On May 22, 2025, Cetus Protocol was hit by a sophisticated exploit that drained over $260 million. As the largest DEX on the Sui blockchain, Cetus was a cornerstone of Sui’s growing DeFi ecosystem. The attack wasn’t just another code vulnerability—it exposed deeper weaknesses in how economic logic and DeFi incentives can be manipulated.
The ripple effects were immediate. Token prices collapsed. Protocols paused. Confidence in the Sui ecosystem took a major hit. Understanding how this happened is key to understanding the future of decentralized finance.
JUST IN: Cetus Protocol on SUI exploited, over $260 million stolen — attacker converting funds to USDC and bridging to Ethereum. pic.twitter.com/atIkdks1rF
— Whale Insider (@WhaleInsider) May 22, 2025
What Made Cetus So Important?
Cetus wasn’t a niche experiment. It provided core trading infrastructure for hundreds of projects across Sui and Aptos. The protocol supported concentrated liquidity pools, dynamic fees, and flashswap functions. These features made trading efficient and capital use more productive.
But complexity comes with risk. The same mechanics that drove growth became the perfect target for an attacker who understood how to break price logic from the inside.
How the Exploit Worked
The attacker didn’t need to breach security from the outside. Instead, they used the system’s own rules. By creating spoof tokens—fake assets like BULLA—they added these to Cetus liquidity pools. Then they used flashswaps to manipulate how prices were calculated.
The result? They pulled real assets like SUI and USDC out of the pools by feeding in worthless tokens at inflated prices. Once they had the funds, they bridged $60 million to Ethereum and used $58.3 million to buy over 21,900 ETH. That was just one part of the total $260 million drained.
Update on the @CetusProtocol exploit:
— Sui Ninja (@sui_ninja_) May 22, 2025
SUI CPO @EmanAbio reports that out of the estimated $220M–$230M stolen, around $150M–$160M have been frozen and will be restored to Cetus pools soon.
The root cause appears to be a smart contract bug.
More updates to follow. Stay tuned. pic.twitter.com/H8hkUhIcUj
The Real Flaw Was in the Economic Design
From the information that is currently available, this does not appear to be a smart contract bug in the traditional sense. The core problem appears to be that Cetus didn’t validate the tokens being added to pools. This allowed spoof tokens to affect pricing and reserve calculations. That made it possible to use flashswaps to drain real value with no real cost.
Economic exploits like this are becoming more common. Attackers don’t need to find coding errors—they just need to find flaws in how value is measured.
The Ecosystem Response: Quick, But Not Enough
The Cetus team paused smart contracts and started tracing the stolen funds. The Sui Foundation offered help, and centralized exchanges monitored suspicious flows. Binance CEO Changpeng Zhao also confirmed they were watching the situation.
But despite the fast response, the damage had already spread. Users lost trust. Other Sui-based protocols like Scallop and Bluefin paused features on their platforms temporarily.
🚨PSA: BORROWS PAUSED ON SCALLOP
— Scallop (@Scallop_io) May 22, 2025
All borrowing on Scallop DApp will be paused temporarily due to an incident detected on @CetusProtocol.
An announcement will be made once borrows are reopened.
All funds are SAFU on Scallop.
What This Means for DeFi’s Future
DeFi protocols are no longer attacked through obvious bugs. Instead, attackers look for weaknesses in design logic and pricing mechanisms. Flash loans and flashswaps, if unguarded, let attackers break assumptions that DeFi depends on.
Developers need to go beyond audits. They need to run economic stress tests and create fallback systems. That means validating every token, setting clear price boundaries, and creating circuit breakers that halt trades when logic breaks down.
Lessons for Builders and Users
If you build DeFi protocols, learn from this. Validate every input. Simulate every edge case. Don’t trust price signals without multiple layers of checks. If you’re a user, spread risk across platforms and chains. Watch how teams respond when things go wrong—because that shows their true resilience.
The Cetus Protocol hack didn’t just hit wallets. It forced the entire DeFi world to look harder at how protocols work—and where they still fall short.
*Disclaimer: News content provided by Genfinity is intended solely for informational purposes. While we strive to deliver accurate and up-to-date information, we do not offer financial or legal advice of any kind. Readers are encouraged to conduct their own research and consult with qualified professionals before making any financial or legal decisions. Genfinity disclaims any responsibility for actions taken based on the information presented in our articles. Our commitment is to share knowledge, foster discussion, and contribute to a better understanding of the topics covered in our articles. We advise our readers to exercise caution and diligence when seeking information or making decisions based on the content we provide.
[…] Conduct Economic Stress Tests: Simulate edge cases and adversarial scenarios to identify weaknesses in economic logic, as recommended by Genfinity. […]
[…] Conduct Economic Stress Tests: Simulate edge cases and adversarial scenarios to identify weaknesses in economic logic, as recommended by Genfinity. […]