Cetus Protocol Cryptocurrency Heist Results in $223 Million Theft by Cybercriminals

The decentralized exchange Cetus Protocol has reported a significant breach, with hackers absconding with $223 million in cryptocurrency. In response to this incident, the project is extending an offer to halt all legal action against the perpetrator if the stolen funds are returned. Additionally, a $5 million bounty has been announced for information that could lead to the identification and arrest of the attacker.

Cetus Protocol specializes in decentralized trading and liquidity provision, utilizing the Sui and Aptos blockchains. The platform employs a Concentrated Liquidity Market Maker (CLMM) model, which enables liquidity providers to strategically allocate assets within specific price ranges. This model enhances operational efficiency and supports sophisticated trading strategies.

As of May 2025, Cetus Protocol reported a total trading volume of $57 billion, with over 15 million accounts engaged in 144 million transactions on its platform. The security incident took place recently, prompting immediate action from the team, which included pausing smart contracts to facilitate further investigation.

Shortly after the breach became apparent, Cetus Protocol confirmed that a substantial portion of the compromised funds—amounting to $162 million—had been successfully frozen.

In a subsequent update, the team disclosed that the exploit stemmed from a vulnerable software package, although specific details on the vulnerability have not been made public. They stated, “We identified the root cause of the exploit and fixed the related package, promptly notifying ecosystem builders to mitigate the risk of similar incidents affecting other teams.”

Furthermore, the team has identified the Ethereum wallet address associated with the attacker and is collaborating with external entities to trace and freeze the illicitly obtained funds. Law enforcement agencies have also been alerted to the situation.

Cetus Protocol has proposed a “time-sensitive whitehat settlement” to the hacker, aiming to encourage the return of the stolen assets by promising not to pursue legal action. The accompanying $5 million bounty aims to exert additional pressure on the individual responsible for the breach.

In response to the emergency situation, validators held a vote to pause a significant $162 million on the Sui blockchain.

A report from blockchain analytics firm Elliptic, which has insight into the incident, indicated a potential flaw in the automated market maker (AMM) logic. This vulnerability may have facilitated pool price manipulation, potentially enabling flash loan-style attacks. Elliptic is actively monitoring the movement of the stolen assets, documenting attempts to swap funds from USDT to USDC and cross-chain transactions from Sui to Ethereum.

Elliptic’s ongoing analysis includes tracing all transactions initiated from the exploit to the attacker’s wallets on Ethereum. The hacker’s address has been flagged across major exchanges and virtual asset service providers to obstruct any further attempts to launder or transfer the stolen assets.