Skip to main content
Sign in
Cetus CLMM1 decision on this page

Audit log

Every state-changing event for Cetus CLMM: moderation decisions on community submissions, plus corrections and updates from the news pipeline. URL-based decisions carry three independent witnesses — the original source, an Internet Archive snapshot taken at submission time, and a Solana memo signed by our publicly-disclosed publisher key.

  1. #1publishby system:backfill
    2026-05-20 03:37:16Z
    Score: ?? (no score change)
    anchoranchored
    chain
    mainnet-betaslot 420,905,978
    sig
    GMZ47FsGKEQg…SZt85vzuexplorer ↗
    hash
    DA2bsPktsenm…NxRP3a4Lsha256 → base58
    verifying row…full verify ↗
    canonical bytes (8416 B) ▸
    {"actor":"system:backfill","investigation_id":"cc1ddaee-d8b6-435b-9531-c78d1fdcd65c","kind":"publish","page_slug":"cetus-clmm","published_at":"2026-05-20T03:37:16.397Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"Cetus CLMM","sections":[{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"","type":"other","url":"https://academy.binance.com/en/articles/what-is-the-cetus-protocol-cetus"},{"credibility":3,"name":"","type":"other","url":"https://www.okx.com/en-us/learn/what-is-cetus-protocol"},{"credibility":3,"name":"","type":"other","url":"https://dedaub.com/blog/the-cetus-amm-200m-hack-how-a-flawed-overflow-check-led-to-catastrophic-loss/"}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"","type":"other","url":"https://www.halborn.com/blog/post/explained-the-cetus-hack-may-2025"},{"credibility":3,"name":"","type":"other","url":"https://www.cyfrin.io/blog/inside-the-223m-cetus-exploit-root-cause-and-impact-analysis"},{"credibility":3,"name":"","type":"other","url":"https://blocksec.com/blog/cetus-incident-one-unchecked-shift-drains-223m-largest"},{"credibility":3,"name":"","type":"other","url":"https://dedaub.com/blog/the-cetus-amm-200m-hack-how-a-flawed-overflow-check-led-to-catastrophic-loss/"},{"credibility":3,"name":"","type":"other","url":"https://cointelegraph.com/explained/how-220m-was-stolen-in-minutes-understanding-the-cetus-dex-exploit-on-sui"},{"credibility":3,"name":"","type":"other","url":"https://www.elliptic.co/blog/cetus-protocol-hacked-for-more-than-200-million"},{"credibility":3,"name":"","type":"other","url":"https://www.quillaudits.com/blog/hack-analysis/cetus-protocol-hack-analysis"}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"","type":"other","url":"https://cointelegraph.com/news/sui-vote-on-162m-frozen-cetus-funds-sparks-decentralization-debate-finance-redefined-may-23-30"},{"credibility":3,"name":"","type":"other","url":"https://beincrypto.com/decentralization-trust-shaken-cetus-hack/"},{"credibility":3,"name":"","type":"other","url":"https://blog.sui.io/cetus-incident-response-onchain-community-vote/"},{"credibility":3,"name":"","type":"other","url":"https://www.ainvest.com/news/sui-network-freezes-162-million-cetus-exploit-90-9-validators-approve-return-2505/"},{"credibility":3,"name":"","type":"other","url":"https://www.dlnews.com/articles/defi/sui-validators-votes-hack-the-cetus-hacker-and-return-160m/"},{"credibility":3,"name":"","type":"other","url":"https://www.cryptotimes.io/2025/05/24/260m-cetus-hack-sui-freezing-funds-sparks-decentralization-concerns/"},{"credibility":3,"name":"","type":"other","url":"https://bitcoinist.com/sui-220-m-crypto-hack-centralization-backlash/"}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"","type":"other","url":"https://x.com/zachxbt/status/2040055823804793165"},{"credibility":3,"name":"","type":"other","url":"https://www.elliptic.co/blog/cetus-protocol-hacked-for-more-than-200-million"},{"credibility":3,"name":"","type":"other","url":"https://www.theblock.co/post/396296/blockchain-sleuth-zachxbt-accuses-circle-slow-usdc-freezes-420-million-illicit-funds"},{"credibility":3,"name":"","type":"other","url":"https://www.merklescience.com/blog/hack-track-how-a-shared-library-bug-triggered-the-223m-cetus-hack"}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"","type":"other","url":"https://www.theblock.co/post/357386/sui-dex-cetus-protocol-restarts-platform-after-recovering-from-223-million-exploit"},{"credibility":3,"name":"","type":"other","url":"https://www.coindesk.com/business/2025/06/09/sui-s-cetus-dex-is-back-online-after-usd223m-exploit"},{"credibility":3,"name":"","type":"other","url":"https://unchainedcrypto.com/cetus-relaunches-protocol-after-recovering-162m-from-exploit/"},{"credibility":3,"name":"","type":"other","url":"https://medium.com/@CetusProtocol/cetus-relaunch-incoming-recovery-plan-and-the-road-ahead-9fc0f8bd5c41"},{"credibility":3,"name":"","type":"other","url":"https://thedefiant.io/news/defi/cetus-protocol-relaunches-restores-over-50-tvl-after-usd220-million-exploit"},{"credibility":3,"name":"","type":"other","url":"https://www.coindesk.com/markets/2025/05/28/sui-network-steps-in-to-compensate-cetus-losses-in-full-after-223m-exploit"}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"","type":"other","url":"https://blockworks.co/news/sui-cetus-exploit-dex-security"},{"credibility":3,"name":"","type":"other","url":"https://www.cyfrin.io/blog/inside-the-223m-cetus-exploit-root-cause-and-impact-analysis"},{"credibility":3,"name":"","type":"other","url":"https://www.theblock.co/post/396296/blockchain-sleuth-zachxbt-accuses-circle-slow-usdc-freezes-420-million-illicit-funds"},{"credibility":3,"name":"","type":"other","url":"https://beincrypto.com/decentralization-trust-shaken-cetus-hack/"}]}],"sources_used":[],"summary":"Cetus Protocol is a concentrated liquidity market maker (CLMM) and the dominant decentralized exchange on the Sui Network, launched in 2023. On May 22, 2025, an arithmetic overflow vulnerability in its fixed-point math library enabled an attacker to drain approximately $223 million from liquidity pools in the largest DeFi exploit of 2025, of which roughly $162 million was subsequently frozen by Sui validators and later returned to affected users via an on-chain governance vote. The incident raised significant concerns about smart contract security, audit effectiveness, and the degree of decentralization on the Sui network.","timeline":[{"date":"2023-05-01","event":"Cetus Protocol launches on Sui mainnet with CLMM architecture; CETUS token generation event conducted","source":""},{"date":"2023-05-01","event":"OtterSec and MoveBit complete initial security audits of Cetus smart contracts; arithmetic overflow path in get_delta_a not flagged as critical","source":""},{"date":"2025-04-01","event":"Zellic completes audit of Cetus codebase; no critical vulnerabilities identified","source":""},{"date":"2025-05-22","event":"Exploit begins at approximately 10:30 UTC; attacker exploits checked_shlw overflow bug to drain approximately $223 million from Cetus liquidity pools on Sui","source":""},{"date":"2025-05-22","event":"Attacker bridges approximately $61 million USDC from Sui to Ethereum via CCTP across 60+ transactions over 90 minutes; Ethereum receiving address: 0x89012a55cd6b88e407c9d4ae9b3425f55924919b","source":""},{"date":"2025-05-22","event":"Cetus suspends smart contracts; Sui validators coordinate to freeze approximately $162 million in attacker-controlled funds remaining on Sui","source":""},{"date":"2025-05-22","event":"Cetus team and private sector experts request Circle to freeze stolen USDC on Ethereum; Cetus offers $5 million bug bounty to attacker for return of funds","source":""},{"date":"2025-05-23","event":"Decentralization criticism erupts publicly; Justin Bons (Cyber Capital) and Duo Nine (YCC) argue Sui validator coordination demonstrates centralized fund control","source":""},{"date":"2025-05-26","event":"Sui Foundation publishes on-chain governance proposal to transfer frozen funds to a 4-of-6 multisig trust wallet held by Cetus, Sui Foundation, and OtterSec","source":""},{"date":"2025-05-29","event":"On-chain governance vote concludes early; validators representing 90.9% of stake vote yes; frozen funds transferred to multisig trust","source":""},{"date":"2025-06-01","event":"Circle blacklists attacker's Ethereum USDC address approximately one month after exploit; stolen USDC had already been converted to ETH, rendering blacklist ineffective for recovery","source":""},{"date":"2025-06-08","event":"Cetus Protocol relaunches at 03:00 UTC with full functionality restored; Sui Foundation $30 million USDC loan and $7 million protocol reserves deployed to replenish liquidity","source":""},{"date":"2025-06-10","event":"CETUS token compensation vesting begins; 5% of total supply immediately claimable, 10% to unlock linearly over 12 months for affected LPs","source":""},{"date":"2026-04-03","event":"ZachXBT publishes broader analysis alleging Circle failed to freeze approximately $420 million in illicit USDC across 15 incidents including Cetus; Cetus case cited as exhibit of delayed response","source":""}]},"v":1}
    Verify offline (run on your own machine)
    python -m src.verify_decision 16cb51f6-78d8-43b0-9f80-0dea01ce5548
How verification works. The “Row integrity” check above is computed in your browser — your machine recomputes the SHA-256 of the canonical bytes and compares against the stored hash. No avoid.net server can fake that check. The “full verify” link goes one level deeper: your browser fetches the on-chain transaction from a Solana RPC node and confirms the same hash is in the memo. If you don’t want to trust either avoid.net or the public RPC, run the CLI verifier on your own machine — python -m src.verify_decision <event_id>.