Cetus Protocol Offers $6M Bounty to Hacker Following $220M Theft

Highlights:

• Cetus Protocol lost over $220 million in a major DeFi hack.
• Cetus proposed a $6 million incentive to the hacker to return the stolen assets peacefully.
• Hackers exploited smart contract flaws using fake tokens and price manipulation attacks.

The Cetus Protocol, the largest decentralized exchange on the Sui blockchain, experienced a major hack on May 22. The attack resulted in a loss of more than $220 million in digital assets. This incident stands as one of the most significant DeFi breaches recently and has disrupted the Sui ecosystem. Cetus successfully froze $162 million of the stolen assets soon after the attack.

🚨ANNOUNCEMENT

As of earlier today, we have confirmed that an attacker has stolen approximately $223M from Cetus Protocol. We have took immediate action to lock our contract preventing further theft of funds.

$162M of the compromised funds have been successfully paused. We are…

— Cetus🐳 (@CetusProtocol) May 22, 2025

Cetus Offers Hacker a Settlement as Authorities and Sui Team Join Recovery Efforts

On May 22, Cetus announced they identified the attacker’s Ethereum wallet and proposed a “whitehat settlement” to recover user funds. The hacker was requested to return 20,920 ETH along with all frozen Sui assets. In exchange, the hacker may retain 2,324 ETH and avoid prosecution. The agreement is valued at approximately $6 million.

📜 Dear Sui community, thank you for your patience while our team works on the incident investigation and resolution.

Since taking the actions indicated in our previous announcement, we have also done the following:

1. We engaged the broader ecosystem, Sui team, and related… https://t.co/Gs1EWXZ6AD

— Cetus🐳 (@CetusProtocol) May 22, 2025

Cetus warned that the offer is limited by time and will be canceled if the funds are moved or hidden. The team is working with law enforcement and regulators. These include FinCEN, the U.S. Department of Defense, and the Sui Foundation. Cybersecurity firm Inca Digital is leading the talks.

Sui team stated:

“Cetus worked together with the other DeFi protocols, the Sui Foundation, and the Sui validators to collectively protect the ecosystem. A large number of validators identified the addresses with the stolen funds and are ignoring transactions on those addresses until further notice.”

Cetus Protocol Exploit Reveals Smart Contract Flaws

Attackers used weaknesses in Cetus’s smart contracts. They added fake tokens like the BULLA token to the liquidity pools. These fake tokens made the automated market maker (AMM) give the wrong prices. This caused wrong asset swaps. Hackers took real tokens like SUI and USDC in large amounts. The pricing oracle also had problems. This lets attackers change price data. 

Because of this, Cetus’s safety systems did not work. Blockchain experts say the attack was planned and complex. The hackers prepared carefully and used several weaknesses. They made many fast transactions, probably with bots, to stay hidden until the theft was complete. The attackers first stole $11 million from an SUI/USDC pool, then escalated the hack. Hacker moved over $60 million to Ethereum and purchased around 21,900 ETH. Their wallets now hold large amounts of SUI, ETH, and stablecoins.

After the hack, Cetus suspended all smart contracts to protect its platform. The event has sparked fresh concerns about the safety of DeFi projects built on newer blockchains like Sui and Aptos. While these platforms bring innovation, experts caution that complex DeFi code still carries serious security risks.

In April, crypto thefts surged to $90 million from 15 incidents, more than doubling March’s $41 million. The sector is still reeling from February’s massive Bybit hack, which cost over $1.4 billion.