Cetus Protocol successfully secured $160 million in assets following a significant hack that targeted its liquidity pools on the Sui blockchain. The exploit, which occurred in May 2025, leveraged vulnerabilities in Cetus’s smart contract logic rather than issues with Sui’s consensus or Move programming language, as clarified by Mysten Labs co-founder Adeniyi Abiodun. The breach initially involved over $220 million in assets being hijacked.
Working closely with the Sui Foundation, the team managed to freeze the stolen assets and initiate their recovery, marking one of the largest DeFi hack recoveries on the Sui network to date. The incident has disrupted liquidity in Sui’s DeFi ecosystem, significantly impacting tokens such as SUI, USDC, and ETH involved in the exploited pools.
The recovery has sparked intense debate within the community over blockchain decentralization. Validator interventions to freeze assets raised questions about the balance between maintaining decentralization and protecting users from financial losses. Some critics accuse these measures of censorship, while others emphasize their necessity for asset security.
Cetus has announced plans for a Twitter Spaces event in June to further discuss these issues with its community. A $6 million whitehat bounty has also been offered to incentivize the hacker to return remaining stolen funds. The breach underscores challenges in DeFi governance and security, encouraging protocols to reassess their risk management and protective strategies based on prior incidents such as those involving Poly Network and Euler Finance.