Cetus Protocol, a decentralized exchange on the Sui network, has recently been the target of a major attack resulting in the extraction of $223 million in tokens. In response to this incident, Cetus Protocol has posted a $5 million reward for information leading to the identification and arrest of the attacker responsible for the breach.
The reward, announced on May 23, is being coordinated with cybersecurity firm Inca Digital and will be funded by the Sui Foundation if the tip proves to be decisive. Informants are required to email the perpetrator’s name, location, and supporting proof with the subject “Cetus lead.” The DEX has also stated that it will withdraw any civil action and cancel the bounty if the exploiter returns the assets and accepts a previous settlement proposal.
Prior to the public bounty announcement, Cetus Protocol made a separate proposal to the attacker through an on-chain transaction. This proposal offered a $6 million retention fee in exchange for the return of 20,920 ETH and all frozen amounts on Sui. The team behind Cetus Protocol has stated that they have identified the exploiter’s Ethereum wallets and are working with various authorities and partners to address the situation.
The attacker targeted a flaw in Cetus Protocol’s pricing mechanism, resulting in the immediate pause of all smart contract activity. The exploit led to the extraction of $223 million in tokens, with $61 million being moved to Ethereum via bridges and the remaining $162 million being frozen by Sui network validators. It is unclear when normal trading will resume on Cetus Protocol or if any code changes will be implemented before reactivating the contracts.
The response from Sui network validators to freeze the remaining $162 million has sparked a debate on decentralization within the crypto community. While the freeze prevented further transfers and locked the tokens on-chain, it has raised concerns about the power of validators to suspend specific accounts at will. Gautham Santhosh, co-founder of Polynomialfi, noted that while the process required consensus and was not arbitrary, it has changed the security assumptions surrounding layer-1 blockchains.
Overall, the incident at Cetus Protocol highlights the ongoing challenges and risks faced by decentralized exchanges and blockchain protocols. The $5 million reward and efforts to address the attacker demonstrate a commitment to protecting user funds and maintaining the integrity of the platform. The crypto community will be closely watching how this situation unfolds and what lessons can be learned for future security measures.