Majority of Funds Locked as Cetus and Sui Foundation Work Toward Full Recovery
Sui blockchain validators have successfully frozen a majority of the funds stolen in the recent $220 million hack of decentralized exchange Cetus, the platform confirmed on May 23.
The Cetus team said that $162 million of the exploited funds have been frozen with the help of Sui validators and ecosystem partners, while efforts to recover the remaining assets are ongoing.
“A large number of validators identified the addresses with the stolen funds and are ignoring transactions on those addresses until further notice,” the Sui Foundation confirmed in a statement.
We’ve learned that a Cetus smart contract was hacked this morning for approximately $223M and Cetus subsequently paused their smart contracts to prevent further theft.
Cetus worked together with the other DeFi protocols, the Sui Foundation, and the Sui validators to… https://t.co/Y1iw2sNnPW
— Sui (@SuiNetwork) May 22, 2025
The Cetus team also noted it is actively collaborating with the Sui Foundation and other ecosystem players to return the assets to users.
🚨ANNOUNCEMENT
As of earlier today, we have confirmed that an attacker has stolen approximately $223M from Cetus Protocol. We have took immediate action to lock our contract preventing further theft of funds.
$162M of the compromised funds have been successfully paused. We are…
— Cetus🐳 (@CetusProtocol) May 22, 2025
Breakdown of the Exploit
The attack occurred on May 22 and is believed to have stemmed from a smart contract vulnerability. The exploit allowed the attackers to drain around $223 million worth of user funds from the Cetus DEX.
According to onchain data flagged by Web3 security monitoring platform Extractor, the attackers quickly bridged $63 million to the Ethereum network.
One particular wallet, ending in “AF16”, was used to launder approximately 20,000 ETH, worth around $53 million at the time.
Community Reactions: Recovery vs. Censorship Concerns
While many welcomed the rapid coordination and partial recovery of funds, some users raised concerns about the centralization of power within the Sui network.
“Good news for the victims,” one user wrote on X, “but if validators—114 in total—can freeze wallets when they want, it raises a major question about the network’s censorship resistance.”
This criticism underscores the growing tension between security intervention and decentralization principles across Layer 1 blockchains.
Cybersecurity in Crypto Remains a Flashpoint
The Cetus incident is one of several high-profile DeFi hacks in 2025, highlighting the crypto industry’s continued struggle with smart contract vulnerabilities and cross-chain security.
Despite advances in auditing tools, monitoring systems, and bug bounties, attackers continue to exploit architectural and governance weaknesses in DeFi protocols.
“If the crypto sector doesn’t self-regulate and adopt stronger security frameworks, it risks a wave of incoming regulatory crackdowns,” warned one cybersecurity expert following the incident.
Final Thoughts: A Win for Users, But a Test for Sui’s Decentralization
The rapid response by Sui validators showcases the advantages of ecosystem coordination when it comes to asset recovery. However, the power to ignore or freeze transactions has also sparked debate over whether Sui is truly decentralized.
As Cetus continues efforts to retrieve the remaining funds and bolster its security, the broader crypto industry is once again forced to confront hard questions around security, governance, and user trust in blockchain networks.
