The Sui Foundation has made a significant move by providing a secured loan to assist decentralized exchange Cetus in fully compensating users impacted by a recent $223 million exploit. The foundation announced that the loan will cover the funds that were stolen by the hacker from the Sui (SUI) network before validators froze their wallets. Cetus plans to combine this loan with its treasury assets to reimburse affected users in full, pending approval from the community through an on-chain vote to unlock the frozen funds.
The incident, which occurred on May 22, involved a complex exploit targeting a vulnerability in Cetus’ concentrated liquidity market maker contracts. The attacker exploited unchecked math operations in a third-party code library and manipulated prices using a flash swap, allowing them to drain multiple pools by falsifying liquidity deposits and repeatedly withdrawing real tokens.
Although validators were able to freeze $162 million of the stolen assets on-chain, a significant amount was transferred to Ethereum (ETH) by the attacker. The focus of the current compensation plan is on recovering these bridged funds to fully cover the stolen assets that are currently off-chain.
As a result of the hack, the CETUS token experienced a 40% drop and remains 20% down over the past week. Additionally, the total value locked on the Sui network decreased from $2.13 billion to $1.77 billion, according to DefiLlama data.
While the vulnerability was in Cetus’ code and not Sui’s underlying infrastructure, the Sui Foundation took responsibility for supporting ecosystem-wide security. In addition to the loan, the foundation announced a $10 million commitment to fund audits, bug bounties, and formal verification tools to enhance security measures across the ecosystem.
To incentivize white-hat hackers to identify vulnerabilities before they are exploited, the foundation plans to expand its bug bounty program to include high-value protocols like Cetus, which have a total value locked of over $50 million.
The response from validators in freezing wallets to prevent further damage sparked a debate within the community, with some expressing concerns about compromising the decentralization ethos of blockchain. However, others praised the swift response and transparent handling of the crisis.
Cetus is expected to release a detailed recovery plan soon, with compensation efforts set to commence regardless of the outcome of the community vote. The full recovery of the stolen assets will depend on the community’s decision to support unfreezing the remaining funds.