• Cetus Protocol on Sui was hacked for over $290 million, marking the biggest DeFi exploit of 2025 and triggering a liquidity crisis across the network.
  • The attacker used spoof tokens and oracle manipulation to drain assets, with Binance and the Sui Foundation now assisting in recovery and damage control.
  • Validators on the Sui network have begun ignoring hacker-linked addresses, effectively freezing some of the stolen funds through a coordinated consensus response.

The Sui blockchain is facing one of its most severe security crises to date after Cetus Protocol, the largest decentralized exchange (DEX) on the network, was exploited for over $290 million earlier this week.

The exploit wiped out liquidity, crashed token values, and pushed the Sui network’s total value locked (TVL) below $2 billion.

The hack, now considered the biggest DeFi breach of 2025, exposed critical vulnerabilities in Cetus’ smart contracts. It also rattled investor confidence across the ecosystem, sending several Sui-based tokens, including CETUS, Lofi, Slove, and Hippo, tumbling by 20% to 80% in value within hours.

Despite the size of the breach, Sui’s native token (SUI) fell by only about 4%, thanks to its broader liquidity backing. Still, the potential ripple effect across the ecosystem has left the network in a precarious state.

How It Happened & Who’s Responding

Initial investigations reveal the attacker used spoof tokens—valueless assets disguised as legitimate ones—to trick Cetus' liquidity pools. By exploiting smart contract flaws and manipulating price oracles, the attacker made it appear these tokens were highly valuable, using them to drain real assets from the protocol.

“It’s like walking into a toy store with fake toys that look real and walking out with genuine, expensive ones,” explained Manan Vora, Director at Liminal.

On-chain data shows the attacker laundered at least $60 million in USDC, which was later swapped into 21,938 ETH and moved to the Ethereum blockchain. The wallet now holds over $8.6 million in Ether, making traceability and recovery increasingly difficult.

In response, Cetus quickly paused all smart contracts, freezing an estimated $160 million of compromised funds, and is now working with the Sui Foundation to recover the rest. Notably, validators on the Sui network are ignoring transactions from addresses associated with the hack, effectively freezing those assets through consensus-level censorship.

Binance founder Changpeng ‘CZ’ Zhao has also stepped in, offering assistance to the Sui team to track and potentially recover some of the lost funds. The exchange has a history of supporting such efforts in major on-chain exploits.

“We are working with the Sui Foundation and other ecosystem members right now on next-step solutions,” the Cetus team shared on X.

Additionally, Cetus has thanked the Sui community for its patience and revealed it is working closely with anti-cybercrime firms and law enforcement. The team has identified the hacker’s Ethereum wallet and extended a whitehat settlement offer in hopes of negotiating the return of customer funds, with legal action held in abeyance pending a resolution.

“To our community, thank you for your continued support. Our priority continues to be the recovery of impacted funds, and we hope for a successful resolution,” Cetus said.

What’s Next for Sui’s DeFi Ecosystem?

Cetus says a full post-mortem report is in the works. For now, developers are reviewing contract logic and security protocols to ensure similar exploits can’t happen again. The Sui Foundation is coordinating with forensic tools and validators to track fund movements and limit further damage.

But the bigger question looms: can the Sui ecosystem recover?

The damage has been both technical and reputational. $330 million in ecosystem TVL evaporated overnight, and confidence in Sui’s DeFi ecosystem has been deeply shaken.

While Binance’s support offers a glimmer of hope, the network now faces a long path to rebuild trust and reinforce its security perimeter.

Edited by Harshajit Sarmah