KEYTAKEAWAYS
-
Cetus Protocol on Sui suffers $220M+ hack due to smart contract exploit, highlighting persistent DeFi security vulnerabilities despite blockchain advancements.
-
Attackers exploited pricing/oracle flaws, converting stolen funds cross-chain while $160M was frozen, exposing systemic risks in young DeFi ecosystems.
-
The hack underscores critical needs for improved smart contract audits, decentralized oracles, and cross-chain monitoring to ensure DeFi's long-term viability.
CONTENT
Decentralized Finance (DeFi) has become one of the most disruptive applications of blockchain technology. It offers services like lending and trading without middlemen, attracting millions of users and billions of dollars worldwide.
But while DeFi offers high returns, it also comes with high risks. Problems like smart contract bugs and oracle attacks are common.
On May 22, 2025, Cetus Protocol—the largest DEX on the Sui network—was hacked, with losses estimated between $220 million and $260 million. This event highlights the importance of security in DeFi, no matter how advanced the technology is.
WHAT HAPPENED: A PLANNED ATTACK
Cetus is a major DEX built on the Sui blockchain, known for its high-speed and low-cost transactions. It uses an automated market maker (AMM) system and had large liquidity pools.
On May 22, hackers found a flaw in the system—likely in the pricing curve or oracle data—and used fake tokens (like BULLA) to steal around 12.9 million SUI (worth $54 million) and $60 million in USDC.
The attackers moved quickly, converting stolen assets to Ethereum (ETH) and transferring them across blockchains to hide their tracks.
As of May 23, the hacker’s wallet still held about $137 million and was using multiple chains (like Polygon and BNB Chain) to launder the funds.
The Cetus team acted fast, pausing the contracts to stop more losses and working with Sui Foundation and security firms like PeckShield.
Thanks to Sui’s fast response system, about $160 million has been frozen. But tracking the rest is difficult, especially with cross-chain movement and privacy-focused blockchains involved.
MARKET IMPACT: TRUST IN CRISIS
This hack caused major disruptions in the Sui ecosystem. CETUS token price dropped 34%, and meme coins like BULLA crashed by 60–97%.
Surprisingly, the SUI token stayed more stable, falling only 2.37% and holding at around $3.90, showing some continued trust in Sui’s technology.
Still, this event raised big questions. Users on social media questioned whether Cetus was properly audited and called for stronger oversight from the Sui Foundation. This situation shows how fragile new blockchain ecosystems can be and how critical trust and security are.
LESSONS FOR THE INDUSTRY: SYSTEMIC RISKS EXPOSED
This event is similar to other big DeFi hacks like the 2021 Poly Network ($600M) and 2022 Ronin ($624M). These incidents show that DeFi, while fast-growing, still has deep risks.
Cetus may have been hacked because of flaws in its pricing or oracle system. This shows smart contracts are complex and easy targets. Even audited code can have hidden issues.
Projects need to do deeper audits, use trusted security firms like CertiK or Trail of Bits, and update contracts regularly.
Also, the oracle problem is back in focus. If this hack was due to oracle manipulation, it shows DeFi still depends too much on external data. We need more reliable, decentralized oracle systems to fix this.
Cross-chain transfers make it hard to track stolen funds. Attackers use bridges and privacy features to hide. We need better tools to monitor across blockchains.
The Cetus team and Sui Foundation acted quickly, but some money is likely gone for good. This shows that DeFi protocols need better crisis plans. They also need to communicate openly with users during problems to rebuild trust.
Investors also need better risk awareness. Many lose money simply because they don’t know the dangers. The industry should help users learn how to stay safe—by spreading their investments and using secure wallets, for example.
、
LOOKING AHEAD: SECURITY IS KEY FOR DEFI
The Cetus hack is not just a problem for Sui—it reflects deeper issues in DeFi. Even though Cetus and the Sui Foundation are trying to fix things and recover the money, this event exposed key problems in smart contracts, oracles, and cross-chain safety.
Compared to past attacks, the financial loss here is smaller, but the impact on a young ecosystem like Sui could be serious.
If Sui wants to keep growing, it must strengthen audits and enforce security standards for all projects on its network.
Going forward, DeFi must balance innovation with safety. Developers should use modular contract designs and better oracle systems.
Auditors need smarter tools for detecting new types of attacks. Users must stay informed and involved in the ecosystem’s governance.
The Cetus case reminds us: without strong security, the dream of financial freedom through DeFi can’t become reality.
Only with continuous improvements in technology, industry cooperation, and user education can DeFi truly grow and succeed.
