$223M Drained in Exploit Linked to Faulty Liquidity Parameter Checks -Dedaub

Bitget App

Trade smarter

DeFi Planet2025/05/26 12:16

By:DeFi Planet

A post-mortem report by blockchain security firm Dedaub has shed light on the devastating May 22 hack of the Cetus decentralized exchange (DEX), revealing a critical vulnerability in its automated market maker (AMM) logic that allowed attackers to manipulate liquidity pools and siphon hundreds of millions in crypto assets.

According to Dedaub’s May 25 report , the exploit stemmed from a flaw in how the Cetus protocol handled liquidity parameters—specifically, a misconfigured overflow check on the most significant bits (MSB). This oversight enabled the attackers to bypass proper input validation, injecting massive liquidity positions using only a single token unit. The manipulation caused significant slippage and ultimately drained liquidity pools valued at over $223 million.

“This allowed them to add massive liquidity positions with just one unit of token input,”

Dedaub wrote.

“subsequently draining pools collectively containing hundreds of millions of dollars worth of tokens.”

The attack played out within 24 hours and has added fuel to ongoing concerns about vulnerabilities in Web3 due to unpatched smart contracts and inadequate auditing. In response, Cetus and the Sui Foundation announced that Sui blockchain validators successfully froze most of the stolen funds, amounting to approximately $163 million, on the same day as the breach.

However, the intervention triggered a backlash from decentralization advocates. Critics argue that freezing funds on a supposedly decentralized chain reveals troubling levels of centralized control.

“Sui validators are actively censoring transactions across the blockchain,”

one X user wrote .

“This completely undermines the principles of decentralization and transforms the network into nothing more than a centralized, permissioned database.”

Others highlighted the irony of venture capital-backed Web3 projects embracing centralized safeguards while promoting the ethos of decentralized finance.

“It’s interesting how many Web3 projects backed by VCs lean heavily on centralization, despite borrowing Bitcoin’s ethos,”

said developer Steve Bowyer in a May 23 post .

Meanwhile, Sui is ramping its push into Bitcoin decentralized finance (BTCfi) by integrating sBTC and supporting the Stacks network.

If you want to read more news articles like this, visit DeFi Planet and follow us on Twitter , LinkedIn , Facebook , Instagram , and CoinMarketCap Community.

“Take control of your crypto portfolio with MARKETS PRO, DeFi Planet’s suite of analytics tools.”

Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.

PoolX: Locked for new tokens.

APR up to 10%. Always on, always get airdrop.

Lock now!