Cetus Protocol recently suffered a significant security breach, resulting in the theft of approximately $223 million. The team has since identified the hacker’s Ethereum wallet address and is engaged in negotiations for the return of the stolen funds.
Cetus Takes Action towards SUI hack
A proposal has been made to settle the outstanding balance through a white-hat hacker, with the assurance that no further legal action will be pursued if the terms are accepted.
📜 Dear Sui community, thank you for your patience while our team works on the incident investigation and resolution.
Since taking the actions indicated in our previous announcement, we have also done the following:
1. We engaged the broader ecosystem, Sui team, and related… https://t.co/Gs1EWXZ6AD
— Cetus🐳 (@CetusProtocol) May 22, 2025
In response to the incident, Cetus has implemented few measures to prevent further unauthorized access. The protocol’s contract was locked to halt additional thefts, and $162 million of the compromised funds have been successfully paused. The team is collaborating with the Sui Foundation and other ecosystem partners to recover the remaining stolen assets.
The attack has had a significant impact on the Sui ecosystem. Cetus Protocol’s native token (CETUS) experienced a 40% decline, while Sui-based meme coins such as Bulla (BULLA) and Planet Mojo (MOJO) saw drops exceeding 90%. Additionally, Axol (AXOL) plummeted nearly 99.5%, according to CoinGecko data.
On-chain monitoring tools have reported that at least $63 million of the stolen funds were bridged to Ethereum, including a single transaction involving 20,000 ETH. In fact, a wallet tied to the Cetus Protocol exploit, 0xe28b50, apparently was holding over 12.9 million SUI, valued at approximately $54 million at current prices.
Cetus trading volumes surged to $2.9 billion on May 22, up from $320 million the previous day, indicating significant activity related to the exploit.
The Cetus team is working diligently to recover the remaining funds and prevent further incidents. They have engaged professional anti-cybercrime organizations to assist with fund tracking and negotiations. Discussions with law enforcement are ongoing, and a comprehensive incident report will be disclosed in due course.
The protocol has expressed gratitude for the community’s patience and support during this challenging time. They remain committed to transparency and will provide updates as new information becomes available.
The attack has sent shockwaves across the crypto industry, note that the incident was first flagged by On-chain researcher COMDARE3. The user saw steep, unexplained losses across DEX-listed assets during early US trading hours. Several analysts pointed out that the attacker used spoof tokens like BULLA to exploit broken price curves and reserve calculations. Later on, the attacker added near-zero liquidity to manipulate internal LP state and continuously removed SUI and USDC without depositing anything meaningful.
Scallop (SCA), a Sui-based money market protocol, has also stopped all borrowing activity pending further review. The platform said user funds remain secure.
Also Read: Will SUI Price Lose $3 Support After $220M Cetus Hack?
