4 min read
Cetus Protocol, the leading decentralized exchange on the Sui blockchain, is officially back online after a malicious oracle attack led to an exploit of $233 million in May.
The exploit, which sent multiple SUI-based tokens tumbling 70-90%, manipulated price curves and reserve calculations, allowing the attacker to remove liquidity from pools on the DEX.
“The attacker exploited a vulnerability in a CLMM-dependent open source library, drained assets from our major pools, and conducted a large number of on-chain swaps, severely disrupting pool prices and balances,” the platform wrote in a Saturday blog post.
“Since the incident, we’ve taken decisive steps to ensure the security of the protocol, recover assets, and prepare for a safe relaunch,” the post noted.
Those steps included retrieving around $162 million in funds frozen from the attack via a community governance vote, receiving a $30 million bridge loan from the Sui Foundation, patching vulnerabilities, and developing a compensation plan to address user losses.
Using the bridge loan from the Sui Foundation, 100% of the company’s cash reserves, and the recovered assets from the exploit, the company has now returned all affected liquidity pools to a healthy state, earning liquidity recovery rates of between 85-99% for the respective pools.
“Though an incident like this is disappointing, the overwhelming industry response to how it was handled has been incredibly positive,” Sui Foundation Managing Director Christian Thompson told Decrypt. “We are particularly proud of the speed and responsiveness of collective action taken by the Sui community.”
“Validators independently chose to quarantine transactions from attacker addresses based on public information, and then with the Sui Foundation’s help of calling for a vote, validators chose to return these funds to Cetus,” he added.
A full 100% recovery is not possible due to “asset limitations,” the protocol said, therefore it has established a compensation plan for affected parties that will grant CETUS tokens as a result of the losses from liquidity pools.
“We are allocating 15% of CETUS supply to the compensation contract,” the protocol wrote. “In taking these actions, it is our hope this token redistribution will transform CETUS into a more community-driven ecosystem going forward, a positive outcome from an incredibly challenging time for all of us.”
Eligible users can connect their wallets on the compensation tab of the Cetus Protocol to claim their CETUS tokens starting on Tuesday. The compensation plan unlocks 5% of CETUS tokens immediately, with an additional 10% vesting linearly over a 12 month period.
Any outstanding funds recovered from the hack moving forward will be offered to users instead of CETUS tokens. The protocol, which is working with law enforcement in multiple jurisdictions, remains confident that an arrest and recovery is “only a matter of time.”
“We’re rebuilding—more secure, more resilient, and more dedicated than ever to delivering secure, powerful and user-friendly DeFi infrastructure for the Sui ecosystem,” the protocol wrote.
The response to the attack from the Sui Foundation faced some pushback over centralization concerns, but Thompson said he believes it’s unfounded.
“The minority of critics who called the immediate response to the hack ‘centralized’ either misunderstood the facts about what happened, or fundamentally misunderstand what decentralization means,” Thompson told Decrypt.
“True decentralization isn't paralysis—it's coordination among independent parties who can act decisively when it matters,” he continued. “And the majority of the industry gets this and has been incredibly positive about both the Foundation and our community’s responses.”
SUI’s native token is up 5% in the last 24 hours to $3.44, but is down from around $4.15 on the day of the exploit. It remains nearly 36% off its January all-time high of $5.35.
Cetus Protocol's native CETUS token is down more than 75% from its November all-time high of $0.48 and is trading around $0.12 on Monday, a 30% decrease since the day of the exploit.
Edited by Andrew Hayward
Decrypt-a-cookie
This website or its third-party tools use cookies. Cookie policy By clicking the accept button, you agree to the use of cookies.