Sui’s Cetus Protocol Drained in Massive DeFi Hack—Here’s What Happened

Massive Exploit Hits Cetus Protocol

The Sui blockchain ecosystem is reeling after a staggering $200 million oracle manipulation attack on Cetus Protocol, its largest decentralized exchange. This devastating breach marks one of the most significant exploits in decentralized finance (DeFi) to date, sending ripples through both the Sui community and broader crypto markets.

How the Attack Happened

According to cybersecurity firm Cyvers, the attacker leveraged flaws in Cetus Protocol’s smart contracts. They deployed spoof tokens to distort price curves and mislead reserve calculations. This manipulation enabled them to siphon real assets from several liquidity pools, including the critical SUI/USDC pool.

Currently, the attacker controls approximately $164 million in a Sui wallet and has already transferred $61.5 million worth of USDC to the Ethereum network.

Fallout and Wider Impact

The breach sparked immediate and severe market reactions:

• Meme coins such as Lofi (LOFI), Sudeng (HIPPO), and Squirtle (SQUIRT) plunged by 76%, 80%, and 97%, respectively.
• The Cetus token dropped 53% within an hour.
• A total of 46 Sui-based tokens suffered double-digit losses over 24 hours.

Curiously, SUI—the native token of the Sui network—rose slightly by 2.2% during the chaos.

Growing Threat of Oracle Exploits

This event underscores the rising threat of oracle manipulation in DeFi. In 2022, DeFi platforms lost around $403.2 million to 41 similar attacks. These exploits typically involve inflating token trading volumes to distort prices and drain assets from liquidity pools.

The attack on Cetus Protocol highlights a critical need for stronger protections, especially around smart contracts and price oracles. For DeFi to scale securely, developers must prioritize safety and transparency at the protocol level.