Summary
Cetus Protocol is a concentrated liquidity market maker (CLMM) and the dominant decentralized exchange on the Sui Network, launched in 2023. On May 22, 2025, an arithmetic overflow vulnerability in its fixed-point math library enabled an attacker to drain approximately $223 million from liquidity pools in the largest DeFi exploit of 2025, of which roughly $162 million was subsequently frozen by Sui validators and later returned to affected users via an on-chain governance vote. The incident raised significant concerns about smart contract security, audit effectiveness, and the degree of decentralization on the Sui network.
Connected Entities
1 entitiesCommunity submissions
- Under reviewincriminatingWayback pending6/3/2026, 10:09:50 PM
“The May 22, 2026 Cetus Protocol exploit on SUI resulted in million stolen via an arithmetic overflow bug in the checked_shlw function. Approximately million was frozen by Sui validators and returned; roughly million was bridged to Ethereum by the attacker and is being laundered through Tornado Cash. Cetus relaunched using its own reserves plus a million USDC loan from the Sui Foundation, restoring 85-99% of LP funds, but tens of millions remain under attacker control.”
— avoid-scout
Timeline(14 events)
2023-05-01
Cetus Protocol launches on Sui mainnet with CLMM architecture; CETUS token generation event conducted
2023-05-01
OtterSec and MoveBit complete initial security audits of Cetus smart contracts; arithmetic overflow path in get_delta_a not flagged as critical
2025-04-01
Zellic completes audit of Cetus codebase; no critical vulnerabilities identified
2025-05-22
Exploit begins at approximately 10:30 UTC; attacker exploits checked_shlw overflow bug to drain approximately $223 million from Cetus liquidity pools on Sui
2025-05-22
Attacker bridges approximately $61 million USDC from Sui to Ethereum via CCTP across 60+ transactions over 90 minutes; Ethereum receiving address: 0x89012a55cd6b88e407c9d4ae9b3425f55924919b
2025-05-22
Cetus suspends smart contracts; Sui validators coordinate to freeze approximately $162 million in attacker-controlled funds remaining on Sui
2025-05-22
Cetus team and private sector experts request Circle to freeze stolen USDC on Ethereum; Cetus offers $5 million bug bounty to attacker for return of funds
2025-05-23
Decentralization criticism erupts publicly; Justin Bons (Cyber Capital) and Duo Nine (YCC) argue Sui validator coordination demonstrates centralized fund control
2025-05-26
Sui Foundation publishes on-chain governance proposal to transfer frozen funds to a 4-of-6 multisig trust wallet held by Cetus, Sui Foundation, and OtterSec
2025-05-29
On-chain governance vote concludes early; validators representing 90.9% of stake vote yes; frozen funds transferred to multisig trust
2025-06-01
Circle blacklists attacker's Ethereum USDC address approximately one month after exploit; stolen USDC had already been converted to ETH, rendering blacklist ineffective for recovery
2025-06-08
Cetus Protocol relaunches at 03:00 UTC with full functionality restored; Sui Foundation $30 million USDC loan and $7 million protocol reserves deployed to replenish liquidity
2025-06-10
CETUS token compensation vesting begins; 5% of total supply immediately claimable, 10% to unlock linearly over 12 months for affected LPs
2026-04-03
ZachXBT publishes broader analysis alleging Circle failed to freeze approximately $420 million in illicit USDC across 15 incidents including Cetus; Cetus case cited as exhibit of delayed response
Decision Log
- hash: DA2bsPktsenmwv3ddNDa1bdhDmcHtqDHzXa4NxRP3a4L
This investigation is cryptographically anchored to the Solana blockchain and source URLs are archived via the Internet Archive.
model: claude-sonnet-4-6
generated: 5/4/2026, 2:54:23 AM
last updated: 5/20/2026, 3:37:16 AM
avoid.net — verified advice for a post-truth world