After the Cetus Hack: How Sui Blockchain is Rebuilding Trust Through Crisis

In May 2025, the Sui blockchain ecosystem faced an industry-shaking crisis—its leading decentralized exchange, Cetus Protocol, was hacked, resulting in approximately $240 million in assets being stolen. This incident not only plunged the market into panic but also forced the blockchain industry to re-examine the security boundaries of DeFi and the trust mechanisms of public chains.

Sui, a high-performance public chain that had garnered significant attention in recent years, was once hailed for its unique design leveraging the Move language and object model. However, when the Cetus incident erupted, skepticism flooded in: Is Sui’s underlying architecture truly secure? Can decentralization coexist with user protection? And can users still safely create tokens on the Sui blockchain?

Event Recap: Attack Details and Market Reaction

On May 22, 2025, Cetus Protocol issued an emergency announcement confirming that its liquidity pools had been hacked, leading to losses of approximately $224 million. The attacker drained the SUI/USDC pool, swapped the assets into SUI tokens and others, leaving the pool nearly empty.

The incident triggered a chain reaction: the CETUS token price plummeted 50% within an hour, later dropping further to 75%. Panic spread across the Sui ecosystem, with users dumping assets and causing price crashes. This temporarily cast doubt on the security of the Sui blockchain itself.

Technical Context
As Sui’s top DEX, Cetus relied on smart contracts for automated pricing in its liquidity pools. However, this automation became a vulnerability during extreme attacks. The event exposed shortcomings in DeFi projects’ code audits, risk controls, and emergency response protocols.

Attack Analysis: Flashswap Exploits and Precision Loopholes

How Flashswap Attacks Work
Flashswap, a collateral-free DeFi feature, allows users to borrow assets in a single transaction and repay the principal plus fees (typically 0.3%). While designed for arbitrage, attackers can manipulate this mechanism:

• Flash Loans + Price Manipulation: Borrow assets, then artificially inflate or crash prices through large trades.

• Liquidity Draining: Exploit distorted prices to force swaps or remove liquidity, emptying pools.

Precision Loophole Risks
As noted by SlowMist’s Chief Information Security Officer @im23pds, the attack may have exploited computational precision issues. For example:

• Hackers borrowed assets via Flashswap, exploited rounding errors in liquidity pool calculations, and accumulated micro-loopholes through thousands of high-frequency transactions.

• Each operation siphoned 0.01% of assets, but repeated cycles led to massive gains.

Industry Warning
Similar incidents are not new in DeFi. From Uniswap to Curve Finance, code vulnerabilities and external dependencies (e.g., oracles) remain security risks. The Cetus hack reiterates that automation ≠ security—code audits and risk controls must be routine.

Sui’s Response: Balancing Asset Freezes and Decentralization

In response, Sui coordinated with validators to “freeze” $160 million in the hacker’s address. This sparked debate: Did Sui sacrifice decentralization?

Technical Explanation
Sui’s “freeze” was not a traditional asset seizure. Instead, validators stopped processing the hacker’s transactions—similar to “freezing a bank account while leaving funds intact.”

The Gray Area of Decentralization
This exposed a common PoS chain issue: validator concentration risk. While Sui prioritized user protection, it raised questions: How can chains design governance mechanisms that respond swiftly to crises without compromising trust?

Industry Comparison
Ethereum and BSC face similar challenges. Decentralization isn’t binary. Sui’s approach may inspire new solutions, such as multi-signature recovery or on-chain voting to freeze malicious addresses.

Sui’s Underlying Security: Move Language and Object Model

Strengths of Move Language

• Resource Safety: Prevents token double-spending (e.g., reentrancy attacks).

• Modular Design: Separates data and logic, reducing systemic risks.

Innovation in Object Model
Sui’s “object model” manages assets and smart contracts as independent objects, avoiding traditional global state risks. For example, asset transfers require explicit user authorization, not contract logic.

Root Cause Attribution
The Cetus incident stemmed from project-level code flaws, not Sui’s protocol. Sui’s architecture remains robust, but ecosystem projects need stricter audits and incentives to improve security.

Token Creation Insights: Risks and Opportunities Post-Crisis

How to Safely Create Tokens?
Despite the crisis, Sui’s architecture remains stable. For non-coders, tools like PandaTool simplify token creation:

1. Visit PandaTool, connect your wallet.

2. Enter token parameters (name, supply, logo).

3. Confirm the transaction—done in 1 minute.

Key Notes

• Code Safety: PandaTool’s pre-audited contracts ensure security.

• Liquidity Management: Avoid over-reliance on single pools; diversify risks.

Ecosystem Evolution
The incident may drive stricter project vetting, developer frameworks, and protocol upgrades.

Investor Strategies

• Short-term: Prioritize transparency and risk management.

• Long-term: Sui’s high throughput and low fees remain compelling for quality projects.

Conclusion: Evolution Through Crisis

The Cetus hack served as a wake-up call but also highlighted blockchain’s iterative nature. Each vulnerability—Flashswap exploits, precision loopholes, decentralization trade-offs—is an opportunity for growth.

Developers must build with rigor; investors must balance risk and reward. Sui’s infrastructure has proven its potential, but ecosystem maturity takes time. As with any emerging industry, storms precede rainbows—and tools like PandaTool will continue empowering Sui’s growth.

© PandaAcademy Original Content
Unauthorized reproduction prohibited. Attribution required.
PandaAcademy is a Web3 education brand by PandaTool, dedicated to open learning in the blockchain era.