Liquidity Pools Recovered With Loan, Reserves, and Frozen Assets; Compensation Program Underway

Cetus Protocol, a decentralized exchange (DEX) native to the Sui blockchain, has resumed operations following a $220 million exploit in May and announced a plan to transition to open-source development in an effort to bolster long-term security and community trust.

In a June 7 Medium post, the team confirmed that Cetus had patched the vulnerability responsible for the exploit and had restored most of its affected liquidity pools, supported by a combination of recovered funds, cash reserves, and a $30 million loan from the Sui Foundation.

The protocol also outlined its next steps, which include an open-source migration, a white bounty program, and a compensation plan for affected users.

Exploit Drained $220M From Liquidity Pools

The attack occurred on May 22, when a hacker exploited a pricing mechanism flaw to drain tokens from multiple liquidity pools on Cetus. The exploit came as the protocol’s trade volumes were surging — with over $5 billion in trading activity recorded in both April and May, despite the May shutdown.

Cetus managed to freeze $162 million of the stolen funds shortly after the incident, but a significant portion remains unrecovered.

“The attacker ignored our previous white hat offer and has begun attempting to launder assets — a futile and traceable act,” the team said. “We are highly confident that successful arrest and recovering the remaining assets is only a matter of time.”

Liquidity Pools Replenished With Multi-Pronged Approach

In the days following the exploit, the Cetus team said it “worked around the clock” to audit, patch, and relaunch the platform. Key steps taken included:

• Patching the exploited smart contract vulnerability

• Restoring pool data to reflect correct market pricing

• Conducting security audits on code fixes and upgraded contracts

To replenish affected pools, Cetus deployed:

• $7 million in protocol cash reserves

• A $30 million USDC loan from the Sui Foundation

• A portion of the recovered assets from the attacker

According to the team, not all pools were fully restored, with the recovery rate ranging from 85% to 99%, depending on the pool’s exposure to the exploit.

Cetus Moves Toward Open-Source and Security Expansion

In response to the exploit, Cetus is embracing a community-driven development model, announcing plans to become fully open-source and launch a new white bounty program to incentivize independent security contributions.

“We want to encourage collective technical and security contributions as we transition into a new, more transparent era,” the team stated.

🌊 The Final Countdown Has Begun.

Cetus will officially relaunch in just a few hours. Ahead of that, we’re unveiling our complete Recovery Plan and what’s next for the protocol. 🐳

This isn’t just about recovery or bouncing back — it’s about resilience, rebuilding, and an… pic.twitter.com/VNejffrjbS

— Cetus🐳 (@CetusProtocol) June 7, 2025

Further improvements are also in progress, including:

• Upgrades to protocol monitoring systems

• Additional rounds of third-party security audits

• A public roadmap for future resilience and governance features

CETUS Token Compensation Plan Announced

As part of the recovery effort, Cetus introduced a compensation plan for users affected by the exploit. Key features include:

• 15% of the CETUS token supply allocated for user compensation

• 5% available immediately

• The remaining 10% unlocked monthly over the next 12 months starting June 10

The CETUS token, however, saw continued price pressure, falling over 12% in the last 24 hours to trade at $0.11, according to CoinGecko. Investors remain cautious amid lingering uncertainty about the full restoration of affected positions and the recovery of stolen assets.

Legal Action Underway Across Multiple Jurisdictions

Cetus confirmed that it has launched legal proceedings in multiple jurisdictions and is working with law enforcement agencies worldwide to track down and recover the remaining assets. The attacker, identified by behavioral patterns and on-chain activity, has so far refused a white hat bounty offer of up to $6 million, made shortly after the exploit.

That bounty was contingent on returning both the 20,920 ETH (over $55 million) and the $162 million frozen on-chain, but negotiations have failed.

“This is not over,” said the Cetus team. “We are continuing legal action, and all efforts are being made to bring the attacker to justice.”

Conclusion

Cetus Protocol’s relaunch and open-source transition mark a critical turning point for the Sui-based DEX following one of the largest DeFi exploits of 2025. While the team has successfully patched vulnerabilities, restored most of its liquidity, and laid out a compensation plan, the platform still faces challenges in fully restoring trust, recovering lost assets, and preventing future incidents.

With legal action underway and a focus on transparency, Cetus now seeks to rebuild on stronger foundations — and its handling of the next few months could determine whether the protocol can regain its place as a leading DEX in the Sui ecosystem.