Hackers Stole $223 Million from Cetus Crypto Exchange

Decentralized crypto platform Cetus has had a run-in with hackers, resulting in the loss of $223 million in digital assets.

Cetus is a decentralized exchange (DEX) built on a “concentrated liquidity protocol” and based on the Sui and Aptos blockchains.

The company embraces the concept of Liquidity as a Service, putting the emphasis on easy integration. Developers can access liquidity on Cetus to build their own products such as liquidity vault, leveraged farming, and derivatives. Clients can set up a swap interface on their own frontend by integrating the Cetus software development kit.

‘An incident detected on our protocol’

The exchange posted an alert on X Thursday at 2:34 PM saying, “There was an incident detected on our protocol and our smart contract has been paused temporarily for safety.”

“The team is investigating the incident at the moment,” the exchange said. “A further investigation statement will be made soon. We are grateful for your patience.”

Just 2.5 hours later, a company update confirmed that the incident was at the hand of a hacker, leaving the exchange $223 million poorer.

$223 million shaved off

According to the 6 PM follow up:

As of earlier today, we have confirmed that an attacker has stolen approximately $223M from Cetus Protocol. We have took immediate action to lock our contract preventing further theft of funds.

Cetus said $162 million of the compromised funds had been “successfully paused,” as the exchange worked with the Sui Foundation and other ecosystem members “on next-step solutions, with the goal of recovering the remaining stolen funds.”

The notice again stressed that the “majority of impacted funds are paused and we are actively pursuing paths to recover the remainder.”

By “paused,” Cetus likely means some of the stolen tokens have been frozen, so no one can cash out or move assets around until the situation is addressed.

“We have no higher priority and will provide further updates as they become available through this channel,” the DEX adds. “A full incident report will be disclosed later. We are sincerely grateful for your patience.”

$50 million shifted to a new wallet

As noted by The Record, watchers in the crypto market have already seen $50 million transferred to a new wallet, presumably in the hacker’s possession.

It is believed the threat actor exploited a vulnerability in the protocol to steal the funds, and that the hacker likely manipulated the price of the coin as part of the attack.

You may also want to read:

Data Breach at Coinbase Exposes Information of Nearly 70,000 Customers

FTC: Americans Lost $12.5 Billion to Scams Last Year

Watch Out for ‘FBI Agents’ Offering to Recover Your Stolen Funds