Breaking: $11M Drain, 75% Token Crash.

On May 22, 2025, the Sui blockchain was rocked by one of its most devastating security breaches to date. Cetus Protocol, the largest decentralized exchange (DEX) and liquidity provider on Sui, was allegedly hacked with over $11 million in SUI and USDC drained in a matter of hours.

The exploit, which targeted the SUI/USDC pool, triggered a massive cascade of token price collapses across the platform. In a brutal wave of liquidation, tokens across the board fell over 75% in value. Affected tokens included $SUIRI, $HIPPO, $SQUIRTLE, $BULLSHARK, $WET, $PCHU, and others, all of which suffered severe losses as liquidity pools were rapidly emptied.

What Happened?

Initial on-chain analysis and reports from security firms suggest that the attacker exploited a vulnerability in Cetus’s pool logic by using spoofed or manipulated tokens to bypass swap validation mechanisms. This allowed them to distort the pricing algorithms, drain liquidity, and convert tokens at manipulated rates.

While the full technical breakdown is still under investigation, the speed and precision of the exploit suggest a highly coordinated operation. The attacker has reportedly bridged a significant portion of the drained assets — including $60M worth of USDC over to Ethereum, making it harder to recover funds or track further movements.

Token Meltdown: A Chain Reaction

The hack immediately triggered fear across the Sui ecosystem. According to Cointelegraph and on-chain data, most tokens in SUI-based liquidity pools dropped between 75% to 92% within hours. Some of the worst-hit assets include:

• $SUIRI: -82.3%
• $HIPPO: -79.7%
• $SQUIRTLE: -78.6%
• $WET: -75.6%
• $PCHU: -77.8%
• $AXOL: -92.6%

The scale of the damage caused widespread chaos among retail holders, DEX users, and protocol builders who rely on Cetus for liquidity and price discovery.

Cetus Protocol Responds

Shortly after the exploit, Cetus announced that it had paused all smart contracts and was actively investigating the breach. A statement from the team said they were working with leading blockchain security firms to trace the funds and identify the attack vector.

“We are deeply sorry for the disruption and losses. Our team is prioritizing containment, investigation, and a plan for compensation. Community trust is our highest priority,” the Cetus team stated.

Sui Foundation: Silent or Preparing?

As of this writing, the Sui Foundation has not issued an official statement. Many in the community are urging the foundation to take a leadership role in addressing the situation, including pushing for protocol-level audits, recovery efforts, and rebuilding trust among developers and users.

What This Means for Sui and DeFi

This incident has exposed a major vulnerability in the still-developing Sui ecosystem particularly in the decentralized infrastructure critical for day-to-day DeFi activities. It also raises tough questions:

• Can newer chains like Sui maintain security while scaling fast?
• Will DEXs prioritize rigorous auditing over rapid TVL growth?
• Can trust be rebuilt after such a large-scale drain?

As Sui attempts to recover, this event will likely serve as a case study in DeFi risk, particularly for emerging Layer 1 ecosystems that rely on a small number of liquidity hubs.

Final Thoughts

The Cetus hack isn’t just a security failure it’s a wake-up call. DeFi’s growth has always walked a fine line between innovation and risk. For Sui, that line has just been crossed.

Stay tuned as the story develops fund recovery efforts, community reactions, and any statements from Cetus or the Sui Foundation could change the direction of this crisis.