Cetus Protocol, a decentralized exchange operating on the Sui and Aptos blockchains, has confirmed a $223 million cryptocurrency theft following a smart contract exploit. The platform has paused affected contracts and launched an investigation in collaboration with blockchain security experts and law enforcement.
Exploit Origin and Ongoing Tracing Efforts
The incident began with a vulnerability in a smart contract package, which allowed the attacker to manipulate the platform’s automated market maker (AMM) logic. Blockchain analytics firm Elliptic reports that the flaw may have enabled flash loan-style attacks through pool price manipulation.
Cetus stated:
“We identified the root cause of the exploit, fixed the related package, and informed ecosystem builders as fast as we could… to prevent other teams being affected.”
As part of the emergency response, $162 million in compromised funds were paused on the Sui blockchain after a validator vote. The attacker’s Ethereum wallet address has been identified and flagged across major exchanges and virtual asset service providers. Elliptic is tracking the attacker’s cross-chain fund movements, including swaps from USDT to USDC and transfers from Sui to Ethereum.
Whitehat Deal and Law Enforcement Involvement
In a public appeal, Cetus Protocol offered the hacker a “time-sensitive whitehat settlement,” promising not to pursue legal action if the stolen assets are returned.
To increase pressure, the project has announced a $5 million bounty for information leading to the identification and arrest of the attacker.
Law enforcement agencies are actively involved, and multiple third parties are assisting in tracing and freezing any remaining assets.
Cetus Protocol Background and Market Impact
Cetus Protocol uses a Concentrated Liquidity Market Maker (CLMM) model, enabling liquidity providers to set specific price ranges, which boosts capital efficiency and supports advanced trading strategies.
As of May 2025, Cetus had processed over 144 million trades across 15 million accounts, with a total trading volume of $57 billion.
The breach marks one of the largest decentralized exchange attacks this year, raising concerns across the DeFi security ecosystem. Further updates are expected as investigations continue.
