Sui Ecosystem Hacked: How the $260M Cetus Hack Exposes Risks and Boosts Ethereum’s Post-Pectra Appeal

6 min readMay 24, 2025

TL;DR

On May 22, 2025, Cetus Protocol, the largest DEX on the Sui blockchain, was exploited for $220–260 million via a spoof-token smart contract vulnerability.
Sui validators froze $160 million in stolen funds, but user confidence, token values, and liquidity across the ecosystem took significant hits.
The hack highlights the need for stricter DeFi security and triggers debates on decentralization within Sui’s proof-of-stake validator model.
Ethereum stands to benefit as investors and developers reconsider the risks of newer blockchains and migrate toward Ethereum’s more mature and secure DeFi ecosystem post-Pectra upgrade.

Introduction

The blockchain industry continues to evolve rapidly, with emerging ecosystems like Sui aiming to challenge Ethereum’s long-standing dominance. However, the DeFi sector remains susceptible to exploits, as seen in the recent high-profile hack of the Cetus Protocol, a central component of Sui’s DeFi landscape. This attack has sent shockwaves through the community, raising critical questions about smart contract security, network decentralization, and investor trust.

While the Sui blockchain itself was not directly compromised, the magnitude of the exploit and its ripple effects have raised red flags. Interestingly, this breach may also have unintended consequences — chiefly, a renewed appreciation for Ethereum’s security and decentralization, especially after its successful Pectra upgrade.

This article explores the impact of the Cetus hack on Sui’s ecosystem, evaluates the network’s response, and examines how Ethereum might capitalize on this crisis.

Cetus Protocol Hack: A Tectonic Jolt to the Sui Ecosystem

On May 22, 2025, the burgeoning SUI ecosystem suffered its most devastating event to date — an exploit of Cetus Protocol, the largest DEX and liquidity provider on the network. While Sui’s core blockchain infrastructure remained intact, the economic fallout was substantial and revealed structural weaknesses in the ecosystem’s DeFi security.

Mechanism of the Exploit: The attacker exploited a vulnerability in Cetus’s smart contracts by minting spoof tokens to manipulate price oracles and liquidity pool calculations. This allowed them to drain major pools like SUI/USDC, resulting in over $220–260 million in losses — one of the largest DeFi exploits in 2025.
Token Impact: CETUS, the protocol’s native token, plummeted by 33–40%, while the SUI token dipped around 15% to around $3.81 (as of May 23, 2025). Several smaller Sui-based tokens, such as HIPPO and AXOL, lost up to 96% of their value, decimating investor portfolios.
Market Reaction: Liquidity dried up across DEXs, and USDC briefly lost its peg on Sui, triggering a halt in swaps and borrowing functions. Trading activity froze on platforms like Bluefin and Momentum, amplifying fears of a cascading liquidity crisis.
Centralization Concerns: Although $160 million in stolen funds were frozen by Sui validators, this raised new questions about the centralized control in Sui’s validator network. Critics warned that the ability to unilaterally block addresses could compromise the ethos of decentralization.

Sui’s Emergency Response: Containing the Fallout

In the hours following the hack, the Sui Network, its foundation, and affiliated projects took immediate steps to contain damage and restore order. The reaction was swift, but it also revealed the ecosystem’s reliance on centralized coordination in times of crisis.

Validator-led Fund Freezes: Sui validators identified and froze around $160 million in exploited funds. Transactions originating from the exploiter’s addresses were blacklisted, showcasing the network’s ability to respond decisively but raising flags about censorship resistance.
Collaboration and Recovery: The Sui Foundation worked closely with Cetus, blockchain forensic firms, and centralized exchanges like Binance and Bybit to trace and potentially recover the remaining $60 million. Security firms like HackenProof were brought in for forensic audits.
Stabilization of DeFi Operations: In a coordinated effort, protocols like Scallop and Bluefin paused operations, particularly borrowing and trading, to prevent contagion and protect users. While disruptive, these measures helped to isolate the breach and limit further damage.
Transparent Communication: Sui’s leadership, including co-founder Adeniyi.sui, provided regular updates on social media platform X. These updates included fund recovery progress, safety instructions, and reaffirmations that the core blockchain remained secure.

Repercussions for the Sui Ecosystem: A Crisis of Confidence

The exploit’s impact on Sui goes beyond numbers. The psychological and structural effects threaten to undo months of growth, casting doubt on the ecosystem’s readiness for mainstream DeFi adoption.

