- Trending
- Comments
- Latest
The Cetus hack has become one of the most dramatic DeFi attacks of 2025, with $56 million worth of ETH stolen and a controversial $6 million bounty now on the table.
The decentralized exchange (DEX), which operates on the Sui blockchain, was rocked earlier this week by a devastating exploit that drained over 20,920 ETH from its liquidity pools.
In a high-stakes appeal to the attacker, Cetus announced via a late-night post on X that it had located the Ethereum wallet holding 20,920 ETH—worth approximately $56.3 million—and is negotiating terms for its return.
“In exchange, you can keep 2,324 ETH (~$6M) as a bounty, and we will consider the matter closed,” Cetus said in a statement co-signed by data analytics firm Inca Digital.
The Cetus hack exploited a vulnerability in the protocol’s liquidity pool smart contracts, enabling the attacker to drain funds across multiple tokens. Much of the stolen crypto was quickly converted to USDC and then swapped into ETH.
The Cetus hack occurred Thursday, when an attacker exploited a critical smart contract flaw. Following the breach, Cetus swiftly patched the vulnerability and notified its users. However, the damage had already been done: millions were siphoned from the protocol.
In a show of force, the Sui Network—underpinning the Cetus platform—coordinated with its validators to freeze wallet addresses linked to the hack. According to the Sui Foundation:
“A large number of validators identified the addresses with the stolen funds and are ignoring transactions on those addresses until further notice.”
The foundation confirmed that approximately $162 million in compromised tokens have been paused to prevent off-ramping and laundering of the assets.
While Cetus praised the rapid coordination between DeFi protocols and the Sui validator community, not everyone in the crypto space is celebrating.
Cyber Capital founder Justin Bons called out the centralization risk exposed by the Cetus hack, questioning the control that Sui validators wield.
“Does that make SUI centralized? The short answer is YES,” Bons posted on X. “The ability to censor wallet activity through validator coordination is not what DeFi should look like.”
He pointed to validator count and token concentration within the network as significant concerns for decentralization purists.
In the aftermath of the Cetus hack, the DEX’s native token CETUS saw a 50% plunge, now trading around $0.1714 per CoinGecko. Other ecosystem tokens, including LOFI and HIPPO, also took double-digit hits amid investor panic.
Despite the bounty offer, uncertainty looms. Industry watchers question whether the hacker will respond—and if they do, whether it will set a precedent for rewarding cybercriminals.
The Cetus hack is not an isolated incident. According to Immunefi, a leading blockchain security platform, the first quarter of 2025 saw a staggering $1.63 billion lost across 39 crypto-related hacks.
Two major incidents—$69.1M lost by Phemex in January and $1.46B by Bybit in February—accounted for the lion’s share. Analysts suspect the notorious North Korean Lazarus Group is behind both attacks, responsible for a jaw-dropping $1.52 billion, or 94% of the Q1 losses.
As negotiations unfold, all eyes remain on the Ethereum wallet containing the stolen ETH. Cetus has made it clear: cooperate and keep $6 million, or face legal action and blockchain-wide surveillance.
The Cetus hack has spotlighted the fragile security dynamics in DeFi, the growing role of validator censorship, and the increasing audacity of digital criminals.
Whether the $6M bounty will entice the attacker—or embolden future hacks—remains a question that could shape the future of DeFi enforcement and diplomacy. The Bit Gazette will continue to observe the market and report as events unfold.
Copyright © 2025 - The Bit Gazette.
