The Cetus decentralized crypto platform was hit by a major hack on Thursday morning. Attackers successfully stole about $223 million in digital assets from the popular exchange. Cetus initially announced an incident early that day pausing the platform for safety reasons. Later the company officially confirmed that a malicious attacker had indeed stolen the funds. Cetus stated it took immediate action to lock its smart contract preventing further theft. They reported that $162 million of the initially compromised funds have been successfully “paused.” Cetus which operates on the Sui blockchain did not explain what “paused” meant. This significant exploit has understandably shaken investor confidence in the DeFi platform’s security.
Cetus is now actively pursuing all available paths to recover the remaining stolen funds.
They are closely working with the Sui Foundation and other partners in this effort. Officials at the company have pledged to provide a full incident report later. Multiple cryptocurrency security experts said blockchain data showed about $50 million was transferred. These stolen funds were quickly moved by the attacker to a new wallet address. There was significant initial debate regarding the exact root cause of this incident. Some pointed to messages suggesting a protocol vulnerability was exploited by the unknown hacker. Other experts told news outlets the hacker likely manipulated coin prices during the attack.
Cetus had previously announced handling $50 billion in total cumulative trading volume by April.
This recent Cetus attack follows many other large-scale hacks on cryptocurrency trading platforms. For example the Bybit exchange lost over $1.4 billion in a previous attack. Coinbase one of the biggest U.S. platforms also announced a major incident last week. Over $2 billion worth of cryptocurrency was stolen from various platforms in 2024. Cetus has identified the Ethereum wallet address that is linked to the attacker. They are now attempting to negotiate a time-sensitive whitehat settlement with the hacker. The offer is to return funds in exchange for full immunity from legal prosecution. Cetus even made this negotiation offer completely public sharing links to it on-chain. Simultaneously anti-cybercrime organizations are assisting with fund tracing and also law enforcement.
In a follow-up statement Cetus confirmed it identified the exploit’s root cause. The company also stated that the vulnerable software package has now been fully patched. They acted quickly to inform other developers reducing risks of similar exploits elsewhere. Community members on social media praised the speed of the Cetus team’s response. However many also questioned the underlying security audit processes that failed to catch this. This DeFi incident highlights that innovative code does not always mean secure application code. Cetus has promised a full post-mortem report once their complete investigation is concluded. Their highest priority now is fund recovery and keeping communication channels open for updates. This breach is a stark reminder of risks within even promising DeFi ecosystems.
Reference:
