HQ/EMEAFind out how we can help your business
In a major cryptocurrency heist, decentralised exchange Cetus Protocol has confirmed that hackers stole an estimated $223 million in digital assets. The incident has alerted the crypto community and prompted swift responses from Cetus Protocol and blockchain security firms.
Cetus Protocol, which operates on the Sui and Aptos blockchains, temporarily paused its smart contracts following the attack to investigate. The exchange revealed that $162 million of the compromised funds have since been successfully frozen, thanks to a swift emergency vote by Sui validators.
The platform, known for using a Concentrated Liquidity Market Maker (CLMM) model to improve trading efficiency, has facilitated $57 billion in trading volume and over 144 million trades from 15 million accounts to date.
The cryptocurrency heist exploited a code vulnerability in Cetus Protocol, enabling cross-chain fund movements and potential price manipulation.
According to the initial findings, the attacker exploited a vulnerable package within Cetus Protocol’s code. Although specific technical details remain undisclosed, blockchain analysts believe the exploit involved flaws in the automated market maker (AMM) logic, which may have allowed for pool price manipulation and flash loan-style attacks. The attacker also attempted to move the stolen funds across chains, converting USDT to USDC and transferring assets from the Sui network to Ethereum.
Cetus Protocol has taken several steps in response. It has identified the hacker’s Ethereum wallet address, flagged it across major crypto exchanges and service providers, and is working with law enforcement and industry partners to track and freeze the stolen assets.
In an effort to recover the funds without further legal action, the platform has offered the hacker a “time-sensitive whitehat settlement”. This proposal promises to drop all legal proceedings if the funds are returned. In addition, a $5 million bounty will be awarded to anyone who can provide knowledge leading to the perpetrator’s identity and arrest.
“We fixed the affected package and worked with the community to warn others as quickly as possible,” Cetus Protocol stated, urging ecosystem members to remain vigilant.
As investigations continue, this situation stresses ongoing security vulnerabilities in decentralised finance platforms. The situation must remind investors and developers alike to prioritise robust cybersecurity measures in the ever-evolving world of digital finance.
The full impact of the cryptocurrency heist is still unfolding, but efforts from both the public and private sectors aim to ensure accountability and reduce future risks.
