$223M Drained in Exploit Linked to Faulty Liquidity Parameter Checks -Dedaub
A post-mortem report by blockchain security firm Dedaub has shed light on the devastating May 22 hack of the Cetus decentralized exchange (DEX), revealing a critical vulnerability in its automated market maker (AMM) logic that allowed attackers to manipulate liquidity pools and siphon hundreds of millions in crypto assets.
A post-mortem report by blockchain security firm Dedaub has shed light on the devastating May 22 hack of the Cetus decentralized exchange (DEX), revealing a critical vulnerability in its automated market maker (AMM) logic that allowed attackers to manipulate liquidity pools and siphon hundreds of millions in crypto assets.
According to Dedaub’s May 25 report , the exploit stemmed from a flaw in how the Cetus protocol handled liquidity parameters—specifically, a misconfigured overflow check on the most significant bits (MSB). This oversight enabled the attackers to bypass proper input validation, injecting massive liquidity positions using only a single token unit. The manipulation caused significant slippage and ultimately drained liquidity pools valued at over $223 million.
“This allowed them to add massive liquidity positions with just one unit of token input,”
Dedaub wrote.
“subsequently draining pools collectively containing hundreds of millions of dollars worth of tokens.”
The attack played out within 24 hours and has added fuel to ongoing concerns about vulnerabilities in Web3 due to unpatched smart contracts and inadequate auditing. In response, Cetus and the Sui Foundation announced that Sui blockchain validators successfully froze most of the stolen funds, amounting to approximately $163 million, on the same day as the breach.
However, the intervention triggered a backlash from decentralization advocates. Critics argue that freezing funds on a supposedly decentralized chain reveals troubling levels of centralized control.
“Sui validators are actively censoring transactions across the blockchain,”
one X user wrote .
“This completely undermines the principles of decentralization and transforms the network into nothing more than a centralized, permissioned database.”
Others highlighted the irony of venture capital-backed Web3 projects embracing centralized safeguards while promoting the ethos of decentralized finance.
“It’s interesting how many Web3 projects backed by VCs lean heavily on centralization, despite borrowing Bitcoin’s ethos,”
said developer Steve Bowyer in a May 23 post .
Meanwhile, Sui is ramping its push into Bitcoin decentralized finance (BTCfi) by integrating sBTC and supporting the Stacks network.
If you want to read more news articles like this, visit DeFi Planet and follow us on Twitter , LinkedIn , Facebook , Instagram , and CoinMarketCap Community.
“Take control of your crypto portfolio with MARKETS PRO, DeFi Planet’s suite of analytics tools.”
Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.
You may also like
Trump’s Tariffs Ruled Illegal, Markets Breathe a Sigh of Relief
Elon Musk wraps up White House role, affirms DOGE’s ongoing journey
Share link:In this post: Elon Musk stepped down as head of DOGE because he reached the legal work limit. Musk said DOGE saved $175 billion, but some people questioned the real savings. Musk wants to focus on Tesla and SpaceX now and leave politics behind.
XBTO attains UAE license to offer digital asset custody and investment services
Share link:In this post: XBTO license in the UAE will allow it to offer crypto investment and custody services. The company is also seeking a license in the UK. XBTO was a participant in Abu Dhabi’s Hub71.
Bitget Adds B/USD1 Trading Pair. Come and grab a share of 80,428 B!
Trending news
MoreCrypto prices
More
