CETUS协议在针对其定价机制的利用中损失了2.23亿美元

区块链分析公司Lookonchain透露，攻击者从该协议中耗尽了超过2.6亿美元的资金。

Cetus Protocol, a decentralized exchange (DEX) operating on the Sui Network, has suspended its smart contract operations after a serious security breach, according to a report by Bitcoin.com.

根据Bitcoin.com的一份报告，CETUS协议是在SUI网络上运行的分散交易所（DEX），在严重的安全漏洞后暂停了其智能合同操作。

The platform confirmed the exploit on May 22 through its official X account, noting that the shutdown was necessary to prevent further fund loss, stating,

该平台通过其官方X帐户在5月22日确认了该漏洞，并指出关闭是为了防止进一步的基金损失，指出，指出，指出，指出，指出，指出，指出，指出，指出，说明

🚨Alert Announcement 🚨

Alert公告🚨

There was an incident detected on our protocol and our smart contract has been paused temporarily for safety. The team is investigating the incident at the moment. A further investigation statement will be made soon. We are grateful for your patience.

在我们的协议上发现了一个事件，我们的智能合约已暂时暂停为了安全。该团队目前正在调查事件。将很快发表进一步的调查声明。我们感谢您的耐心。

— Cetus (@CetusProtocol) May 22, 2023

- Cetus（@cetusprotocol）2023年5月22日

The exploit, which has been widely discussed on social media, saw an attacker steal over $260 million from the protocol, according to blockchain analytics firm Lookonchain.

根据区块链分析公司LookOnchain的说法，该攻击者从协议中窃取了超过2.6亿美元的攻击者。

The stolen assets are reportedly being swapped into USDC and bridged to Ethereum, where they are exchanged for ETH.

据报道，被盗资产被交换为USDC并桥接到以太坊，在那里它们被交换为ETH。

At the time of reporting, approximately $60 million in USDC had already been transferred across chains, Lookonchain reported.

据Lookonchain报道，在报告时，大约有6000万美元的USDC已经转移了链条。

The hacker stole about $260M from Cetus and is now swapping it to USDC and bridging it to Ethereum to exchange for ETH.

这位黑客从CETUS偷走了约2.6亿美元，现在将其交换给USDC，并将其桥接给以太坊以换取ETH。

The hacker has already bridged about $60M USDC to Ethereum.https://t.gov/uR7GV8jM8z

黑客已经将大约6000万美元的货币桥接到Ethereum.https：//t.gov/ur7gv8jm8z

— Lookonchain (@Lookonchain) May 22, 2023

- lookonchain（@lookonchain）2023年5月22日

Data from DeFiLlama supports this, showing a steep drop in the platform’s total value locked (TVL), which fell by more than $200 million to around $75 million.

Defillama的数据支持了这一点，显示该平台的总价值锁定（TVL）急剧下降，该价值下降了超过2亿美元，至7500万美元左右。

Meanwhile, Cetus Protocol’s native token, CETUS, plunged over 24% to $0.15 as of press time, according to CryptoSlate’s data.

同时，根据隐板板岩的数据，CETUS协议的本地令牌CETUS CETUS截至发稿时间跌至24％至0.15美元。

The exploit also triggered a broader selloff in the Sui ecosystem, with seven out of 11 Sui-based tokens tracked by CryptoSlate registering losses of around 5% or more.

该漏洞还引发了SUI生态系统中的更广泛的抛售，在11个基于SUI的令牌中，有7个由加密皮套的注册损失约为5％或更多。

Rosco Kalis, the founder of Revoke Cash, pointed out:

Revoke Cash的创始人Rosco Kalis指出：

The stolen funds mostly belonged to the LPs of the DEX. But this also caused a lot of Sui token prices to crash, affected normal users as well. The SUI token itself seems to be holding up relatively fine so far though, only down slightly for the day. https://t.gov/b289BmM73j

被盗的资金主要属于DEX的LP。但这也导致了许多SUI代币价格崩溃，也影响了普通用户。到目前为止，SUI代币本身似乎在相对较好的情况下，只有一天的时间略有下降。 https://t.gov/b289bmm73j

— Rosco Kalis (@RoscoKalis) May 22, 2023

- 罗斯科·卡利斯（Rosco Kalis）（@roscococalis）2023年5月22日

How Cetus was exploited

Cetus是如何利用的

Early analysis suggests the exploit may be linked to a flaw in the protocol’s pricing mechanism.

