Recent Developments from Cetus Following Severe Hacker Attack
Decentralized exchange Cetus, which recently suffered a serious hacking attack, announced the latest developments last night (23). The official statement indicated that they have yet to receive communication from the hacker. Therefore, they are offering a reward of $5 million to anyone who can successfully assist in identifying and apprehending the hacker. This announcement was met with criticism from on-chain detective Zach.
Background of the Incident
The largest decentralized exchange (DEX) and liquidity provider on the Sui blockchain, Cetus Protocol, recently experienced a severe hacking incident that occurred on May 22, 2025, resulting in losses totaling $220 million, making it one of the most significant hacking events in the DeFi space this year.
Review of Event Progress
The attack led to the draining of multiple liquidity pools on the Cetus platform, primarily involving assets such as SUI and USDC. Following the incident, several tokens within the Sui ecosystem experienced significant price fluctuations, with tokens like HIPPO, LOFI, and SQUIRT witnessing price drops of 75% to 97%. The price of Cetus’s own token, CETUS, also plummeted by over 40%, while the SUI token’s price decreased by approximately 15%, falling from $4.18 to between $3.65 and $3.90. Additionally, other protocols in the Sui ecosystem, such as Bluefin and Momentum DEX, temporarily suspended some activities due to security concerns, highlighting the incident’s impact on the entire ecosystem.
According to investigations, the hacker exploited a vulnerability in the centralized liquidity market maker (CLMM) system within Cetus’s smart contracts, specifically an arithmetic overflow issue in the “tick account,” leading to incorrect calculations of liquidity extraction values. The hacker manipulated price curves and reserves using forged tokens (such as BULLA and MOJO), allowing them to withdraw substantial real assets with almost zero liquidity injected.
After the attack, the hacker quickly converted the stolen assets into USDC and transferred approximately $60 million to Ethereum via a cross-chain bridge, exchanging it for 21,938 ETH. Upon discovering the anomalies, the Cetus team immediately suspended the smart contracts to prevent further losses and began an investigation in collaboration with the Sui Foundation and a blockchain security firm. Validators on the Sui network successfully froze about $160 million of the stolen funds, preventing further transfers. Additionally, Cetus had previously offered a “white hat bounty” of $6 million to the hacker in hopes of recovering 20,920 ETH and other assets in exchange for immunity from legal action.
Cetus’s Latest Announcement: $5 Million Bounty for Hacker
Last night (23), Cetus officially updated the latest developments of the incident via the X platform, stating that they have not yet received any communication from the hacker. Therefore, they are offering a $5 million bounty for anyone who can provide valid information (including name, location, and evidence) that successfully assists in identifying and apprehending the hacker:
Update: We have not received any communication from the hacker. We encourage the hacker to sincerely consider our offer terms. At the same time, with the support of Inca Digital and financial backing from the Sui Foundation, we are announcing a $5 million bounty for anyone who can provide valid information (including name, location, and evidence) that successfully assists in identifying and apprehending the hacker. Relevant information can be submitted via email to [email protected], with the subject line marked as “Cetus lead.” If the hacker is willing to cooperate and accept our proposal, as we hope, we will not take any further legal action or pursue claims, including the cancellation of this $5 million bounty. The Sui Foundation will decide whether to pay the bounty.
UPDATE: We have not received any communication from the hacker. We encourage the hacker to sincerely consider our offer terms. Simultaneously, with the support of Inca Digital and financial support from Sui Foundation, we are announcing a bounty of $5M for relevant information… — Cetus (@CetusProtocol) May 23, 2025
ZachXBT’s Critique: Capable Individuals Don’t Settle for Such Low Rewards
Under the bounty post on X, renowned on-chain detective ZachXBT was naturally tagged by many, but he responded with a serious and somewhat critical tweet, expressing disdain for the $5 million offer as being “disrespectful”:
“The condition of ‘paying $5 million only upon success’ is a terrible deal. Any competent company would not accept such a fee structure. What about the hours of work that need to be put in at the start? Essentially, the victim bears no risk at the outset, while those trying to help have to risk wasting their time and energy. This is fundamentally unequal. This vague ‘bounty’ system is harmful to the entire industry. It only creates a facade of ‘we are handling it’ while failing to attract any truly capable individuals to participate. A reasonable compensation structure should achieve two things:
- Charge on time to compensate for the hours invested;
- Incentivize results using a success-based reward ratio (contingency).
This is precisely the payment method used by all top companies. Moreover, there are many factors indicating that these ‘bounties’ are fundamentally unfair:
- What if the attacker is in a jurisdiction that is extremely difficult to navigate?
- What if law enforcement cannot recover all funds during the arrest process?
- And so on.
Zach’s comments resonated with many netizens and on-chain analysts, who believe that the idea of offering $5 million and expecting someone to “find the real culprit” is highly irresponsible.
CETUS Token Price Yet to Recover
Following the hacking incident, the price of the CETUS token significantly dropped, with a decline exceeding 40%, hitting a near one-month low. As of the time of writing, the CETUS token price has not yet recovered, currently standing at $0.1627, with a 24-hour drop of 6.2%, giving it a market capitalization of approximately $118 million. Meanwhile, the SUI token price has also been affected for the first time, currently at a near weekly low of $3.67, with a 24-hour drop of 6.5% and a market capitalization of about $12.2 billion.
Related Reports
- Sui Ecosystem: $Cetus Token Launchpad “Oversubscribed by 66 Times,” Binance SUI Loan Annual Rate Hits -327%
- Cetus: A Comprehensive Analysis of the Efficient Liquidity Protocol on Both Sui and Aptos Blockchains
- Ranking Released! Taiwan Blockchain’s “30 Most Influential People of the Year”: 2025 Market Key Predictions, Web3 Trend Analysis