SUI，以及2,999,969美元的USDC，导致池净损失31 USDC。

This transaction was executed by an address that had previously engaged in minimal activity on the chain, starting in March 2023. Prior to the exploit, the wallet held only a small amount of SUI, valued at less than $10.

这项交易是由以前从2023年3月开始在链条上从事最少活动的地址执行的。在剥削之前，钱包只持有少量SUI，价值不到10美元。

The incident occurred shortly after Cetus announced a new partnership with blockchain cybersecurity firm Haechi Labs to enhance security measures.

该事件发生在Cetus宣布与区块链网络安全公司Haechi Labs建立新的合作伙伴关系以增强安全措施后不久。

Following the exploit, the administrative team at Cetus announced the suspension of smart contract operations on May 22 at 4:00 AM PT to prevent further outflows from the protocol.

在漏洞利用之后，CETUS的行政团队于5月22日下午4:00宣布暂停智能合同操作，以防止该协议的进一步流出。

A public statement was posted on the project’s official X account, acknowledging the incident and pledging a full investigation. No

该项目的官方X帐户发布了公开声明，承认该事件并保证进行全面调查。不