早期分析表明，利用可能与协议定价机制中的缺陷有关。

Alex Horlan, CTO of web3 security firm HackenProof, explained that the attacker likely used a near-zero liquidity injection to manipulate the pools’ internal state. This allowed them to extract valuable SUI and USDC tokens without contributing real assets.

Web3安全公司Hackenproof的首席技术官Alex Horlan解释说，攻击者可能使用接近零的流动性注入来操纵池的内部状态。这使他们能够在不贡献实际资产的情况下提取有价值的SUI和USDC代币。

He added that the team needs to:

他补充说，团队需要：

Check the math behind addLiquidity, removeLiquidity, and swap functions — especially where they Compute token ratios, Round small values, and Handle tokens with decimals = 0.

检查附加流体，去除液体和交换功能背后的数学 - 尤其是在计算令牌比，圆形值和以小数为单位= 0的令牌的情况下。

Earlier today, a member of the Cetus team posted to Discord that the platform was “not hacked, we’ve detected a bug in the oracle.” The general consensus among Crypto Twitter now appears to support oracle manipulation as the cause of the exploit.

今天早些时候，CETUS团队的一名成员发布到Discord上，该平台“没有被黑客入侵，我们在Oracle中发现了一个错误”。现在，加密推特之间的一般共识似乎支持Oracle操纵作为剥削的原因。

Cetus Protocol employs a dual approach to oracles within its ecosystem:

CETUS协议在其生态系统中采用双重方法：

* Internal oracle via concentrated liquidity pools: Cetus’s concentrated liquidity pools serve as an on-chain oracle by providing real-time liquidity data and historical price information. This mechanism allows external developers and platforms to access accurate market data derived directly from actual trading activities, reducing reliance on off-chain data sources, and is supposed to minimize risks associated with oracle manipulation.

*内部甲骨文通过集中流动性池：CETUS的集中流动性池通过提供实时流动性数据和历史价格信息来充当链甲骨文。这种机制使外部开发人员和平台可以访问直接从实际交易活动中得出的准确市场数据，从而减少对链链数据源的依赖，并应最大程度地减少与Oracle操纵相关的风险。

* Integration with Pyth Network: Cetus contributes its decentralized exchange (DEX) price data to the Pyth Network, a decentralized oracle solution.

*与Pyth网络集成：CETUS将其分散交换（DEX）价格数据贡献给Pyth Network，这是一种分散的Oracle解决方案。

As of press time, Pyth Network has not commented on the incident, so it is unclear whether the pricing issue originated from the on-chain oracles or Pyth.

截至发稿时，Pyth网络尚未对该事件发表评论，因此尚不清楚定价问题是否起源于链甲骨文或Pyth。

Despite the unsavoury incident, the project has received support from the broader crypto community. Binance founder and former CEO Changpeng Zhao noted that his team has reached out to help Cetus resolve the situation.

尽管发生了不愉快的事件，但该项目还是得到了更广泛的加密社区的支持。 Binance创始人兼前首席执行官Changpeng Zhao指出，他的团队已伸出援手帮助Cetus解决了这种情况。

The post Cetus Protocol suspends smart contract operations after $223 million exploit appeared first on Chain Brief.

CETUS POSTOALS POSTS PROTICT在2.23亿美元的利用后暂停了智能合同操作，首先出现在连锁摘要中。

Continue reading on Chain Brief

继续阅读链条简介