The Sui blockchain ecosystem has been rocked by one of its most devastating events yet—an exploit on Cetus, its largest decentralized exchange (DEX), that resulted in the loss of over $200 million in crypto assets. The incident, which unfolded rapidly, has sparked widespread panic, caused a sharp selloff in Sui-based tokens, and reignited debates around DeFi security and stablecoin issuer response times.
What Happened in the Cetus Exploit on Sui?
On May 22, 2025, hackers targeted vulnerabilities in the smart contracts of Cetus Protocol, the most prominent DEX on the Sui network. According to Deddy Lavid, CEO of blockchain security firm Cyvers, the attackers used spoof tokens to exploit pricing and reserve calculation mechanisms.
By manipulating the DEX’s oracle system and faking price signals, the hacker was able to drain multiple liquidity pools—including the high-liquidity SUI/USDC pool—by extracting real crypto assets in exchange for worthless tokens.
> “The attacker deployed spoof tokens to distort price curves and trick the protocol into releasing real funds,” explained Lavid.
The Fallout: Massive Losses Across Sui Ecosystem
The impact was immediate and severe. Meme tokens on the Sui network experienced catastrophic losses:
Lofi (LOFI) plunged 76%
Sudeng (HIPPO) nosedived 80%
Squirtle (SQUIRT) collapsed 97%
The Cetus token (CETUS) itself crashed 53% within an hour of the exploit.
Data from DEX Screener reveals that 46 Sui-based tokens suffered double-digit losses in just 24 hours, making this one of the worst single-day performances for the ecosystem.
How Much Was Stolen in the Cetus Exploit?
Blockchain security firm PeckShield estimates that the total loss amounts to $200 million. Cyvers reports that the attacker currently holds:
$164 million in a wallet on the Sui network
$61.5 million bridged out as USDC on Ethereum
The attacker primarily used USDC, a widely adopted stablecoin, to exit the ecosystem. The speed and ease of bridging funds raised alarms within the community and called into question the response times of stablecoin issuers like Circle and Tether.
Cetus Response and Smart Contract Pause
Following the exploit, the Cetus team issued an emergency alert on X (formerly Twitter), stating that the DEX had been paused and was under investigation:
> “There was an incident detected on our protocol and our smart contract has been paused temporarily for safety. The team is investigating the incident at the moment.”
Pausing smart contracts is a standard emergency response in DeFi to prevent further damage, but many users were already impacted before the pause took effect.
Was It a Smart Contract Bug or Oracle Manipulation?
Initial messages leaked from the Cetus team’s Discord suggest the exploit may have stemmed from a bug in its oracle system. However, cybersecurity analysts including Cyvers confirm it was an oracle manipulation attack.
Oracles act as bridges between on-chain and off-chain data—especially prices. By injecting spoof tokens and manipulating the price feed, the attacker tricked the smart contracts into executing trades at false valuations, effectively siphoning real tokens in return for fake ones.
Stablecoin Issuers Under Fire: Why Wasn’t USDC Frozen Sooner?
One of the major criticisms that followed the hack centered around Circle, the issuer of USDC, for failing to freeze funds fast enough. On-chain investigator ZachXBT and others questioned why it took several hours before any action was taken to flag or freeze the hacked funds.
> “We’ve repeatedly urged stablecoin issuers to act on our real-time alerts. In this threat environment, delay is indistinguishable from inaction,” said Lavid.
This isn’t the first time Circle or Tether have been criticized for slow reaction times. Similar scrutiny followed the Bybit hack in February, where it took more than five hours to freeze funds.
CZ Weighs In, Sui Token Survives the Storm
Former Binance CEO Changpeng “CZ” Zhao commented on the situation, writing on X:
> “Not a pleasant situation. Hope everyone stays SAFU!”
Interestingly, despite the exploit’s magnitude, the SUI token itself remained surprisingly resilient. According to CoinGecko, SUI actually gained 2.2% over the past 24 hours. This suggests that while DeFi apps on the network took a hit, investor confidence in the Sui Layer 1 protocol may still be intact.
Key Takeaways From the $200M Sui Cetus Exploit
1. Smart Contract Security Still a Major Weak Point
DeFi protocols continue to be vulnerable to sophisticated attacks, especially those exploiting oracle mechanisms and pricing vulnerabilities. This reinforces the need for more robust audits, on-chain monitoring, and fail-safe mechanisms.
2. Stablecoin Issuers Must Act Faster
The speed at which stolen funds can be bridged and laundered means issuers like Circle and Tether need faster reaction protocols when alerted about hacks involving USDC or USDT.
3. Decentralized Finance Still Faces Centralized Bottlenecks
Despite being decentralized in theory, DeFi projects rely on centralized or semi-centralized elements—like oracles and stablecoins—that can introduce systemic risk if not handled properly.
4. Community Communication Is Critical
The slow and vague responses from the Sui and Cetus teams frustrated many users. Clearer, real-time updates and transparency during crisis events can help retain user trust.
What’s Next for Cetus and the Sui Ecosystem?
The situation is still unfolding. At the time of writing:
Cetus contracts remain paused.
Investigations are ongoing.
Funds are being tracked by security firms and community sleuths.
Pressure is mounting on Circle to act quicker in freezing bridged USDC from exploits.
Recovery plans—if any—have not yet been announced. Users with exposure to Cetus or affected tokens are advised to monitor official updates and avoid interacting with potentially compromised pools.
Conclusion: A Wake-Up Call for DeFi Security
The Cetus exploit on Sui is a stark reminder that the DeFi landscape remains fraught with risk. While innovation continues to expand what’s possible in decentralized finance, security often lags behind.
Projects must prioritize smart contract audits, oracle hardening, and proactive communication. Meanwhile, stablecoin issuers like Circle must take their gatekeeping role more seriously. In fast-moving threat environments, delayed action often equals no action.
As the dust settles, the broader crypto community will be watching closely to see how Cetus, Sui, and others in the ecosystem rebuild trust.
0 Comments