A total of $223 million in user funds was stolen during the Cetus hack, with the majority of the amount having been frozen by validators of the Sui network and associated ecosystem partners.
A post-mortem report on the Cetus decentralized exchange hack was released by blockchain security firm Dedaub, in which the root cause of the incident was identified as an exploit in the liquidity parameters utilized by the Cetus automated market maker (AMM). This vulnerability had not been detected due to a missed code “overflow” check.
As stated in the report, a vulnerability in the most significant bits (MSB) check was exploited by the attackers, enabling them to alter the liquidity parameter values drastically and open disproportionately large positions with minimal effort. The findings were documented by the security researchers at Dedaub.
This allowed them to add massive liquidity positions with just one unit of token input, subsequently draining pools collectively containing hundreds of millions of dollars worth of tokens.
The event, along with the subsequent post-mortem analysis, has been seen as part of the ongoing and troubling pattern of cybersecurity breaches and attacks affecting the crypto and Web3 sectors.
Repeated warnings have been issued by industry executives, emphasizing that firms should implement protective measures and ensure user safety before regulatory authorities intervene and enforce their own safeguards on the sector.
Cetus Decentralized Exchange Hacked, Resulting in $223 Million Losses
On May 22, a hack was carried out on the Cetus exchange, resulting in user losses totaling $223 million within a span of 24 hours.
It was also announced by Cetus and the Sui Foundation that a significant portion of the stolen assets had been frozen by validators on the Sui network.
According to the Cetus team, $163 million out of the total $223 million was frozen by validators and ecosystem partners on the very day the hack occurred.
Response Sparks Criticism and Centralization Allegations
The move to freeze the stolen funds was met with mixed responses from the crypto community, as the intervention by validators and their control over the chain was criticized by proponents of decentralization.
It was stated by one user on X, reflecting numerous similar sentiments, that “transactions are actively being censored by Sui validators across the blockchain.”
The post further stated that “the fundamental principles of decentralization are being completely undermined, effectively turning the network into a centralized, permissioned database.”
In a post shared on X on May 23, Steve Bowyer observed that “a notable number of Web3 projects supported by venture capitalists are being operated with a strong reliance on centralization, despite adopting the foundational ethos of Bitcoin.”
