Cetus Strikes Back: How a Crypto Project Fought Off a Multi-Million Dollar Hack

When thieves struck, Cetus didn’t fold—it doubled down. The decentralized exchange turned a security nightmare into a masterclass in crisis response.

Anatomy of a heist: How attackers exploited a vulnerability

The breach unfolded like a Hollywood script—sophisticated, fast, and brutal. But unlike traditional finance (where banks take 6 months to admit there’s a problem), Cetus had patches rolling within hours.

Damage control: Freezing funds, tracing transactions, and the $64,000 question—will users get reimbursed?

While Wall Street hedge funds lose more to expense account fraud than this hack, the crypto world watches closely. After all, nothing proves decentralization’s mettle like surviving an attack—and living to tweet about it.

Cetus Attacked: Massive Losses Ensue

Hackers exploited a vulnerability in Cetus’s smart contract, using counterfeit coins to manipulate price data and reserves. They successfully extracted real assets from various liquidity pools, including the prominent SUI/USDC pair. Initially, a team member misidentified the attack as a software error, but it was later confirmed to be an orchestrated cyber assault. In response, Cetus officials froze the smart contract to prevent further damage.

Cetus’s official statements disclosed that while $223 million in crypto assets were compromised, immediate action led to the freezing of $162 million. The team, in collaboration with the Sui Foundation and other ecosystem partners, is currently tracking the remaining funds. A comprehensive incident report is anticipated to be published shortly.

Binance Steps Up: SAFU Fund Support on the Table

Binance co-founder and former CEO, CZ, expressed in a social media statement that their team WOULD extend full support to the Sui ecosystem. CZ confirmed that Binance swiftly liaised with the Sui team and technical experts are actively deciphering the attack’s specifics. During this period, deploying Binance’s SAFU fund to cover user losses or provide technical support remains a potential course of action.

The incident not only affected Cetus but also highlighted the ongoing concerns about security vulnerabilities in the industry. Similar to the criticism faced by Circle during the previous Bybit attack, slow response times have further magnified the distrust in centralized organizations. Cyvers’s CEO, Deddy Lavid, emphasized that neglecting real-time alerts is among the sector’s major weaknesses.

The Cetus breach joins the ranks of the largest crypto thefts in recent months, alongside February’s $1.4 billion Bybit hack and the $400 million internal theft from Coinbase.