coindesk.com
Cetus Protocol, the largest DEX and liquidity provider on the Sui network, has been compromised in an exploit that drained its liquidity pools and triggered a trading halt.
The team has paused the smart contracts and is actively investigating, it said in an X post.
According to early analysis, the attacker used spoof tokens like BULLA to exploit broken price curves and reserve calculations.
They then added near-zero liquidity to manipulate internal LP state and repeatedly removed real assets like SUI and USDC without depositing anything meaningful.
Seems like all @CetusProtocol LP were drained
— sashko🇺🇦 (@d0rsky) May 22, 2025
Looking into tx, the likely exploit path was:
1. Swap in spoof token (e.g. BULLA → SUI), taking advantage of miscalculated price curve or broken reserve math.
2. Add liquidity with a near-zero amount, to manipulate internal LP… pic.twitter.com/FtpYRSpwWW
Cetus confirmed the incident on X, saying the contract has been paused “for safety” and that a detailed statement will follow.
CETUS is down 40% in the past few hours, while Sui-based memecoins like BULLA and MOJO have dropped over 90%.