Table of Contents
Cetus Protocol, a major decentralized exchange (DEX) on the Sui network, has suffered a catastrophic hack. The exploit, which occurred on May 22, drained over $260 million from the platform and triggered a chain reaction across the Sui ecosystem. USDC, the stablecoin commonly used for trading on the platform, lost its peg and dropped to near-zero within Sui-based liquidity pools. Meanwhile, dozens of Sui-native tokens now display a value of $0 on-chain explorers like SuiScan. This exploit not only exposes major vulnerabilities in the Sui ecosystem but also reignites serious concerns about the risks of cross-chain liquidity and smart contract security.
🚨 Cetus Protocol on Sui Hacked
- Scale of the exploit: Early reporting indicates a massive breach on May 22, 2025. Lookonchain first flagged that over $260 million was stolen from the Cetus Protocol on Sui.
- Funds flowed cross-chain: The attacker is reportedly converting the stolen USDC and bridging approximately $60 million to Ethereum, further selling into ETH.
- Implications: This hack marks one of the largest DeFi losses to date and highlights the dangers of cross-chain liquidity and smart contract vulnerabilities.
🌐 Market Impact & Token Devaluation
- Fast-moving flash news: Initial reports suggested an $11 million loss from the SUI‑USDC liquidity pool, a plunge causing many SUI‑based tokens to drop 75–80%.
- Depeg of USDC on Sui: USDC’s peg dropped dramatically, on-chain explorers like SuiScan show USDC plunging toward $0 value within impacted pools.
- Broader token collapse: Multiple Sui ecosystem tokens are showing near-zero valuations on SuiScan, indicative of cascading liquidations or zeroed-out liquidity pools across the DEX landscape.
🔍 Rippling Consequences
- Network confidence shaken
With funds funneled off-chain and USDC de-pegged, investor and developer confidence in Sui’s security has taken a hit. - Cross-chain risks spotlighted
The hack underscores the vulnerabilities in multi-chain bridges and liquidity. With stolen funds flowing to Ethereum, the potential for manipulation or cherry-picked exits grows. - On-chain analytics flash warning signs
SuiScan’s dashboard now highlights multiple SUI tokens at or near zero. The de-pegged USDC raises alarms that stablecoins on-chain can collapse under stress when untethered from sufficient reserves.
🧭 What This Means Going Forward
- For users: If you have any exposure to Sui‑based liquidity pools (especially USDC pairs), consider shifting holdings off-chain to avoid further slippage or freeze risks.
- For developers: This hack is a wake-up call. A smart contract review, contingency planning, and on-chain surveillance (e.g., delayed withdrawals, circuit breakers) should be prioritized.
- For regulators and auditors: Watch closely, this breach illustrates the need for tighter cross-chain governance, auditing standards, and emergency response protocols.
Summary
| Category | Detail |
|---|---|
| Breach Size | ~$260M stolen from Cetus Protocol on Sui |
| Funds Route | ~$60M bridged to Ethereum, converted to ETH |
| USDC Status | De-pegged to near-zero on Sui, pools drained |
| Ecosystem Health | Tokens across Sui nearly $0 on SuiScan; extreme volatility |
Bottom line: This attack rapidly liquidated hundreds of millions in assets, decimated stablecoin liquidity, and exposed the fragility of a growing but still maturing blockchain ecosystem. The Sui network, and DeFi at large, may never look at DEX security the same way again.
