SUI区块链生态系统受到了巨大的安全漏洞的震动

CETUS协议是其最大的分散交易所（DEX）和流动性提供商，证实了据报道的漏洞，据报道造成了超过2亿美元的排水资金。

A massive security breach within the Sui blockchain ecosystem has come to light, with Cetus Protocol, the largest decentralized exchange (DEX) and liquidity provider on the network, confirming an exploit that has reportedly resulted in over $200 million being drained from its protocols.

SUI区块链生态系统内的大规模安全漏洞已经曝光，CETUS协议，该网络上最大的分散交易所（DEX）和流动性提供商，据报道，据报道，该漏洞已导致超过2亿美元的资金从其协议中耗尽了超过2亿美元。

The exploit, which came to light on Thursday, saw attackers utilize "spoof tokens" to manipulate Cetus Protocol's internal price curves and liquidity reserve calculations. By adding nearly zero liquidity with these artificial tokens, the malicious actors were allegedly able to trick the system into allowing them to repeatedly withdraw real assets like SUI and USDC from various liquidity pools without needing to meaningfully deposit any value.

周四揭露的漏洞利用利用攻击者利用“欺骗令牌”来操纵CETUS协议的内部价格曲线和流动性储备金计算。通过在这些人造代币中添加几乎为零的流动性，据称恶意演员能够欺骗该系统，使他们能够从各种流动性池中反复撤回像SUI和USDC这样的真实资产，而无需有意义地存入任何价值。

The incident was confirmed by Cetus Protocol itself via an X post, in which it stated that its smart contracts have been temporarily paused out of safety precautions as a full investigation into the matter is ongoing. The protocol noted that approximately $162 million of the compromised funds had been "paused," indicating efforts are being made to recover a substantial portion of the stolen assets, potentially with cooperation from the Sui Foundation.

CETUS协议本身通过X帖子证实了这一事件，其中指出，由于对此事的全面调查，其智能合约已暂时暂停出于安全预防措施。该协议指出，大约1.62亿美元的折衷资金被“暂停”，表明正在努力追回大部分被盗资产，可能在SUI基金会的合作下进行。

As of Thursday morning, Cetus Protocol's smart contracts have been paused to prevent further theft of funds. We have also engaged the broader Sui ecosystem and several third parties for incident analysis and fund tracing, successfully flagging the hacker’s accounts.

截至周四早上，CETUS协议的智能合约已暂停，以防止进一步盗窃资金。我们还聘请了更广泛的SUI生态系统和几个第三方进行事件分析和资助追踪，并成功地标记了黑客的帐户。

Moreover, we have identified and patched the root cause of the exploit, quickly notifying other ecosystem builders to avoid such vulnerabilities. We are also working with professional anti-cybercrime organizations for specialized support in tracing the funds and potentially negotiating with the hacker. Finally, we are in contact with relevant law enforcement to arrange further assistance.

此外，我们已经确定并修补了利用的根本原因，并迅速通知其他生态系统构建者以避免这种脆弱性。我们还与专业的反周期组织合作，以寻求资金并可能与黑客进行谈判。最后，我们正在与相关执法部门联系以安排进一步的帮助。

On-chain analysis reveals that the attacker's wallet, (which we will not be linking out of respect for user privacy), is still active and holds millions in SUI tokens. A large sum of USDC has also been bridged to other chains, likely in an effort to quickly obfuscate the stolen funds.

链上分析表明，攻击者的钱包（我们不会出于对用户隐私的尊重而链接），仍然活跃，并持有数百万个SUI令牌。大量USDC也已被桥接到其他连锁店，可能是为了迅速使被盗的资金混淆。

This large-scale theft has exposed a critical vulnerability within the Sui DeFi infrastructure, as key token pools on the chain are now nearly empty, rendering trading functionality nearly impossible.

这种大规模的盗窃案在SUI Defi基础架构中暴露了一个关键的漏洞，因为链条上的关键令牌池现在几乎是空的，几乎不可能使交易功能变得不可能。

While the exact nature of the vulnerability is still being investigated by several community members, security experts are pointing towards an "oracle manipulation attack." This method involves deceiving a protocol's price oracle – the mechanism that feeds external price data to smart contracts – into misrepresenting asset values, allowing attackers to exploit discrepancies.

虽然几位社区成员仍在调查脆弱性的确切性质，但安全专家指出了“甲骨文操纵攻击”。该方法涉及欺骗协议的价格甲骨文（将外部价格数据供应智能合约的机制）误解了资产价值，从而使攻击者能够利用差异。

In the immediate aftermath, Cetus Protocol's native token, CETUS, has plummeted by over 40%, while numerous Sui-based meme coins experienced even steeper declines, with some losing over 90% of their value. Despite the widespread panic and significant disruption to the ecosystem's liquidity, the native SUI token itself has shown surprising resilience, with its price experiencing only minor fluctuations following the news.

在紧随其后的是，Cetus协议的原始令牌Cetus跌落了40％以上，而许多基于SUI的Meme硬币的下降甚至更高，其中一些损失了其价值的90％以上。尽管对生态系统的流动性造成了广泛的恐慌和严重的破坏，但本地Sui代币本身表现出令人惊讶的弹性，其价格在新闻后仅出现微小的波动。