A total of $223 million in user funds was stolen during the Cetus hack, with the majority of the amount having been frozen by validators of the Sui network and associated ecosystem partners.
Blockchain security firm Dedaub released a post-mortem report on the Cetus decentralized exchange hack, identifying an exploit in the liquidity parameters used by the Cetus automated market maker (AMM) as the root cause. The vulnerability went undetected due to a missed code ‘overflow’ check.
According to the report, the attackers exploited a vulnerability in the most significant bits (MSB) check, allowing them to drastically alter liquidity parameter values and open disproportionately large positions with minimal effort. Security researchers at Dedaub documented the findings.
This allowed them to add massive liquidity positions with just one unit of token input, subsequently draining pools collectively containing hundreds of millions of dollars worth of tokens.
Observers view the event and the subsequent post-mortem analysis as part of a troubling and ongoing pattern of cybersecurity breaches and attacks targeting the crypto and Web3 sectors.
Industry executives have repeatedly warned that firms must implement protective measures and ensure user safety before regulators step in with their own safeguards.
Cetus Decentralized Exchange Hacked, Resulting in $223 Million Losses
Hackers attacked the Cetus exchange on May 22, causing user losses that totaled $223 million within 24 hours.
Cetus and the Sui Foundation also announced that validators on the Sui network had frozen a significant portion of the stolen assets.
The Cetus team reported that validators and ecosystem partners froze $163 million out of the total $223 million on the same day the hack occurred.
Response Sparks Criticism and Centralization Allegations
The crypto community responded with mixed reactions to the decision to freeze the stolen funds, with decentralization advocates criticizing the validators’ intervention and control over the chain.
One user on X stated—echoing many similar sentiments—that ‘Sui validators are actively censoring transactions across the blockchain.’
The post added that ‘the network is completely undermining the fundamental principles of decentralization, effectively turning it into a centralized, permissioned database.’
In a May 23 post on X, Steve Bowyer noted that ‘many venture capital–backed Web3 projects operate with a heavy reliance on centralization, despite claiming to follow Bitcoin’s foundational ethos.’