Cetus Protocol Loses Over $260 Million in Devastating Sui Blockchain Exploit

A major security breach has rocked the Sui blockchain’s DeFi space, as Cetus Protocol—the prominent decentralized exchange (DEX) and liquidity provider—suffered an exploit causing losses topping $260 million in tokens. The incident unfolded quickly, exposing serious flaws in how the protocol manages liquidity pools and price calculations.

The attack centered on a single wallet, known by its address 0xe28b50, which now holds more than 12.9 million SUI tokens—roughly $54 million in value. But blockchain forensics reveal that this wallet didn’t stop there. It has already moved assets around, boosting its net exposure to an eye-popping 32.9 million SUI, or around $137 million. The wallet is still active, suggesting the attacker is scrambling to obscure their trail by shifting assets across multiple blockchains and DeFi platforms.

Cetus Protocol’s team took to X (formerly Twitter) to confirm the breach, announcing that they’ve paused smart contracts to prevent further damage while a full investigation is underway. Early findings indicate the attacker exploited spoof tokens such as BULLA to manipulate internal pricing mechanisms and liquidity math—effectively gaming the system to drain pools.

A well-known on-chain analyst, @d0rsky, laid out the hacker’s playbook in detail:

• The attacker swapped fake tokens like BULLA for SUI, leveraging broken price logic.

• Injected tiny amounts of liquidity just enough to trick the protocol.

• Repeatedly extracted valuable tokens like SUI and USDC with minimal input.

This technique left many liquidity pools on the Sui network wiped out, leading to a sharp crash in token prices. CETUS itself fell by 40% immediately after the exploit was discovered. Meanwhile, meme tokens tied to Sui such as BULLA and MOJO plummeted over 90% in value, wiping out gains for many investors.

But the fallout is bigger than Cetus. Experts warn this exploit shines a harsh light on vulnerabilities within Sui’s broader DeFi infrastructure. It’s not just one protocol at risk—systemic weaknesses could affect other projects unless swift action is taken.

Binance CEO Changpeng Zhao, known as CZ, publicly acknowledged the crisis and confirmed that Binance’s team is offering support to Sui’s developers to help manage the aftermath. This kind of cross-industry cooperation is rare but critical given the scale of losses and potential contagion effects.

How the Exploit Unfolded and Why It Matters

To get how the attacker pulled this off, it’s worth looking at the mechanics of Cetus’s liquidity pools. These pools rely on algorithms that calculate token prices based on supply and demand inside the smart contracts. But if an attacker can manipulate inputs—like spoof tokens that mimic real ones—the system’s math can be thrown off.

The attacker’s wallet made a series of swaps involving these fake tokens, manipulating the price curves that decide how much one token is worth against another. By injecting tiny liquidity that appeared legit, they tricked the pool state into valuing tokens inaccurately. Then they exploited these mispriced tokens to drain large amounts of actual assets.

Here’s a quick snapshot of the losses, based on blockchain data and market prices:

The damage spread quickly. Investors saw their holdings in Cetus and associated tokens crater overnight. Social media buzzed with disbelief, and the usual questions surfaced: how did this slip through audits? What safeguards were missing?

What This Means for Sui and DeFi at Large

Sui, once hailed for its high-speed blockchain innovations, now faces a harsh test of its ecosystem’s security. This breach could shake user confidence not only in Cetus but in other protocols running on the platform.

CZ’s intervention signals the severity of the situation. Binance’s backing could help stabilize the ecosystem, but recovery will hinge on clear communication, thorough fixes, and steps to prevent similar exploits.

The incident also raises broader concerns for DeFi projects. If a sophisticated attacker can abuse pricing logic and liquidity pool mechanics on a major blockchain, how many other platforms are vulnerable? It’s a wake-up call for developers to rethink risk models and for investors to approach DeFi with caution.

Moving Forward: Can Sui Bounce Back?

The speed of Cetus’s response so far—pausing contracts and launching investigations—is encouraging, but the road ahead is uncertain. Stakeholders want transparency on the breach details and what will be done to patch these critical flaws.

Meanwhile, traders and liquidity providers are nervously watching token prices and market liquidity. Recovery won’t be quick if confidence remains shaky.

Will Cetus and Sui emerge stronger? Or will this hack mark a turning point, pushing users toward more battle-tested blockchains? The answers will unfold in the weeks ahead.