Cetus Protocol, the largest decentralized exchange on the Sui blockchain, is offering a $6 million bounty to the hacker behind a massive $223 million exploit that occurred on May 22.
In a May 22 follow-up statement accompanied by an on-chain message, the Cetus team confirmed they had identified the attacker’s Ethereum wallet and offered a “whitehat settlement” to recover user funds. The hacker is being asked to return 20,920 ETH and all frozen assets on Sui (SUI) in exchange for keeping 2,324 Ethereum (ETH), worth approximately $6 million, and immunity from legal action.
Cetus said this is a time-sensitive offer and that if the funds are off-ramped or mixed, the deal is off. The team is coordinating with law enforcement, cybercrime specialists, the Sui Foundation, and regulators including FinCEN and the U.S. Department of Defense. Inca Digital, a cybersecurity firm, is leading the negotiation efforts.
📜 Dear Sui community, thank you for your patience while our team works on the incident investigation and resolution.
Since taking the actions indicated in our previous announcement, we have also done the following:
1. We engaged the broader ecosystem, Sui team, and related… https://t.co/Gs1EWXZ6AD
— Cetus🐳 (@CetusProtocol) May 22, 2025
The breach exploited a vulnerability in Cetus’ pricing mechanism and impacted its concentrated liquidity market maker pools. The attacker used spoof tokens, which are fake or low-value assets with manipulated metadata, to inject tiny amounts of liquidity into trading pools.
Because of the distortion of those pools’ internal accounting, the hacker was able to take out substantial quantities of valuable tokens, such as SUI and USD Coin (USDC), at incorrect exchange rates.
The attacker deceived the system into believing the pools were balanced by carefully timing these spoof token deposits with complex flash swaps and price manipulation. As a result, they were able to drain substantial real assets without supplying equivalent value.
Cetus had reportedly passed recent security audits prior to the hack. However, by exploiting internal pricing logic and economic assumptions rather than simple code errors, the attacker’s method evaded typical vulnerability scans.
After initially draining $11 million from an SUI/USDC pool, the attacker quickly intensified the attack. They bridged more than $60 million in stolen funds to Ethereum and bought over 21,900 ETH. They currently have millions of SUI, ETH, and stablecoins in their wallets.
The Sui ecosystem was severely damaged by the exploit. Smaller tokens like AXOL, HIPPO, and SQUIRT lost almost all of their value, while the SUI token dropped as much as 15%. CETUS, the token of Cetus, fell 20–33%. Trading volumes surged as users scrambled to withdraw funds.
Cetus has paused smart contracts following the hack the hack and is attempting to secure its platform. The incident raises questions about the security of DeFi protocols on newer chains like Sui and Aptos (APT). Although these ecosystems offer innovation, analysts warn that vulnerabilities in complex DeFi logic remain a persistent risk.
