The Sui Foundation has announced a $10 million investment to enhance network security following a major exploit of the Cetus Protocol, a decentralized exchange built on the Sui blockchain. On May 22, 2025, attackers exploited vulnerabilities in Cetus’ smart contracts, particularly within a custom math library, allowing them to manipulate liquidity pools through spoof tokens and arithmetic overflow to drain approximately $223 million in crypto assets.
Despite the hack occurring at the protocol level rather than within the Sui blockchain or its Move programming language, the breach exposed broader ecosystem weaknesses. Prompt coordinated actions by Sui validators successfully froze $162 million of the stolen assets, although about $60 million had already been bridged to Ethereum.
The attack impacted over 62,000 users of the Cetus Protocol, leading to a 14% decrease in the price of the SUI token and a significant drop in the network's Total Value Locked (TVL) from $2.1 billion to $1.5 billion. In response, Sui plans to use the security funds for smart contract audits, bug bounty programs, formal verification tools, and collaborations with its developer community to strengthen dApp defenses.
This incident has re-ignited debates about blockchain governance and the balance between network immutability and user protection, particularly after Sui proposed an on-chain vote regarding the return of frozen funds, drawing comparisons to Ethereum’s historic DAO incident. Additionally, both Cetus and the Sui Foundation have offered bounties, totaling $11 million, to identify and apprehend the attackers.
Industry experts see this as a pivotal moment for Sui’s maturity as a Layer 1 blockchain, emphasizing the necessity of proactive security measures across the Web3 ecosystem to mitigate risks and enhance trust.