$162M Frozen After Cetus Protocol Attack on Sui — How Spoof Tokens Enabled a $223M DeFi Heist?

Over $160 Million of $223 Million Stolen in Cetus DEX Hack Successfully Frozen

The team behind Cetus has announced that a significant portion of funds stolen in a major hack on the Cetus decentralized exchange (DEX) has been successfully frozen.

The DEX, which operates on the Sui blockchain, revealed that $162 million of the estimated $223 million taken in the attack has been locked down.

The remaining amount is still being pursued with help from the Sui Foundation and various ecosystem partners.

The Sui Foundation confirmed in a X post,

“A large number of validators identified the addresses with the stolen funds and are ignoring transactions on those addresses until further notice”

Cetus is actively exploring ways to recover the funds and return them to affected users.

What Happened in the Cetus Hack and How Was It Carried Out

The attack took place on 22 May when the attacker exploited a vulnerability in Cetus’s liquidity pools, specifically targeting its pricing curve mechanism.

Using fake tokens like BULLA, the hacker manipulated liquidity states to withdraw real assets including SUI and USDC, both key tokens within the Sui ecosystem.

Initial estimates show the hacker moved $63 million of the stolen assets onto the Ethereum network.

Security researchers at Extractor Web3 also tracked a wallet ending in “AF16,” which was used to launder around 20,000 Ether — roughly $53 million.

This exploit caused the protocol’s transaction volume to spike sharply, reaching $2.9 billion within 24 hours, nearly ten times the usual daily activity.

Cetus suspended its smart contracts to halt further losses as investigations began.

How Did the Hack Impact Sui Ecosystem Tokens

The spoof token BULLA, central to the exploit, lost 60% of its value almost immediately.

Other Sui-based tokens suffered severe losses as well, with SLOVE dropping 93%, Uni down 77%, and MEMEFI falling 51% in a short period.

Cetus’s own token, CETUS, declined by 34%.

Market sentiment soured across the Sui ecosystem, although the native SUI token weathered the attack better, slipping only 2.37%.

Despite this relative stability, concerns remain over security weaknesses exposed by the breach.

Can Validators Freeze Wallets and What Does That Mean for Sui’s Decentralisation

The coordinated freeze of stolen funds by 114 validators raised questions among community members about the network’s censorship resistance.

One user pointed out,

“Good news for the victims, but if validators, 114 only in total, can freeze wallets when they want, it raises a major question about the network's censorship resistance. Sui is anything but decentralized.”

This event highlights a tension between rapid response to crime and the principle of decentralisation that many blockchain projects strive to maintain.

Who Is Helping with Recovery and What Is Being Done Next

Major exchanges like Binance and Bybit have stepped in to support recovery efforts, working closely with Sui developers and security teams.

Blockchain security firms are tracing transaction trails and identifying wallets linked to the attacker, hoping to recover stolen assets moved across networks.

Meanwhile, Cetus is focused on fixing vulnerabilities in its protocol and rebuilding user trust.

Although the exploit has not disrupted the broader Sui blockchain itself, developers are prioritising security upgrades to prevent future incidents.

The Cetus hack remains one of the largest exploits to hit the crypto sector this year, underlining ongoing challenges in securing decentralised finance platforms.