Cetus Protocol Suffers $260M Hack, SUI DeFi Ecosystem Shaken as Tokens Crash

What to Know

• Cetus Protocol, the leading decentralized exchange on the Sui blockchain, suffered a $260 million exploit.
• Hackers used spoof tokens to manipulate liquidity pool mechanisms and extract real assets like SUI and USDC.
• The team paused all smart contracts, and CETUS, the protocol’s native token, dropped 40% in hours.
• Sui-based meme tokens including BULLA and MOJO plummeted over 90% in value.
• The attacker’s wallet shows signs of actively moving funds to hide and possibly launder the stolen assets.

Cetus Protocol Suffers One of the Largest Exploits in Sui Network History

The Sui blockchain’s largest decentralized exchange and liquidity provider, Cetus Protocol, has been hit by a massive exploit estimated at $260 million. The attacker used spoof tokens to manipulate pricing mechanisms and drain liquidity pools, causing chaos across the Sui-based DeFi ecosystem.

According to on-chain data analysis, the exploit has led to the pause of smart contracts on Cetus, a halt in trading activities, and a devastating crash in the value of its native token and associated meme coins. The hack has not only rocked the protocol but also exposed vulnerabilities in Sui’s broader decentralized finance infrastructure.

Spoof Tokens and Broken Price Curves: How the Hack Happened

The exploit was initially detected by blockchain analytics platform Lookonchain, which flagged suspicious activity from a wallet now identified as 0xe28b50. The wallet currently holds more than 12.9 million SUI, worth around $54 million, while its overall net worth exceeds 32.9 million SUI, or approximately $137 million.

Preliminary investigations suggest that the attacker launched the exploit by using spoof tokens, such as BULLA, which were designed to exploit weaknesses in Cetus Protocol’s price curve calculations and reserve logic. By taking advantage of these flaws, the hacker could initiate trades with tokens that held no real value while extracting valuable assets like SUI and USDC.

The attacker reportedly added minimal or near-zero amounts of liquidity into pools to manipulate internal states. After injecting spoof tokens, they used these manipulated LP (liquidity provider) states to repeatedly withdraw real assets from the platform.

Liquidity Pools Drained as Sui DeFi Tokens Collapse

As a result of the exploit, nearly all major liquidity pools on Cetus have been drained. The attacker’s wallet remains active and appears to be rapidly moving the stolen funds through various swap paths and possibly bridges — a common tactic to obfuscate fund trails and hinder recovery efforts.

Following the incident, Cetus Protocol took immediate action by pausing all smart contracts, citing user safety as the priority. The team also announced on X (formerly Twitter) that a more detailed explanation of the exploit and mitigation plans will be released shortly.

Meanwhile, the protocol’s native token, CETUS, has nosedived, plunging over 40% in a matter of hours. Sui-based meme coins such as BULLA and MOJO have seen even more extreme crashes, losing over 90% of their value amid the chaos and loss of trust.

Binance and Community Respond as Investigation Continues

In the wake of the attack, Binance founder Changpeng Zhao (CZ) revealed that his exchange had reached out to the Sui network to offer assistance. While no official partnerships have been confirmed yet, the crypto community is closely watching for potential recovery or reimbursement plans that might help affected users.

At the time of writing, the attacker’s wallet is still active, and there are growing concerns that the stolen funds may already be in the process of being laundered across multiple chains. Blockchain sleuths and cybersecurity teams are continuing to track the wallet and its activities, but recovery may be difficult if the attacker uses privacy tools or decentralized mixers.

Security Questions Mount for Sui’s DeFi Ecosystem

This exploit poses a significant blow to the credibility of the Sui blockchain’s DeFi ecosystem, which had been gaining momentum as a newer player in the Layer 1 space. Cetus, as the largest DEX and liquidity provider on Sui, was considered a cornerstone of the network’s decentralized infrastructure.

The fact that the exploit could occur through simple spoof token manipulation and broken LP math raises serious concerns about the protocol’s underlying security audits and smart contract design. It also underscores the inherent risks of interacting with new or rapidly growing DeFi ecosystems, especially those lacking mature, time-tested infrastructure.

Investors, developers, and users across the Sui network are now anxiously awaiting both the official post-mortem from Cetus and possible statements from the Sui Foundation.

What Happens Next?

There are several potential developments that could shape the aftermath of this exploit:

• A detailed security audit and post-mortem from the Cetus team that explains how the exploit occurred and what changes will be made to prevent a repeat.
• Possible legal action or collaboration with centralized exchanges to freeze assets or track fund movement.
• Recovery fund or reimbursement initiatives, though these depend on how much can be recovered or sourced from Cetus reserves.
• Increased scrutiny of other DeFi projects on Sui, potentially leading to a broader loss of user confidence across the network.

Why It Matters

The $260 million Cetus Protocol exploit is a stark reminder of how vulnerabilities in smart contract design and liquidity mechanisms can lead to catastrophic losses in DeFi. As the largest DEX on the Sui network, Cetus played a vital role in powering its ecosystem — making the consequences of this hack even more severe.

With CETUS down over 40% and meme tokens crashing beyond 90%, the incident has exposed major weaknesses in the current DeFi infrastructure on Sui. The full impact is yet to be seen, but one thing is certain: restoring trust in Sui’s ecosystem will take time, transparency, and rigorous security improvements.

If you’re active in DeFi or investing in Sui-based assets, this incident is a wake-up call. Risk management, smart contract auditing, and due diligence have never been more important.