On May 22, the Sui blockchain ecosystem was rocked by a major security incident involving Cetus Protocol — its leading decentralized exchange (DEX) and liquidity hub. The CETUS token plummeted nearly 70% in a matter of hours, triggering panic across the network and raising urgent questions about the resilience of one of crypto’s most hyped ecosystems.
Chainalysis data confirmed that hackers had exploited vulnerabilities in Cetus’ liquidity pools, draining over $260 million** in assets — a sum exceeding both the protocol’s total value locked (TVL) of $240 million and CETUS’s market cap of $180 million. The attacker gained control of all SUI-denominated LP positions, swiftly converting stolen funds into USDC and bridging approximately 60 million USDC** to Ethereum, where they were swapped for ETH.
The malicious wallet address — 0xe28b50cef1d633ea43d3296a3f6b67ff0312a5f1a99f0af753c85b8b5de8ff06 — currently holds large amounts of SUI, USDT, and tokens like WAL and DEEP, underscoring the broad scope of the breach.
Despite initial silence from the Cetus team, a member later claimed in the project’s Discord that no funds were “stolen,” attributing the collapse to an oracle bug rather than a direct exploit. However, on-chain evidence contradicts this narrative, with real-time transaction trails showing systematic fund extraction and cross-chain movement.
Sui Foundation has pledged full support for the ongoing investigation and promised timely updates, but confidence in the ecosystem is waning as users question both technical safeguards and team accountability.
👉 Discover how leading DeFi platforms maintain security amid rising threats.
A Troubling Pattern: Same Team, Past Breach?
Adding fuel to the fire, community researchers quickly pointed out that Cetus Protocol shares development ties with Crema Finance, a defunct DeFi platform on Solana that suffered a nearly identical attack in July 2022.
Back then, Crema lost over $8 million** after being targeted via a Solend-based flash loan attack — the same mechanism suspected in the Cetus exploit. In a controversial resolution, the hacker returned most of the stolen assets in exchange for keeping **45,455 SOL (~$1.65M) as a bounty.
While there is no official confirmation linking the two teams, similarities in architecture, naming conventions, and now attack vectors have intensified scrutiny. For investors, this raises red flags about due diligence and whether past lessons were truly learned.
Could history be repeating itself? And more importantly — who bears responsibility when legacy risks resurface in new ecosystems?
Dominant DEX, Fragile Foundation?
Cetus wasn’t just another DEX on Sui — it was the central liquidity engine. According to DeFiLlama, Cetus accounted for over 60% of all DEX trading volume on Sui prior to the hack. Its collapse didn’t just damage one protocol; it destabilized the entire ecosystem’s financial infrastructure.
Since March 2024, Sui has been riding a bullish wave fueled by aggressive marketing, high-profile partnerships, and strong retail interest. Tokens like CETUS, DEEPBOOK (DEEP), and WOO Network (WAL) surged alongside rising transaction volumes, earning Sui comparisons to Solana during its 2021 breakout.
But beneath the surface, concerns lingered.
Dune Analytics data reveals persistent signs of wash trading on Sui — with a single wallet sometimes responsible for disproportionate volumes. One analysis showed that flow toxicity, a measure of manipulative trading behavior, hovered near 50% for extended periods. This helps explain why many observers remarked: “There’s nothing real on Sui — yet everything keeps going up.”
In such an environment, organic growth becomes hard to distinguish from artificial momentum. When trust evaporates — as it did on May 22 — even inflated metrics can’t prevent a sharp correction.
Can SUI Rebound After the Breach?
Despite the shock, early indicators suggest the ecosystem may not be down for good.
Data from CoinGecko shows that while SUI, DEEP, WAL, and CETUS all suffered immediate sell-offs following the news, prices have since stabilized. Trading activity remains elevated compared to pre-hack levels, and several new liquidity initiatives have emerged from independent teams aiming to fill the void left by Cetus.
The Sui Foundation now faces a pivotal moment. To maintain its reputation as a “strong-hand” chain — resilient against volatility and backed by decisive action — it must deliver transparent recovery plans, possibly including:
- Emergency liquidity incentives
- Audits across top-tier protocols
- Bug bounty expansions
- Governance reforms for compromised projects
Sui’s ability to recover will hinge not just on technical fixes but on restoring community trust.
👉 Learn how blockchain ecosystems rebuild after major exploits.
Frequently Asked Questions (FAQ)
Q: What caused the Cetus Protocol hack?
A: While the team cited an "oracle bug," on-chain evidence suggests a flash loan attack exploiting pricing discrepancies in SUI-based liquidity pools. Investigations are ongoing.
Q: Is my SUI or DEEPBOOK investment safe now?
A: The broader Sui network remains secure. However, always use trusted protocols, enable two-factor authentication, and avoid overexposure to single platforms — especially those with limited audit history.
Q: Was Cetus Protocol built by the same team as Crema Finance?
A: No official confirmation exists, but strong architectural and personnel overlaps have been noted by community analysts. Both projects share similar design flaws and attack patterns.
Q: How much money was stolen in the Cetus attack?
A: Over $260 million was extracted from LP pools — making it one of the largest DeFi hacks of 2025 so far.
Q: Can decentralized exchanges prevent such attacks?
A: Yes. Measures like circuit breakers, time-weighted average price (TWAP) oracles, rate limiting, and third-party security audits can significantly reduce risk exposure.
Q: What should DeFi users do after a major protocol breach?
A: Immediately withdraw funds if possible, monitor official channels for updates, avoid panic selling, and diversify across multiple chains and platforms to reduce systemic risk.
The Road Ahead for Sui
The $260 million Cetus exploit is more than a financial loss — it’s a stress test for Sui’s maturity as a Layer 1 contender.
To survive and thrive, the ecosystem must shift from hype-driven growth to sustainable innovation. That means prioritizing code audits, incentivizing real user activity over synthetic volume, and fostering accountability among core developers.
For traders and investors, this event underscores a timeless truth: high returns often come with high risk, especially in emerging chains where fundamentals lag behind price action.
Yet history also shows that resilient networks can emerge stronger after crises — provided leadership acts swiftly and transparently.
As Sui navigates this crisis, all eyes will be on how it balances decentralization with damage control — and whether it can reclaim its status as a top-tier smart contract platform.
👉 Stay ahead of DeFi risks with real-time market intelligence.