May 22, 2025 – The top decentralized exchange (DEX) on the Sui blockchain, Cetus, is facing significant turmoil following a severe security breach.
This breach has led to a mass withdrawal of liquidity from the exchange’s token pairs, causing the price of $CETUS to plummet. In fact, reports indicate that the token has dropped over 90% in a single day, with damages estimated between $14 million and $35 million.
The Incident: Liquidity Crisis and Market Turmoil
News spread rapidly via social media, especially X (formerly Twitter), revealing that the liquidity pools on Cetus were entirely depleted, resulting in a catastrophic breakdown of several token pairs. The issue stemmed not from a lack of liquidity on Cetus but was driven by the Sui stablecoin, USDC, whose value allegedly dropped to zero. Panic ensued in the DeFi community, sending the price of $CETUS—the native token of the Cetus exchange—crashing by over 40% in just a few hours, wiping out substantial value.
The event created ripples across the Sui network, adversely affecting the price of $SUI, the blockchain’s native token, as both liquidity and trust eroded. Cetus had positioned itself as the cornerstone of DeFi on Sui, but following this incident, there are concerns about the extent of disruptions to its operations and market stability.
Initially, the Cetus team cited an oracle bug as the cause. However, analysts and the community quickly identified discrepancies in this narrative. On-chain data suggested that the situation was the result of an exploit rather than a malfunction. CertiK clarified that a counterfeit token was used for the exploit, misleading the system into accepting it as real, thereby allowing the attackers to unlawfully withdraw genuine liquidity from the pools.
Potential Ramifications for $SUI
The Cetus DEX breach has far-reaching consequences beyond the platform itself. As the primary DEX on Sui, Cetus handles most of the DeFi transactions on the blockchain. The disruptions to its liquidity pools threaten the price stability of numerous assets on the network, potentially leading to dramatic price fluctuations and upsetting investor confidence in the entire ecosystem.
With liquidity removed from crucial pools, trading pairs become vulnerable to slippage, complicating the execution of transactions at acceptable prices. This can instigate a chain reaction of panic selling throughout the ecosystem. Consequently, the price of $SUI, which had surged nearly 71% in May on the back of interest from institutional investors and optimism surrounding potential ETF listings, is now on a downward trajectory. The massive security breach threatens to reverse much of the recent positive momentum, eroding trust and leading to significant sell-offs. Stablecoins, particularly USDC, are especially vulnerable in these circumstances, as any instability can trigger broader market issues, escalating fears and resulting in further price drops.
Emerging Evidence of a Targeted Exploit
As the investigation unfolds, new evidence suggests that this incident was a targeted attack rather than a simple glitch. On-chain analysis indicates that the attackers successfully extracted $164 million into a single wallet, raising concerns about the scale and deliberate nature of the exploit.
The attackers employed a tactic involving the creation of a fake token that tricked the Cetus system into treating it as legitimate. They established a fraudulent trading pair with minimal fictitious liquidity, allowing them to siphon real funds from the pool repeatedly without providing any actual value in return. This type of exploit poses serious risks because it bypasses standard security protocols and directly jeopardizes the platform’s liquidity.
This revelation casts doubt on the claims of an oracle bug, as the reliance on pool math over external oracles diminishes the validity of that explanation. Instead, this incident appears to be a strategic operation that exploited a recently uncovered vulnerability in the DEX’s liquidity management framework.
The Future: Recovery or Continued Decline?
Currently, neither Sui nor Cetus has definitively confirmed the nature of the attack, but mounting evidence points to a purposeful exploit rather than an accidental error. This incident serves as a stark reminder of the vulnerabilities inherent in DeFi platforms and the risks associated with cross-chain liquidity pools, particularly within emerging ecosystems. It emphasizes the importance for Sui developers and the broader DeFi community to rigorously assess their architectural choices.
The short-term outlook for the Sui blockchain and its native token, $SUI, appears grim as the market copes with the fallout from the exploit. The Sui community, like other networks reliant on DeFi components, must confront the unsettling reality that DeFi exploits are likely inevitable. The immediate focus must be on preventing further theft and containing future exploits, prioritizing safety and transparency to rebuild trust.
This week underscores the critical need for robust security measures and transparent communication in the blockchain sphere. With $164 million lost, the Cetus breach serves as a cautionary tale for all DeFi platforms about the necessity to monitor liquidity management and safeguard user assets. The difference between Sui and Cetus’s response can significantly influence perceptions of each platform moving forward.