- $220 million drained from liquidity pools on May 22, 2025.
- Sui validators froze a portion of stolen assets.
- Cetus offers a $6M bounty for fund return.
Cetus Protocol, a decentralized exchange on the Sui Network, suffered a $220 million security breach on May 22, 2025. This incident marks the largest DeFi hack of the year, significantly impacting liquidity pools.
The breach significantly impacts the DeFi industry, highlighting vulnerabilities in blockchain protocols. The incident precipitated immediate market turmoil and prompted action from Sui’s validators and Cetus, aimed at asset recovery and preventing further disruptions.
The Cetus Protocol’s liquidity pools were breached, leading to the theft of approximately $220 million. The decentralized exchange is taking active steps to recover the stolen funds. On May 23, the team communicated directly with the attacker, proposing a white hat bounty of 2,324 ETH for the return of the stolen assets. They also patched the exploited vulnerability. The Sui Foundation and validators actively participate in containing the situation, freezing and monitoring suspicious transactions.
“We swiftly took action to freeze the stolen assets, collaborating closely with validators to mitigate the damage from this significant breach.” – Sui Foundation Representative, Foundation Member, Sui Foundation Cointelegraph
The hack of Cetus Protocol resulted in market disruption, with certain token prices experiencing an 80% decline. Cetus’ liquidity pool vulnerability was technically exploited, not handed through social engineering. The financial repercussions were substantial, with 63 million of stolen funds converted to Ethereum’s stablecoin USDC and then to ETH on the Ethereum network.
Some financial regulatory experts suggest potential impacts could lead to stricter security protocols in DeFi operations, urging developers to ensure smart contracts are foolproof. Notably, 2025 has experienced a record in crypto breaches, with Cetus being its most affected victim so far. The collaboration with Inca Digital might offer new security insights in the blockchain space.
Cetus asserts legal actions will be pursued if the attacker does not cooperate. Histories of previous breaches suggest a heightened focus on blockchain, serving as an impetus for more robust regulatory frameworks in cryptocurrency markets. Proper security measures and public vigilance are crucial in deterring future breaches.
