Crypto news

Cetus DEX releases post-mortem, outlines recovery plan following $223M exploit

BBG News

How a $223 Million Heist Turned Cetus into a Cautionary Tale! 💸😱

Ah, Cetus! The shining star of decentralized exchanges on the Sui network, recently found itself in a bit of a pickle—more like a $223 million pickle, to be precise. On May 22, a crafty hacker decided to play a game of “let’s see how much I can steal” with Cetus’s concentrated liquidity market maker pools. Spoiler alert: they won big! 🎰

In a post-mortem report released on May 26, Cetus laid bare the details of this unfortunate incident. Apparently, the whole debacle stemmed from a vulnerability in an open-source library used in their smart contracts. Who knew that a little oversight in a library could lead to such a colossal mess? It’s like leaving the front door wide open and wondering why the raccoons are throwing a party in your living room.

The hacker, with the finesse of a cat burglar, exploited a feature known as a flash swap. This nifty little trick allows users to borrow tokens as long as they promise to pay them back in the same transaction. It’s like borrowing a cup of sugar but instead, you’re borrowing a truckload of tokens to distort pool prices, add fake liquidity, and then make off with the real stuff. Talk about a heist worthy of a Hollywood blockbuster! 🎬

Cetus, in its infinite wisdom, pointed out that the root of the problem was an error in a third-party code library. Apparently, the system was a bit too trusting and didn’t properly check for potential overflows. It’s like letting a toddler handle a jar of cookies—chaos is bound to ensue! 🍪

“This issue has nothing to do with the MAX_U64 arithmetic bug flagged in previous audits,” Cetus clarified, as if that would calm the community’s nerves. “The root cause was a faulty left-shift overflow check that incorrectly validated values beyond safe limits.” Well, that’s reassuring, isn’t it? 🙄

In a heroic twist, the Cetus team detected the strange activity within a mere 10 minutes of the hack and promptly paused trading. They even contacted Sui (SUI) validators, who voted to freeze the attacker’s wallets. This valiant effort managed to stop about $162 million of stolen funds from being whisked away. Unfortunately, the rest had already taken a little detour to Ethereum (ETH). Oops! 🚧

Now, Cetus is rolling up its sleeves to re-audit its contracts, improve monitoring systems, and devise a plan to help users recover their lost funds. They’re also collaborating with ecosystem partners on a liquidity recovery plan. It’s like a group project in school, but instead of a poster board, they’re trying to save millions. 📊

The incident did cause a bit of a ruckus, with the total value locked on the Sui network plummeting from $2.13 billion to around $1.92 billion. CETUS, the platform’s token, took a nosedive of 40%, and USD Coin (USDC) briefly lost its dollar peg. It’s like watching your favorite stock crash and burn in real-time. 📉

Some community members praised the swift response from Sui validators, while others raised eyebrows at the fact that the ability to freeze wallets might indicate a lack of decentralization. And in a surprising twist, Cetus even reached out to the hacker with a $6 million “white hat” bounty, inviting them to return the funds, keep the reward, and avoid legal action. Because who wouldn’t want to be a hero for a cool six million? 🦸‍♂️

Read More

2025-05-27 09:46

Previous post DARKEST DAYS Review: A Zombie Survivor that leaves you longing for more
Next post Sam Bankman-Fried: The Early Bird Gets the Freedom? 🕊️