Cetus Protocol Suffers $200M Exploit, Freezes Trading as Tokens Crash 80%

Oracle Bug Suspected as DeFi on Sui Faces Confidence Crisis

Cetus Protocol, a leading decentralized exchange on the Sui blockchain, has come under intense scrutiny after suffering a catastrophic exploit on May 22, 2025. The incident resulted in an approximately $200 million loss from its liquidity pools, crippling trading operations across the platform and triggering a near-total collapse in token prices. 

While early speculation hinted at a potential hack, growing chatter among users suggests an oracle malfunction may have been the real cause—though no official confirmation has been issued by the Cetus team.

The exploit was detected during early trading hours, prompting Cetus to immediately pause all smart contract activity. According to a public statement released via X, the team acknowledged an “incident” and assured users that an investigation was underway. 

However, the message offered no clarity on the exact nature of the breach. Conflicting reports have since emerged, with some users alleging that the issue stemmed from an oracle bug—an error in the pricing feed that smart contracts rely on for executing trades. Despite the mounting speculation, the lack of a definitive statement has left room for uncertainty, further compounding user anxiety.

Liquidity on the platform evaporated almost instantly following the exploit. Multiple pools, including those not directly targeted, saw their reserves drained or abandoned, forcing the exchange to freeze all trading functions. Cetus’s role as a core liquidity provider on Sui meant the impact reverberated across the ecosystem. 

Token prices tied to its pools plummeted by as much as 80%, sharply distorting the crypto price index and causing serious divergence in coin market cap valuations across decentralized and centralized platforms. SUI itself held relatively stable on centralized exchanges, but its price on Cetus DEX dropped drastically due to the depleted liquidity and halted swaps.

Early damage assessments painted varying pictures of the fallout. Some observers initially estimated as much as $200 million drained across all Cetus pools, though on-chain analysis later narrowed the quantifiable loss to $11 million, focusing specifically on the SUI/USDC pair. Regardless of the final figure, the shockwave sent through the coin market cap landscape was unmistakable. DeFi protocols on Sui rely heavily on Cetus for trading infrastructure, and the abrupt shutdown has sparked a wave of concern about the broader reliability of DeFi security on newer blockchains.

The exploit not only paralyzed user activity but also exposed deeper vulnerabilities in smart contract design and real-time anomaly detection—especially in environments where external data like pricing oracles feed directly into contract logic. With no confirmed resolution timeline, users have been urged to remain cautious. The team behind Cetus continues to analyze the breach, with the method of attack still undisclosed as of the latest updates.

New evidence from blockchain security firm PeckShield has revealed the full scale of the damage caused by the exploit targeting Cetus Protocol on May 22. Approximately $200 million worth of assets were drained from liquidity pools on the DEX, making it one of the most devastating DeFi breaches ever recorded on the Sui blockchain. The attack was initially cloaked in uncertainty, but has now been confirmed as an oracle manipulation exploit involving spoof tokens that tricked the protocol’s pricing mechanisms.

Cyvers Security CEO Deddy Lavid confirmed the attackers deployed counterfeit tokens to interfere with price curves and reserve calculations, fooling the protocol’s oracle system into mispricing liquidity pools. This tactic allowed the exploiters to systematically siphon real assets—including the SUI/USDC pool—before converting the stolen funds into USDC and bridging them to other chains. As of the latest blockchain tracking data, $164 million remains in the attacker’s Sui wallet, while $61.5 million in USDC has already been transferred to Ethereum. The use of stablecoin USDC was critical to their laundering strategy, enabling swift conversion and cross-chain movement.

The impact on token prices has been staggering. Native tokens across Sui’s ecosystem collapsed in response to the exploit. LOFI plunged 76%, HIPPO fell 80%, SQUIRT cratered by 97%, and CETUS dropped 53%. A total of 46 tokens suffered double-digit losses within 24 hours, undercutting the broader crypto price index for the Sui ecosystem and shaking confidence in the coin market cap valuations tied to DEX liquidity.

Behind closed doors, leaked Discord messages from Cetus developers indicate they initially suspected a bug in the oracle’s behavior. 

But as community speculation swirled, Cyvers' independent analysis confirmed this was not an internal misconfiguration, but rather a textbook oracle manipulation exploit. The use of spoof tokens to distort price feeds represents a known and preventable vector in DeFi, drawing criticism toward Cetus for its apparent lack of mitigation safeguards.

Industry observers and investigators expressed frustration at what they viewed as a slow institutional response. On-chain sleuth ZachXBT criticized USDC issuer Circle for failing to act quickly enough, referencing previous incidents in which delayed responses hindered fund recovery. Deddy Lavid echoed this sentiment, stating that repeated real-time alerts sent by Cyvers have been largely ignored by stablecoin issuers, with many opting to act only after detailed post-mortem analyses. “In this threat environment, delay is indistinguishable from inaction,” Lavid said.

Sui Network itself has remained largely silent on the exploit. When asked for comment, a network spokesperson declined to respond, instead pointing media inquiries to previously issued public posts on X. The protocol’s official stance has provided little additional insight, leaving community members searching for accountability in a fast-moving crisis.

Despite the scale of the exploit and the sharp drawdowns across DeFi tokens, the market response to the SUI token was unexpectedly positive. Within 24 hours of the breach, SUI’s price rose by 2.2%, a move that some analysts interpret as resilience, while others suggest it reflects a delayed reaction or speculative positioning.

Crypto influencers have begun weighing in, with former Binance CEO Changpeng Zhao noting, “Not a pleasant situation. Hope everyone stay SAFU!” His post fueled speculation that Binance-affiliated resources may be quietly engaged in monitoring the situation or assisting in fund recovery. 

Still, with $200 million gone and confidence shaken, the Sui DeFi ecosystem faces mounting pressure to overhaul its oracle systems, smart contract audits, and real-time risk response strategies.

This incident could have long-term implications for developer confidence and investor interest in the Sui blockchain’s DeFi ecosystem. As one of the primary exchanges underpinning DeFi on Sui, Cetus’s failure to safeguard liquidity has cast doubt on the network’s protocol composability and operational resilience. The community now waits for a full forensic breakdown to determine whether this was the result of a malicious actor exploiting a loophole—or a critical misfire in oracle integration.

This article has been refined and enhanced by ChatGPT.