On May 22, 2025, Cetus Protocol, one of the most well-known DeFi platforms on the Sui blockchain, experienced a major security breach. The attack targeted Cetus’ core liquidity pools and allowed the hacker to steal many user funds before the system was paused.
While most stolen funds have since been frozen, the incident raised tough questions about platform security and transparency. Here’s a clear summary of what happened and what Cetus is doing now to fix the damage.
The Cetus Protocol Hack
The attack began just after 10:30 UTC, when a hacker started making strange transactions that confused the system.
Within minutes, Cetus’ internal monitoring tools detected something unusual, and by 11:00, the team had shut down the main parts of its system to prevent further damage.
The hacker found a weakness in the way the system handled liquidity, essentially, they tricked the platform into thinking they had added more value than they did. This allowed them to withdraw real funds without fairly contributing anything.
Most of the damage happened very quickly, but the response was just as fast. Cetus worked with members of the Sui blockchain community to stop any more money from being taken.
With the help of Sui’s validators (the people who help run the network), they managed to freeze two of the hacker’s wallets, which held a large portion of the stolen funds.
However, the attacker had already moved some of the money to Ethereum, another blockchain, where it cannot be frozen as easily.
Cetus has made it clear that some confusion has spread online about what caused the hack. A previously reported bug that had already been fixed was wrongly blamed. This recent exploit was caused by a completely different issue that had not been spotted in earlier security checks.
Recovering From the Incident
Now that the attack has been stopped, Cetus is focusing on recovery. The team is working closely with blockchain experts and security firms to check and improve all parts of the platform before bringing anything back online.
They’re reviewing the updated system with extra care and will only restart once they’re confident that the issue has been fixed.
Cetus has also shared its plans for helping affected users. The team is designing a recovery programme with support from the Sui community to return lost funds.
This includes a vote by network validators that could speed up the return of assets to users. Cetus is urging validators to back this effort so that the recovery can move ahead.
Looking forward, Cetus has promised to be more open about how it tests and secures its system. This means:
- Running more regular security checks
- Improving tools to detect unusual activity faster
- Making risk controls stricter
- Encouraging users and developers to report any weaknesses they find, with rewards for doing so
Even though Cetus had gone through multiple audits before this incident, the attack showed that relying on external tools and code can still leave blind spots. The team has admitted they placed too much trust in the system’s existing security and are now taking full responsibility to do better.
Conclusion
The recent Cetus hack is a serious moment for both the platform and the wider DeFi world. It shows that even well-established projects are not immune to new threats, especially when the systems they rely on are complex and built using shared code.
But this event also highlighted the strength of the Sui community. Thanks to the fast reaction of the Cetus team and Sui validators, much of the stolen money was quickly locked down. Cetus is now working hard to fix the damage, return user funds, and put in place better protections for the future.
For users, this is a reminder that decentralised finance carries risks, but also that transparent handling of those risks is key. Cetus still has work to do, but its commitment to recovery, honesty, and stronger security may be what helps rebuild trust in the long run.