Big leak in DeFi platform on Sui network.
Tokens like LOFI, HIPPO, and CETUS dive over 50% in minutes.
Over $260 million may have been drained, say some reports.
Cetus pauses its smart contract, probing the incident.
Thursday morning, several tokens on the Sui network saw sudden drops on decentralized exchanges. Reports link this to a hack of Cetus Protocol, key liquidity infrastructure for these assets.
Tokens LOFI and HIPPO lost over 50% of their value in an hour. Others crashed over 90%. Although prices on centralized exchanges stayed relatively stable at first, the widespread drop on DEXs is now hitting the overall market, according to CoinGecko data.
The incident and Cetus’ response
Cetus confirmed the situation on X: “An incident was detected in our protocol, and our smart contract has been paused temporarily for security reasons. The team is investigating the incident. A more detailed statement will be issued soon. Thank you for your patience.”
The quick response included suspending smart contract operations to limit further losses while investigating the attack’s origin and magnitude.
Analysis firm Lookonchain claimed over $260 million was drained from the protocol. The attacker converted stolen assets to USDC, transferred them to the Ethereum network via a bridge, and then swapped them for ETH.
The standout move was about $60 million in USDC taken out of the Sui network, suggesting a well-planned operation.
Cybersecurity firm PeckShield corroborated this, estimating over $200 million stolen and $60 million in USDC crossing chains.
Hack or glitch?
The debate on the incident’s nature continues. While some in the Sui community claim Cetus wasn’t directly hacked, others say it’s an exploit related to a pricing oracle flaw.
An oracle exploit occurs when an attacker manipulates external price sources a DeFi protocol uses to calculate asset values. If this component is manipulated, it can create opportunities to drain liquidity illegitimately without directly breaching the contract code.
These attacks have affected multiple DeFi protocols due to their dependence on unvalidated external data sources.
Impact on the Sui ecosystem
Cetus is a fundamental pillar in Sui’s DeFi infrastructure, so this event significantly hurts the network’s and its community’s reputation. The CETUS token fell about 50% on decentralized exchanges and 30% on the general market in the hour following the incident.
Although prices started to stabilize, the damage to ecosystem trust is done. The attack’s magnitude and potential structural vulnerability raise serious questions about emerging DeFi protocols’ security.
So far, Cetus Protocol hasn’t issued a detailed report on what happened. The community awaits a thorough audit and concrete corrective measures to prevent similar future events.
Sui network developers may face pressure to improve their oracle system and enhance key protocol security monitoring.
In a context where DeFi security is crucial for mass adoption, this case could become a reference on how not just code but also external data sources must be audited with equal rigor.
