TLDR;
- Hackers drained $11 million from Cetus DEX on Sui, crashing token prices by 75%.
- The attacker holds $150M in assets and is moving funds to Ethereum.
- Cetus paused its contracts with decentralized exchanges Bluefin and Momentum also halted operations.
- The attack raises fresh DeFi security concerns as crypto exploits exploits top $1.7B in 2025
Even as the world celebrated Bitcoin Pizza Day dark clouds loomed over the DeFi space as a major exploit rocked the Sui blockchain.
SUI’s Cetus DEX Exploited
On May 22, hackers drained $11 million from Cetus, the leading decentralized exchange (DEX) and liquidity protocol on Sui, triggering a dramatic collapse in token prices and exposing critical vulnerabilities in the network’s DeFi infrastructure.
The attack targeted the SUI/USDC liquidity pool on Cetus, resulting in a 75% plunge in most token prices and nearly wiping out the pool’s reserves. Elsewhere, within an hour of the breach, the price of SUI dropped nearly 5% before recovering, while CETUS, the native token of the DEX, collapsed by over 30%. TradingView data showed intensified sell pressure as panic rippled across DeFi markets.
According to blockchain data and reports from prominent crypto journalist Colin Wu, the hacker used wallet address “0xe28b…e8ff06” to extract liquidity from multiple pools before swapping the stolen assets into SUI.
Wu’s analysis revealed that the attacker now controls over $150 million in assets, including 12.989 million SUI (valued at $54 million). Cross-chain tracking further showed that the hacker has been moving funds into Ethereum, where another wallet linked to the exploit “0x89…919b” currently holds more than 9,200 ETH, worth approximately $24 million. Wu noted that the attacker continues to conduct cross-chain operations and is actively converting funds.
Crypto Community Offers Help
In response, the Cetus team quickly paused their smart contracts and issued a public alert.The SUI team also acknowledged the exploit noting that their experts were actively engaging Cetus amid ongoing investigations.
At 3:52 AM PT, we became aware of an incident concerning Cetus. The Cetus team has our active support in this ongoing investigation and will provide further updates as soon as they become available. https://t.co/LZwGeaCXvH
— Sui (@SuiNetwork) May 22, 2025
Binance founder Changpeng Zhao “CZ” also chimed in, noting that they were helping Cetus monitor the funds, adding that he knew other security firms dealing with the same.
That said, while initial reports framed the incident as a hack, some members of the Sui community speculate that it may have stemmed from a critical bug in the oracle mechanism, an algorithmic pricing system that feeds real-time asset values to the smart contract. If mispriced, oracles can be exploited to manipulate liquidity pools.
$CETUS IS NOT HACKED.
BUG IN THE ORACLE.
FALSE ALARM AND I GOT A NICE FUD ENTRY pic.twitter.com/BF905WDs9r
— Lieutenant Ponzi (@LieutenantPonzi) May 22, 2025
The breach had immediate ripple effects. Bluefin, the second-largest DEX on the Sui network, suspended its spot trading platform, assuring users that funds remained secure. Momentum, another major DeFi platform on Sui, also halted operations as a precautionary measure.
De-Fi Exploits Continue to Soar
This latest attack comes amid growing concerns over DeFi security. Earlier on Thursday, on-chain sleuth ZachXBT reported that a separate, unidentified actor involved in the $300 million Coinbase user theft recently converted $42.5 million in Bitcoin to Ethereum via Thorchain, further underscoring how seamlessly hackers are exploiting multi-chain ecosystems.
By the end of April 2025, hackers had already stolen over $1.7 billion in crypto assets, eclipsing the total $1.49 billion lost to DeFi exploits throughout all of 2024, according to data from Immunefi.
