Sui Network Commits $10M To Strengthen Security Measures After Cetus $223M Exploit
In Brief
Sui Network has committed an additional $10 million to enhance ecosystem security through audits, bug bounties, and developer collaboration.
Layer 1 permissionless blockchain Sui Network stated that the recent incident involving the Cetus decentralized exchange (DEX) was caused by a flaw in a math library specific to Cetus, rather than any inherent vulnerability within the Sui network or the Move programming language.
Despite the technical origin, the outcome for users remains unchanged. The platform emphasized the importance of adopting a comprehensive approach to ecosystem security and acknowledged the need to enhance its support in this area.
Sui Network also indicated that it will highlight its current security measures and introduce additional initiatives to reinforce its commitment to helping developers safeguard their applications.
As part of this effort, the network has pledged an extra $10 million toward security enhancements. This funding will be allocated to activities such as code audits, bug bounty programs, formal verification, and other methods aimed at strengthening the network’s security framework, with implementation strategies to be developed in coordination with the developer community.
Cetus Unveils Incident Report Following $223M Exploit
At the same time, Cetus published an exploit analysis outlining the root cause and planned mitigation steps. The issue stemmed from a misinterpretation of the left-shift operation in the integer-mate open-source library, which the CLMM contract relies on. Specifically, the checked\_shlw method should have validated whether the input was less than or equal to 2^192; however, the version in use incorrectly checked against 2^256, leading to a failure in proper overflow detection.
This flaw was the primary enabler of the recent exploitation. By exploiting this error, the attacker manipulated the pool’s tick and liquidity logic, enabling the extraction of substantial funds over multiple exploit cycles.
Currently, Cetus is working closely with the Sui security team and several audit firms to conduct a comprehensive re-evaluation of the updated contracts, including a collaborative audit process. CLMM pools and associated services will only be gradually reactivated once the revised contracts are fully validated. Additional audits are scheduled to begin immediately, and the platform plans to issue regular audit reports based on total value locked (TVL). Efforts to improve on-chain monitoring are also underway, including enhancements to risk management parameters and more controlled asset flow rate limits.
Furthermore, efforts are currently underway in collaboration with key ecosystem stakeholders to develop a recovery plan for the impacted pools and liquidity providers, with the objective of restoring full functionality, including liquidity withdrawals, as promptly as possible.
In pursuit of fully compensating users for their losses, the platform has initiated an on-chain governance vote and is requesting support from Sui validators. If approved, the proposal would facilitate the expedited return of a significant portion of affected assets to users. The platform views this measure as a step toward both financial recovery and the restoration of trust within the community.
On May 22, Cetus experienced a security breach that resulted in user losses estimated at $223 million over the span of 24 hours. In response to the incident, Cetus and the Sui Foundation reported that a large portion of the compromised assets was promptly frozen through coordinated action by Sui network validators. According to information provided by the Cetus team, approximately $163 million of the affected funds were frozen on the same day the exploit occurred, with support from validators and ecosystem partners.
Disclaimer
In line with the Trust Project guidelines, please note that the information provided on this page is not intended to be and should not be interpreted as legal, tax, investment, financial, or any other form of advice. It is important to only invest what you can afford to lose and to seek independent financial advice if you have any doubts. For further information, we suggest referring to the terms and conditions as well as the help and support pages provided by the issuer or advertiser. MetaversePost is committed to accurate, unbiased reporting, but market conditions are subject to change without notice.
About The Author
Alisa, a dedicated journalist at the MPost, specializes in cryptocurrency, zero-knowledge proofs, investments, and the expansive realm of Web3. With a keen eye for emerging trends and technologies, she delivers comprehensive coverage to inform and engage readers in the ever-evolving landscape of digital finance.
More articles
Alisa, a dedicated journalist at the MPost, specializes in cryptocurrency, zero-knowledge proofs, investments, and the expansive realm of Web3. With a keen eye for emerging trends and technologies, she delivers comprehensive coverage to inform and engage readers in the ever-evolving landscape of digital finance.
