On the evening of May 22, community rumors claimed that Sui ecosystem DEX Cetus LP was hacked and its trading pools were being drained. As a result, SUI ecosystem tokens collectively flash crashed. Dexscreener data shows that some tokens dropped over 80% in 1H, including: HIPPO dropped 80.3% momentarily; LOFI dropped 75.39% momentarily; SQUIRT dropped 96.65% momentarily; WET dropped 75.38% momentarily; CETUS dropped 49.6% momentarily.
Sui was also affected to some extent in this hacking incident. According to OKX market data, the SUI token dropped to a low of $3.9, with a maximum 1-hour drop of 7%. Before this article was written, SUI price had recovered to around $4, with CETUS temporarily reporting at $0.167.
Who is Cetus?
Cetus is a DEX and CLMM based on SUI and Aptos blockchains (and one of the largest DEX and LP protocols on the Sui chain), with trading volume and TVL occupying an important position in the Sui ecosystem. It allows users to create permissionless LP pools, providing functions such as trading, LP management, and farming, similar to Uniswap V3.
After the hacking attack, Cetus posted on X platform: "An abnormality in the protocol has been detected, and smart contracts have been temporarily suspended for security reasons. The team is investigating this matter and will publish an investigation statement later."
Slowmist's Chief Information Security Officer @im23pds stated, "Preliminary analysis suggests that the Cetus theft might be due to a vulnerability caused by calculation precision issues."
Subsequently, another DEX in the Sui ecosystem, Bluefin, announced on the X platform: "To ensure user safety, we have taken preventive measures and temporarily stopped Bluefin spot trading services. It needs to be emphasized that the Bluefin platform remains in a completely safe state. Our team is closely monitoring the situation."
What have the hackers done so far?
According to AI Aunt's (@ai 9684 xtpa) monitoring, Sui ecosystem's largest DEX Cetus (@CetusProtocol) was stolen of approximately $260 million in assets. These stolen tokens have not been fully sold yet. The hacker's address (0xe28b50cef1d633ea43d3296a3f6b67ff0312a5f1a99f0af753c85b8b5de8ff06) has mainly done two things in the past half hour: withdrawing token liquidity and cross-chaining about 60 million USDC from SUI to Ethereum mainnet to exchange for ETH (since most token pool stablecoins are USDC, which accounts for the majority). So far, the hacker has accumulated 23,244 ETH, worth $61.6 million.
Therefore, it can be confirmed that the current token's short-term plunge is mainly due to pool withdrawal and emotional panic.
Additionally, according to PeckShieldAlert's monitoring, the hacker deposited $10 million in SUI assets into Suilend, possibly intending to borrow stablecoins. Moreover, the Cetus hacker transferred 24 million SUI to a new address (0xcd8962...0ac9562), worth approximately $96 million.
Assistance from Various Parties
Similar to the Bybit theft incident, various parties have come forward to assist in the Cetus theft.
Binance founder CZ stated: "We are trying our best to help SUI. The situation is not good. Hope everyone stays SAFU."
The Sui official posted on X platform: "At 18:52 Beijing time, we learned about an incident involving Cetus. Currently, the Cetus team is actively investigating this matter, and we will provide full support and update information as soon as possible."