Erosion of Trust: The attack shook investor confidence in Sui’s DeFi ecosystem. As the largest DEX and liquidity provider, Cetus was central to user activity. Its vulnerability created a perception that the entire ecosystem is fragile.
Liquidity Disruptions: With millions drained and platforms temporarily disabled, liquidity dried up overnight. USDC’s temporary depeg on Sui added insult to injury, damaging the network’s credibility in maintaining reliable trading environments.
Long-Term Developer Hesitation: The hack may deter developers from building on Sui, especially when Ethereum and other L1s offer mature tooling, better auditing ecosystems, and fewer surprises. This could stall innovation and adoption.
Narrative of Centralization: The validators’ decision to freeze funds, while beneficial short-term, revived concerns about the extent of control wielded by a few entities. As Sui grows, maintaining a balance between safety and decentralization will be a tightrope walk.

Ethereum as an Indirect Beneficiary: How the Sui Hack Highlights Ethereum’s Strengths Post-Pectra Upgrade

While the Cetus Protocol hack severely impacted the Sui ecosystem, it may serve as an indirect benefit for Ethereum by reinforcing its position as the more mature and secure smart contract platform. This shift is not because Ethereum caused or gained directly from the attack, but because investors, developers, and users seeking stability may increasingly gravitate towards its well-established network in light of Sui’s vulnerabilities.

Strengthened Security and User Experience: Ethereum Pectra upgrade enhances the network with smart account wallet features, doubled Layer 2 data capacity, and validator UX improvements. These upgrades reduce costs and improve usability, making Ethereum more attractive to DeFi developers and users wary of newer chains’ security risks.
Reinforced Perception of Stability: While no blockchain is immune to exploits, Ethereum’s lengthy history of comprehensive audits, active developer community, and resilient protocols like Uniswap position it as a safer alternative. For example, Uniswap just crossed $3T in all-time swap volume, making it suitable for DeFi market. The Sui hack underscores the risks in emerging ecosystems, indirectly spotlighting Ethereum’s relative security advantage.
Potential Developer and User Shift: As confidence wavers in Sui, developers and users may increasingly favor Ethereum and its Layer 2 solutions for building and trading DeFi assets. The Pectra upgrade’s enhancements further incentivize this gradual migration, bolstering Ethereum’s dominant market position.

In summary, the Sui ecosystem’s troubles amplify Ethereum’s appeal not through direct gain, but as an indirect beneficiary of shifting market sentiment favoring stability, security, and scalability.

Conclusion

The Cetus Protocol hack is a wake-up call for emerging DeFi ecosystems. For Sui, it exposed critical vulnerabilities in both technology and trust, despite a commendable crisis response. The exploit has destabilized liquidity, triggered reputational damage, and raised pressing concerns about decentralization and security governance.

Conversely, Ethereum appears to be a beneficiary of this disruption. Its recent Pectra upgrade, combined with its established security record, makes it a natural destination for developers and investors seeking stability. As DeFi matures, network resilience, decentralization, and user protection will become even more essential — and in these domains, Ethereum’s experience remains unmatched.

FAQs

1. Was the Sui blockchain itself hacked?
No. The core Sui blockchain was not compromised. The exploit targeted Cetus Protocol’s smart contracts, a key DEX built on Sui.

2. How much was lost in the Cetus hack?
Between $220–260 million was stolen. Approximately $160 million has been frozen by Sui validators, with recovery efforts ongoing for the rest.

3. Why does this hack benefit Ethereum?
The hack highlights Ethereum’s relative maturity, security, and decentralization. With its recent Pectra upgrade, Ethereum now offers better scalability, UX, and safety, drawing capital and developers away from riskier ecosystems like Sui.

4. Will this hack end Sui’s growth?
Not necessarily. While it is a major setback, Sui’s response shows resilience. However, restoring trust will require enhanced security audits, better DeFi tooling, and clearer governance frameworks.

About CoinEx

Established in 2017, CoinEx is a global cryptocurrency exchange designed with users in mind. Since its launch by the industry-leading mining pool ViaBTC, the platform has been one of the earliest crypto exchanges to release proof-of-reserves to protect 100% of user assets. CoinEx provides over 1300 cryptocurrencies, supported by professional-grade features and services, for its 10+ million registered users across 200+ countries and regions. CoinEx is also home to its native token, CET, which incentivizes user activities while empowering its ecosystem.