Panic swept through decentralized markets on Thursday after a suspected vulnerability in Cetus Protocol triggered a massive liquidity drain across several Sui-based tokens.
What began as a sudden sell-off rapidly escalated into a full-blown DeFi crisis, with certain token prices collapsing by more than 90% in minutes.
Cetus, which positions itself as a leading DeFi infrastructure layer for the Sui network, became the center of attention as its smart contracts were abruptly paused due to a critical issue. The protocol acknowledged the incident via X (formerly Twitter), stating that the team was actively investigating and would share more details soon.
While some tokens like LOFI and HIPPO plunged by over 50%, others fared far worse, cratering nearly entirely. On-chain data platforms showed that prices on centralized exchanges held up longer, but signs of wider contagion have since emerged, dragging down the overall Sui token market.
The CETUS token itself wasn’t spared—losing around half its value on decentralized exchanges and falling 30% overall in less than an hour.
According to blockchain investigators at Lookonchain, more than $260 million was siphoned from the protocol. A large chunk of the stolen funds was converted into USDC, bridged to Ethereum, and then swapped for ETH. PeckShield, a blockchain security firm, confirmed over $200 million had been compromised, supporting the $60 million cross-chain transfer figure.
While initial community reactions speculated a full-scale hack, some developers argue the root cause may have been an oracle manipulation bug—an exploit of flawed price feeds rather than direct smart contract vulnerabilities. Regardless of the technical details, the outcome remains the same: tens of millions in digital assets have been drained, confidence in the protocol has been severely shaken, and Sui’s DeFi sector is reeling.
A malicious open-source project on GitHub disguised as a Solana trading bot has compromised user wallets, according to a July 2, 2025, report by cybersecurity firm SlowMist.
The U.S. Department of Justice has sentenced Dwayne Golden, 57, of Pennsylvania to 97 months in prison for orchestrating a fraudulent crypto investment scheme that stole over $40 million from investors.
The first half of 2025 has become the most damaging six-month period in crypto history, with over $2.1 billion stolen across 75+ separate incidents, according to new data.
A new breed of cyber-attack is sweeping through crypto media, exploiting site pop-ups and wallet-connect prompts instead of smart-contract bugs.