SlowMist Releases Detailed Analysis of the $230 Million Cetus Theft Incident

SlowMist officially released an analysis of the Cetus theft incident, stating that the core of this event was that the attacker crafted parameters to cause an overflow while bypassing detection, ultimately exchanging a minimal amount of tokens for a large amount of liquidity assets.

SlowMist indicated that the attacker precisely calculated and selected specific parameters, exploiting a flaw in the checked_shlw function to obtain liquidity worth billions at the cost of 1 token. This was an extremely sophisticated mathematical attack, and the SlowMist security team advises developers to rigorously verify all boundary conditions of mathematical functions in smart contract development.

Previously, on May 22, according to community reports, the liquidity provider Cetus on the SUI ecosystem was suspected of being attacked, with a significant drop in the depth of the liquidity pool, and multiple token trading pairs on Cetus experienced declines, with estimated losses exceeding $230 million. Subsequently, Cetus announced that an incident had been detected in the protocol, and for safety reasons, the smart contract has been temporarily suspended, with the team investigating the incident.