TechFlow news, on May 27, Cetus officially released a report on the theft incident. On May 22, the protocol suffered a smart contract attack targeting its CLMM liquidity pools. The attacker exploited vulnerabilities in an open-source library and flaws in overflow checks to manipulate the pool price downward, establish high-priced positions, inject artificially inflated liquidity, and repeatedly withdraw assets, successfully stealing funds.
Cetus has urgently frozen two of its wallet addresses on Sui (containing most of the stolen funds), while the remaining funds have been bridged to Ethereum. Cetus is collaborating with the Sui security team and auditing firms to conduct multi-party reviews, and is developing LP compensation and recovery plans, calling for validators to support on-chain voting. The official team has issued a white-hat ultimatum to the attacker.




