Sui Network Identifies Cetus Hack Cause and Commits $10M to Security

Highlights:

• The problem that led to the Cetus attack was a result of a bug in a math library, not a weakness in Sui or Move.
• Sui froze $162M and set aside $10M for security audits and bug bounties.
• Community concerns arose over decentralization after validators froze suspicious wallets.

Sui blockchain’s investigation has shown that a bug in the math library of the protocol was responsible for the recent Cetus hack. The network provided the update that security wasn’t compromised by malware or weaknesses in the Move programming language used with smart contracts. Last week, the Cetus hack hit the biggest decentralized exchange (DEX) on Sui, shaking up the ecosystem.

Post-Mortem Reveals Root Cause of Cetus Hack

The postmortem report revealed that the attack occurred through a bug in the Cetus Protocol’s math library, which led to the exploit. Due to the bug, hackers took advantage of the DEX and stole $223 million from users. However, Sui pointed out that this error was contained to Cetus and did not show any issues with the Sui network or Move language.

Doubling down on Sui security. A thread 🧵

The root cause of the Cetus incident was a bug in a Cetus math library, not a vulnerability in Sui or Move. But the impact on users is the same. We need to take a holistic perspective and step up our game on supporting ecosystem…

— Sui (@SuiNetwork) May 26, 2025

The network’s response involved blocking $162 million of the stolen funds. Cetus Protocol also announced a bounty of $6 million for the recovery of about $60 million still in darkness. Validators in the Sui ecosystem discovered the wallets in connection with the attack and temporarily restricted any transactions to those wallets.

The report pointed out that a complete security approach is important within the network. Even though Sui provides better safety for smart contract development, what happened poses a serious challenge for the entire ecosystem. The team described it as a “coming-of-age” moment, pointing out that every major blockchain has faced similar setbacks due to human error in code writing.

Security Investments and Community Collaboration

In addition to freezing stolen funds, Sui said they would allot $10 million to strengthen security. The resources will be used for audit checks, expanding bug bounty offerings, and checking important code components using formal verification. The team wants to team up with developers to adjust these measures and stop similar problems from happening again.

We’re kicking this off by committing to spend an additional $10M on security initiatives. These funds will be spent on audits, bug bounty programs, formal verification, and other ways to harden Sui — we’ll figure out the details in collaboration with our developer community.

— Sui (@SuiNetwork) May 26, 2025

The seriousness of the Cetus hack has prompted Sui to raise its security budget. The event showed that dApps and smart contract ecosystems are vulnerable and demonstrated why it is important to have solid safeguards in place. The network urged community members and builders to make use of the event to help improve the protocol.

In addition, Cetus, Sui Foundation, and members of the ecosystem worked together during the recovery. The main purpose of these collaborations was to pinpoint the missing funds and bring them back to the users.

Impact on Decentralization and Cybersecurity Concerns

Some members of the crypto community have started debates about the network’s goals regarding decentralization and censorship resistance. There were discussions about users being concerned that having validators manage wallets could undermine the network’s decentralization.

The incident took place when cybersecurity risks in the crypto space were becoming more frequent. More security incidents and findings of exploits have appeared in 2025, causing many to argue for greater self-regulation within the industry. Moreover, experts stress that coordinating defense actions could help address security risks and reduce the burden of regulations.

During the investigations, it was found that hackers transferred $63 million of the stolen funds into the Ethereum network. They also include wallets used to launder 20,000 Ether, valued at more than $53 million. Consequently, this adds difficulty to the recovery efforts.