On May 22, the decentralized exchange Cetus operating on Aptos and Sui blockchains experienced a security breach resulting in an alleged $223 million loss. The blockchain security firm Dedaub released a post-mortem report identifying the root cause as a flaw in Cetus' automated market maker (AMM) liquidity parameters. Specifically, hackers exploited a vulnerability in the most significant bits (MSB) check allowing them to manipulate liquidity values exponentially and drain hundreds of millions worth of tokens.
Following the hack, Sui network validators and ecosystem partners swiftly intervened, freezing $163 million of the stolen funds on the same day to limit further damage. This decisive action, although effective, sparked debate within the crypto community; decentralization advocates criticized the validators for active censorship and control, arguing the intervention undermines blockchain principles and centralizes the network.
Prior to this post-mortem report, SlowMist was examining allegations of a $230 million exploit at Cetus but had not found conclusive evidence or issued official statements. Market reactions have remained muted, showing no significant turbulence or trading disruptions for CETUS tokens during ongoing investigations. However, the incident highlights persistent cybersecurity challenges facing DeFi platforms and emphasizes the importance of robust safeguards in the sector.
The hack and subsequent validator response have renewed discussions about balancing security with decentralization, as some industry members warn that without adequate protections, regulatory interventions may increase. Cetus and related parties are currently evaluating recovery plans while the community monitors developments.