Malaysia
Singapore
Philippines
Stay connected with BizTech Community—follow us on Instagram and Facebook for the latest news and reviews delivered straight to you.
The biggest distributed exchange (DEX) and liquidity provider on the network, Cetus Protocol, was attacked holistically on Thursday, draining over $220 million from its liquidity pools.
Targeting weaknesses in Cetus’s smart contracts, the exploit has rocked the distributed finance (DeFi) ecosystem and caused major token price collapses as well as general worry regarding the security of blockchain-based financial platforms.
A terrible exploit unfolds
Early on Thursday, the attack saw hackers using flaws in Cetus’s smart contracts to drain money from many liquidity pools.
According to on-chain data, the native token of the Sui blockchain, SUI, was taken out of the SUI/USDC liquidity pool alone, valued at almost $11 million.
Using spoof tokens—fake assets with no market value—the assailant changed the protocol’s price data, draining significant volumes from the system’s liquidity reserves.
On LinkedIn, Manan Vora, director of the crypto custody company Liminal, eloquently detailed the hack: “Imagine coming to a toy market, bringing false toys that look precious but are useless, then trading them for genuine toys and running. On Sui, that is essentially what happened.”
This comparison emphasizes the sly character of the assault, which took advantage of Cetus’s lack of validation of the token’s authenticity.
The immediate and serious fallout was that Liquidity for several token pairs on Cetus fell once swapping features stopped.
Based on CoinGecko data, SUI’s price dropped by almost 7%, to $3.8. At the time of writing, Cetus’s native CETUS token slumped by 33%. It traded at roughly $0.16.
As liquidity dried up, other tokens on the Sui network—Lofi and Hippo—saw catastrophic drops of 76% and 81%, respectively.
Ripple Effects All Around the Sui Ecosystem
The hack destabilized the larger Sui DeFi ecosystem, not limited to Cetus.
On Thursday, the total value locked (TVL) in Sui-based systems fell by approximately $330 million; Cetus itself saw an 84% asset decrease, leaving just $38 million on the platform.
Underlining the seriousness of the liquidity issue, the USDC stablecoin on Sui momentarily depegged to zero.
Bluefin and Momentum, among other Sui-based DEXs, announced temporary closures of their operations, citing the necessity of ensuring ecosystem stability prior to returning to activities. This cascade impact emphasises the linked character of DeFi protocols and the broad repercussions of a single point of failure.
How the Attack Was Done
The assailant took a deliberate, well-considered approach. Sending fake tokens to Cetus allowed them to take advantage of weaknesses in the protocol’s smart contracts, which lack validation of the token’s legitimacy.
By manipulating price feeds with these bogus assets, the hacker may freely empty liquidity pools. Lookonchain’s on-chain investigation found that the assailant bridged stolen funds to the Ethereum blockchain and traded USDC for 21,938 ETH at an average price of $2,658 per ETH, therefore generating about $58 million.
Even with the scope of the hack, Cetus reacted quickly. The team managed to freeze $160 million of the syphoned money and stopped its smart contracts to stop more loss.
“We are working with the Sui Foundation and other ecosystem members right now on next-step solutions with the goal of recovering the remaining stolen funds,” Cetus said in a comment placed on X.
The Sui Foundation also acknowledged its cooperation with Cetus, pointing out that validators on the network are neglecting transactions linked to the hackers’ addresses, freezing their activities in a way reminiscent of conventional financial sanctions.
On-chain data showed that their wallet held more than $37 million in assets, mostly USDC, but the assailant was still able to withdraw almost $60 million.
An All-Time Record-breaking Year for Hacker Crypto
The biggest DeFi hack of 2025, a year already beset with major crypto security lapses, is the Cetus hack. With a shocking $1.4 billion hack earlier this year, the Bybit exchange set a sad industry record.
The Cetus event emphasizes even more the ongoing weaknesses in DeFi systems, where hostile actors mostly target smart contract problems.
Emphasizing its dedication to solving the hack, the Sui Foundation said, “A large number of validators identified the addresses with the stolen funds and are ignoring transactions on those addresses until further notice.”
This concerted reaction highlights the important part validators play in preserving blockchain integrity, but it also raises issues concerning the trade-offs between decentralization and centralised intervention under crisis conditions.
Current Research and Future Action
Cetus and the Sui Foundation are actively investigating the incident; further information is expected as it unfolds. While the Sui Foundation is trying to evaluate the full extent of the disturbance, the Cetus team has committed to sending updates as soon as they become accessible.
Other Sui-based DEXs’ interim suspension implies that the ecosystem is still under extreme vigilance since stakeholders give stability top priority over quick operations.
The event has sparked debates about the security of DeFi systems, so the larger crypto community is keeping a close eye.
Experts contend that preventing such exploitation depends on thorough smart contract audits and real-time monitoring systems.
The Cetus hack reminds us sharply of the dangers present in distributed systems, where the lack of centralized control could expose protocols to advanced threats.
Conclusion
The focus of the inquiry will likely shift towards recovering the last stolen assets and rebuilding trust in the Sui ecosystem.
Although the freezing of $160 million in assets is a noteworthy move, the attacker’s ability to flee with over $60 million emphasizes the difficulties of maintaining dispersed platforms.
For now, customers of Cetus and the larger Sui community are still adjusting to a hack that has rocked one of the main blockchain systems.
This story is an evolving narrative; more updates will be given when fresh material surfaces.
