Key Points:
- Cetus, Sui’s largest DEX, was exploited for over $223M using spoof tokens.
- The attacker drained SUI and USDC by manipulating pool logic, bridged the funds to Ethereum, and swapped $58.3M USDC for 21,938 ETH.
- Cetus fell 30% and SUI dropped over 5% according to CoinMarketCap.
Cetus Protocol, the largest decentralized exchange (DEX) on the Sui (SUI) network, representing approximately 88% of total DEX volume on SUI, suffered a major exploit on May 22, resulting in the loss of over $223 million from its liquidity pools. Cetus responded by pausing its smart contracts and is working with the Sui Foundation to recover the funds. The team claims to have frozen $162 million of the stolen amount. Other major DEXs like Bluefin and Momentum temporarily suspended operations during the exploit, but have since resumed normal activity.
The attacker used spoof tokens to manipulate price curves and reserve logic, enabling the withdrawal of SUI and USDC. The exploit wallet, according to Lookonchain’s X post, has converted stolen assets to USDC and bridged to Ethereum, where they’ve already used $58.3M USDC to buy 21,938 ETH at $2,658 each.
How the $223M Cetus Hack Was Pulled Off — Explained Simply
The recent hack on Cetus, the biggest decentralized exchange (DEX) on the Sui network, wasn’t your typical code exploit. Instead, the attacker used smart manipulation of token pricing logic inside the DEX to drain real funds, mainly SUI and USDC.
Here’s how they did it, step by step:
1. They Created a Fake Token
The hacker created tokens like AXAI, made to look real but worthless. These tokens were under the hacker’s full control, meaning they held the maximum supply. The images below were taken from Sui scan.
2. They Built a Liquidity Pool
On Cetus, anyone can create a trading pool. The hacker made a pool with:
- 1,000,000 AXAI (worthless)
- 1 SUI (real money)
To the smart contract, this meant 1 AXAI = 0.000001 SUI, even though AXAI had no actual value.
3. They Manipulated the Price
By adding or swapping tiny amounts of AXAI, they tricked the DEX into thinking AXAI was worth more. This is because DEXs like Cetus use math, not real-world prices, to determine value. The system has no idea AXAI is fake, it just sees numbers.
4. They Swapped Fake for Real
Now that the price of AXAI looked valuable to the DEX, the attacker swapped large amounts of AXAI for real SUI from the liquidity pool. No real buyer was involved — the DEX itself gave away the SUI, thinking it was a fair trade.
5. They Repeated the Process
They created multiple spoof tokens and pools, doing the same trick over and over. Each time, they pulled out more SUI and USDC, eventually draining over $220 million worth of tokens.
HackenProof’ – bug bounty and crowdsourced audit platforms – CTO posted:
The Cetus hacker also used Hyperliquid as part of the laundering process, sending stolen funds through the DEX to swap assets and obscure the money trail after bridging from Sui to Ethereum.
The incident triggered immediate price drops:
- Sui-based tokens such as BULLA and MOJO fell by over 90%
Moreover, a rapid collapse in token prices was observed on Cetus, indicating a liquidity crisis and loss of trader confidence following the recent exploit.
Industry Voices Weigh In:
Binance founder CZ stated that his team has reached out to assist.
