Sui Community Passes Proposal to Recover Stolen Funds from Cetus Hack, Ensuring Full User Reimbursement

On May 28, Sui community proposed a pivotal governance vote to recover $162 million in frozen funds stolen during last week’s exploit of Cetus Protocol, a decentralized exchange built on the Sui blockchain. As of press time, the proposal has garnered 53% support, surpassing the threshold required for passage, signaling strong community backing for the recovery effort. This vote is a cornerstone of Cetus’ comprehensive plan to fully compensate affected users by leveraging frozen funds, treasury assets, and a secured loan from the Sui Foundation.

Details of the Cetus Exploit

The exploit occurred on May 22 targeted Cetus’ Concentrated Liquidity Market Maker (CLMM) pools. The attacker exploited a vulnerability in an open-source math library combined with a flaw in overflow checks, enabling them to manipulate pool prices. By opening high-priced positions, injecting inflated liquidity, and repeatedly extracting assets, the attacker siphoned off approximately $223 million in digital assets. The incident triggered significant market volatility, with some Sui-based tokens dropping by over 70% and Cetus’ native token, $CETUS, declining by over 50% at its lowest point.

Cetus responded swiftly, pausing its smart contracts to prevent further losses and freezing two wallet addresses on the Sui blockchain containing roughly $162 million of the stolen funds. However, approximately $60 million was bridged to Ethereum, complicating recovery efforts. The Cetus team, in collaboration with the Sui Foundation and security auditors like OtterSec, issued a white-hat ultimatum to the attacker and began formulating a recovery strategy.

The Community Vote and Recovery Plan

The proposed community vote, announced on May 27, 2025, via posts on X from the Sui Network and community accounts, aims to authorize a protocol upgrade to facilitate the return of frozen funds. The upgrade introduces two one-time special transaction authentication mechanisms to transfer the $162 million from the attacker’s addresses to a multisig wallet managed jointly by Cetus, the Sui Foundation, and OtterSec. This approach bypasses the need for the attacker’s signature, streamlining the recovery process.

To address the $60 million bridged to Ethereum, the Sui Foundation has committed to providing Cetus with a secured loan. Combined with assets from Cetus’ treasury, including cash and tokens, this loan ensures the protocol can fully compensate affected users and liquidity providers (LPs).

The recovery plan has been met with optimism. The proactive response from Cetus and the Sui Foundation has bolstered community confidence, with $CETUS rising 22.5% in the past 24 hours, according to CoinGecko data as of press time.

Technical and Community Implications

The exploit’s root cause was identified as a bug in Cetus’ math library, not a flaw in the Sui blockchain or its Move programming language. The Sui Foundation emphasized this distinction in a May 26 X post, highlighting its commitment to enhancing ecosystem security. The foundation is supporting Cetus through technical assistance, validator coordination, and the loan, underscoring the importance of a holistic approach to DeFi security.

The community vote, facilitated by code released by the Sui Foundation, allows Sui validators and token holders (via stake delegation) to participate directly in the governance process. This approach ensures transparency and has earned community approval. The handling of the attack by Cetus and the Sui community could set a precedent for user protection in decentralized finance (DeFi).

Cetus’ Path Forward

The Cetus exploit highlights the persistent security challenges in DeFi, particularly around open-source libraries and smart contract vulnerabilities. The Sui community’s response, combining technical upgrades, community governance, and financial support, demonstrates a multifaceted approach to crisis management. If successful, the recovery plan could serve as a model for other protocols facing similar incidents, reinforcing the importance of collaboration between developers, foundations, and communities.

Cetus is now working with auditors and Sui’s security team to conduct a thorough review of its smart contracts. The protocol has urged validators to support the on-chain vote and is exploring long-term measures to prevent similar vulnerabilities. The white-hat ultimatum issued to the attacker remains open, though no response has been reported as of press time.

As the vote progresses, the crypto community is closely watching how Sui and Cetus navigate this high-stakes recovery. The outcome could influence perceptions of Sui’s ecosystem security and Cetus’ ability to restore user trust.