Cetus Set to Repay Stolen Assets with Support from Sui Foundation Loan
In the aftermath of a major security breach, Cetus, a decentralised exchange on the Sui blockchain, has announced that it is now prepared to fully repay all users affected by the recent $223 million exploit. The platform revealed that with the backing of its remaining funds and a critical loan from the Sui Foundation, it has the resources to make a complete recovery possible—pending the outcome of a community vote.
Image 1: Cetus (Source: Sui Directory)
Recovery Hinges on Community Approval
According to the Cetus team, the funds frozen after the attack can only be returned if the community agrees through an on-chain vote. The vote will determine whether the locked assets can be unlocked and used alongside the project’s reserves and the Sui Foundation loan to restore affected user accounts in full.
Cetus acknowledged that the request for community backing is significant, especially following the events that caused the damage. The team admitted that the situation was a result of internal failures but stressed that the vote offers the most viable path to righting those wrongs. They’ve asked the Sui community to support the initiative and help make users whole again.
Even if the vote does not pass, the team has confirmed that steps toward repayment will begin immediately, with a detailed plan to follow. The platform is determined to begin the recovery process regardless of the outcome but made it clear that the full recovery depends on community cooperation.
What Led to the Attack
The attack on Cetus occurred due to a vulnerability in its automated market maker’s liquidity calculation mechanism. The issue involved an error in a smart contract function meant to prevent overflows. This function was based on an open-source library that incorrectly validated inputs, checking them against a 256-bit limit when the correct threshold was 192 bits.
This flaw allowed the attacker to falsely inflate liquidity levels with minimal input, giving the illusion of vast token deposits. By manipulating price feeds and injecting spoof tokens, the attacker was able to drain massive amounts from liquidity pools like SUI/USDC.
The incident, which took place on 22 May 2025, caused widespread disruption across the Sui ecosystem. In total, around $223 million was taken, although roughly $163 million was frozen shortly after the attack by validators and ecosystem partners. The remaining portion—estimated at $60 million—was reportedly converted to USDC, bridged to Ethereum, and laundered through mixing services.
Image 2: Cetus Hack (Source: CoinDesk)
Moving Forward with Plans for Restoration
Following the exploit, Cetus took immediate action to contain further damage. Smart contracts were paused, and an investigation began in collaboration with security firms and the Sui Foundation. A major breakthrough came when the Foundation agreed to provide a loan, allowing the project to secure the financial base needed to start reimbursing users.
With this support in place, Cetus has launched a recovery proposal that hinges on a community vote to unlock frozen funds. The team has urged users and Sui stakers to participate and approve the proposal, which would pave the way for a full restoration of balances.
As part of the broader effort to rebuild confidence, Cetus is also strengthening its internal systems. The team is implementing stricter risk controls, enhancing smart contract audits, and introducing real-time monitoring to detect future vulnerabilities more effectively. Additionally, a $5 million bounty remains in place for information that could lead to the attacker or encourage the return of stolen assets.
The project has also offered a “white hat” option—promising no legal consequences if the attacker voluntarily returns the funds. While the odds may be slim, the door remains open for a peaceful resolution.
A Crossroads for the Sui Ecosystem
The situation has prompted broader discussions within the DeFi space, particularly about the role of validators in freezing assets. Some believe the action was necessary to protect users, while others argue it undermines the decentralised nature of blockchain systems.
Despite the debate, Cetus remains focused on its goal of repaying users and restoring confidence. The upcoming vote is being positioned as a decisive moment—one that will determine whether full recovery is possible or whether the path forward will be slower and more difficult.
Read Also: Cetus DeFi Exchange on Sui Network Suffers Suspected Exploit with Over $200M in Crypto Drained
Cetus has stated that its top priority is regaining the trust of the community and doing right by its users. With financial backing secured and a recovery framework in motion, the project now waits on the community to decide the final outcome.
The team sees this not just as a chance to repair the damage, but also to build a stronger, more resilient DeFi platform for the future.
