Cetus, a decentralized exchange (DEX) built on the Sui blockchain, has reportedly suffered a massive exploit that may have drained more than $200 million worth of digital assets.
Pseudonymous Web3 researcher COMDARE3 posted on X that “users report” that Sui-based DEX Cetus is being exploited.” He also shared a screenshot of Cetus market data on DEX Screener, showing many assets losing well over half of their value over the last 24 hours.
Some tokens, such as Lombard Staked BTC (LBTC) or AXOLcoin (AXOL) lost the near totality of their value on Cetus. The top 15 losers all lost in excess of three-quarters of their price.
Outside Cetus, LBTC appears to have gained over 4% in value over the last 24% according to CoinMarketCap data. Others, such as Axol (AXOL), have not been as fortunate, with CoinMarketCap data showing a loss of nearly 99.5%.
The alleged exploiter’s address contains nearly $52 million of Sui (SUI) tokens, $4.9 million of Haedal Staked SUI (HASUI), over $19.5 million of Toilet (TOILET), nearly $19.5 million of wrapped USDt (USDT) and many other assets.
The official Cetus X profile confirmed that an incident on the protocol was detected, and the smart contract was paused for safety. It added that an investigation is ongoing.
Related: Coinbase hacker trolls ZachXBT onchain after $42.5M THORChain swap
Suspicious fund transfers raise alarm
However, blockchain analysts and compliance firms are raising doubts about the project’s transparency. A representative from AMLBot told Cointelegraph:
“Don’t be fooled by the @CetusProtocol team claiming it’s just a bug, not a hack, Just a bug?”
Related: AI tool claims 97% efficacy in preventing ‘address poisoning’ attacks
The AMLBot representative — referring to statements made by Cetus team members on Discord — further explained that while the Cetus team “is calling this incident ‘just a bug,’ — the timing raises questions.” They added:
“We’re seeing $212 million being bridged to Ethereum at a rate of $1 million per minute. […] While we were talking, [they] drained another $3 million.”
Onchain data service Onchain Lens stated in an X post that “the attacker gained control of all SUI-denominated pools, exploiting over $200M, and has also started moving $USDC.”
Magazine: DeFi’s billion-dollar secret: The insiders responsible for hacks
This is a developing story, and further information will be added as it becomes available.
