The Cetus Exchange, a decentralized exchange (DEX) operating on the Sui blockchain, is embroiled in controversy after an alleged exploit drained up to $200 million in user funds. While the Cetus Exchange team insists the incident was merely a “bug,” blockchain investigators and users are raising serious concerns about the platform’s security and transparency.
Rapid asset drainage sparks panic
On-chain data first flagged by pseudonymous Web3 researcher COMDARE3 showed multiple assets on the Cetus Exchange plummeting in value within hours. Tokens like Lombard Staked BTC (LBTC) and AXOLcoin (AXOL) lost nearly all their worth, while the top 15 listed assets dropped by over 75%.
A screenshot from DEX Screener revealed alarming liquidity withdrawals, with one exploiter’s address holding:
-
$52 million in Sui (SUI)
-
$4.9 million in Haedal Staked SUI (HASUI)
-
$19.5 million in Toilet (TOILET)
-
$19.5 million in wrapped USDT
The Cetus Exchange team acknowledged an “incident” on their official X (formerly Twitter) account, stating that they had paused smart contracts as a precaution. However, their vague wording—calling it a “bug”—only fueled skepticism.
Analysts challenge “bug” explanation
Blockchain compliance firm AMLBot disputed the Cetus Exchange team’s claims, suggesting the incident was a coordinated exploit rather than a technical glitch.
“Don’t be fooled by the @CetusProtocol team claiming it’s just a bug, not a hack,” an AMLBot representative told Cointelegraph. “The timing raises questions—212 million was bridged to Ethereum at 1 million per minute. While we were talking, another $3 million vanished.”
On-chain analytics platform Onchain Lens corroborated these findings, reporting that the attacker had gained control of all SUI-denominated pools, siphoning over $200 million before moving funds into USDC.
Users demand answers
The Cetus Exchange Discord channel erupted with frustration as traders demanded clarity. One user, @DeFiSleuth, posted:
“If this was just a ‘bug,’ why is there a trail of funds moving to Ethereum? Bugs don’t bridge assets.”
Another trader, @CryptoChainWatcher, shared:
“I lost my entire liquidity position. The team’s silence is deafening.”
Is Cetus Exchange solvent?
The Cetus Exchange has not released a full post-mortem, but blockchain sleuths are tracking the stolen funds. Elliptic, a crypto intelligence firm, noted that the exploiter had begun laundering assets through mixers, a common tactic in large-scale breaches.
Meanwhile, the Sui Foundation, which supports the blockchain where Cetus operates, has yet to issue an official statement. Some speculate that the foundation may intervene if the losses threaten Sui’s ecosystem stability.
A growing trend in DeFi hacks
This incident adds to a troubling pattern of DeFi exploits in 2024. Just last month, Curve Finance suffered a 70 million breach, while Thor Chain faced a 42.5 million attack. Unlike those cases, however, the Cetus Exchange team’s reluctance to label this a hack has drawn criticism.
“Calling it a bug instead of an exploit is damage control,” said @BlockchainAuditor on X. “If they don’t admit the breach, will they reimburse users?”
What’s next for Cetus Exchange?
The exchange must now decide whether to:
-
Fully disclose the breach and seek recovery solutions.
-
Continue downplaying the incident, risking user trust.
-
Collaborate with Sui validators to freeze stolen funds.
Until then, traders are left questioning whether the Cetus Exchange can recover or if this marks the end for the embattled DEX.
Key takeaways
-
$200 million+ drained from Cetus liquidity pools.
-
Team calls it a “bug,” but analysts suspect an inside job or exploit.
-
Funds are being bridged to Ethereum and laundered.
-
Users demand transparency and reimbursements.
For now, the Cetus Exchange remains under scrutiny as the crypto community awaits further developments.
