- A critical overflow bug in the Cetus Protocol let attackers mint LP tokens infinitely, draining SUI liquidity pools in minutes.
- The attacker bridged over $60M to Ethereum using USDC batches and high-speed swaps, exploiting cross-chain liquidity gaps.
- Emergency network tools froze $162M, but SUI’s sharp 6.79% drop and $3.5B volume spike show shaken trader confidence.
A bug in Cetus Protocol’s oracle system triggered a $260 million exploit that devastated liquidity pools and crashed token values across the Sui blockchain. The team confirmed the issue was not a security breach, but a flaw in smart contract logic that cascaded through the DeFi ecosystem.
Automated Exploit Moves $60M to Ethereum in Minutes.
According to a report by CryptoPotato, what initially appeared to be a massive hack was later clarified as an oracle bug that enabled the attacker to manipulate price feeds and liquidity pools. The attacker used wallet address 0x8901… to execute dozens of rapid-fire transactions through Mayan Finance and CoW Protocol, transferring millions in USDC batches within minutes. Lookonchain’s data confirms that over $60 million was bridged to Ethereum with nearly $5 million in individual ETH transactions.
The exploited funds were converted into USDC before being funneled into various platforms using optimized swaps. Momentum was used to execute high-frequency USDT-USDC swaps with sub-40-second execution times and minimal gas fees, revealing a sophisticated, highly automated strategy. By the time Cetus flagged the activity, $11 million in SUI had vanished from the SUI/USDC liquidity pool.
Overflow Bug Enables Infinite LP Minting Attack
The Cetus team publicly disclosed the nature of the vulnerability, pointing to a critical overflow failure that opened the door for infinite LP minting. According to GoPlusSecurity via GitHub & Sui Network, the flaw resided in the math_u256::checked_shlw function, specifically within a misconfigured bitmask that failed to validate high U128 values. Attackers exploited this flaw by depositing negligible token amounts, such as 0.000001 MAMMO, and withdrawing hundreds of millions in return.
This vulnerability directly affected the add_liquidity and get_delta_a functions, bypassing all controls that would typically restrict such operations. Sui validators responded swiftly by deploying emergency patches that froze $162 million and activating a dangerous but necessary TransactionDenyConfig tool. This configuration disables standard signature checks, allowing the network to neutralize malicious flows while restricting normal user operations.
SUI Token Market Reacts to Incident Fallout
CoinMarketCap data shows the price of SUI dropped 6.79% over 24 hours, landing at $3.84 with a sharp fall from a high of $4.03. Trading volume surged 85.62% to $3.54 billion, reflecting a flurry of reactionary trades as the market absorbed the incident. The volume-to-market cap ratio stood at 27.69%, signaling significant short-term volatility.
With 3.33 billion SUI circulating out of a 10 billion cap, the market cap now totals $12.83 billion. Despite being ranked 11th, investor confidence appears shaken as the profile score hovers at 70%, and token unlock schedules remain visible to all holders.
