Cetus Protocol Exploit: $223M DeFi Hack Shakes Sui Ecosystem

Cetus Protocol suffers a $223M exploit due to a math error, shaking the Sui ecosystem and triggering a massive market sell-off.

Areeba Rashid
May 26, 2025
10:30 pm

Areeba Rashid

Areeba Rashid is a dedicated crypto news writer with a passion for making complex topics accessible to everyone. She covers the latest developments in the crypto world, including in-depth price analysis, helping readers stay informed and make sense of market trends.

Cetus Protocol was exploited, leading to $223M in losses and disrupting the Sui ecosystem.
A critical overflow bug in Cetus’s AMM system allowed attackers to manipulate liquidity and withdraw funds.
Sui Foundation freezes $163M of stolen assets, offering a $5M reward for information on the exploiters.

The Cetus Protocol which is a significant DEX on Sui, became the victim of a major exploit on May 22. The protocol’s automatic market maker logic which manages token swaps, was exploited by attackers. As a result of the breach, the DeFi project suffered losses of about $223 million, ranking it as one of the biggest DeFi exploits recently. The incident has caused a great stir in the Sui ecosystem.

🚨ANNOUNCEMENT

As of earlier today, we have confirmed that an attacker has stolen approximately $223M from Cetus Protocol. We have took immediate action to lock our contract preventing further theft of funds.

$162M of the compromised funds have been successfully paused. We are…
— Cetus🐳 (@CetusProtocol) May 22, 2025

As reported by blockchain firm Dedaub, the issue in Cetus’s AMM system caused the exploit. The protocol’s code fatally failed to protect against overflows, leading to this vulnerability. The system was unable to process large numbers, so the outputs were trimmed. Instead of not allowing any values larger than a certain number, the system made them appear smaller than they actually are. Because the system was not properly handled, attackers could manipulate it.

Exploit Caused by Math Error

The protocol was confused into reading a single token as a huge amount of liquidity by the attackers. The elevated role allows the attacker to take a large amount of real assets out of the funds in the liquidity pools. The exploit was the outcome of a math error that was never caught in the protocol.

Surprisingly, Ottersec, a blockchain security firm, pointed out the same issue back in 2023. The same vulnerability was discovered by Ottersec during their Aptos protocol review. Nevertheless, the problem remained when the protocol was launched on the Sui network. Although developers worked to fix the issue, the overflow protection continued to be flawed, letting the exploit take place.

According to Dedaub’s post-mortem, reviewing unusual cases and conducting detailed testing on complex math in DeFi protocols are very important. They were encouraged to manually test for overflows, since it became more important with large numbers or complicated mathematical formulas. This case demonstrates the dangers that still exist in DeFi, as the sector grows rapidly.

Cetus Exploit Shakes Market

The financial effects of the exploit were harsh and came up right away. Prices of SUI and CETUS declined by about 40%, while many smaller tokens associated with the network dropped by more than 90%. The widespread sell-off contributed to the ongoing chaos now seen across the Sui platform.

The Sui Foundation quickly placed about $163 million of the stolen assets on hold following the attack. Cetus has put up a rewards fund worth $5 million for anyone who can identify those who conducted the exploit. Until this investigation is resolved, this incident proves that DeFi protocols must have stronger security.