$223M Drained in Exploit Linked to Faulty Liquidity Parameter Checks -Dedaub
A post-mortem report by blockchain security firm Dedaub has shed light on the devastating May 22 hack of the Cetus decentralized exchange (DEX), revealing a critical vulnerability in its automated market maker (AMM) logic that allowed attackers to manipulate liquidity pools and siphon hundreds of millions in crypto assets.
A post-mortem report by blockchain security firm Dedaub has shed light on the devastating May 22 hack of the Cetus decentralized exchange (DEX), revealing a critical vulnerability in its automated market maker (AMM) logic that allowed attackers to manipulate liquidity pools and siphon hundreds of millions in crypto assets.
According to Dedaub’s May 25 report , the exploit stemmed from a flaw in how the Cetus protocol handled liquidity parameters—specifically, a misconfigured overflow check on the most significant bits (MSB). This oversight enabled the attackers to bypass proper input validation, injecting massive liquidity positions using only a single token unit. The manipulation caused significant slippage and ultimately drained liquidity pools valued at over $223 million.
“This allowed them to add massive liquidity positions with just one unit of token input,”
Dedaub wrote.
“subsequently draining pools collectively containing hundreds of millions of dollars worth of tokens.”
The attack played out within 24 hours and has added fuel to ongoing concerns about vulnerabilities in Web3 due to unpatched smart contracts and inadequate auditing. In response, Cetus and the Sui Foundation announced that Sui blockchain validators successfully froze most of the stolen funds, amounting to approximately $163 million, on the same day as the breach.
However, the intervention triggered a backlash from decentralization advocates. Critics argue that freezing funds on a supposedly decentralized chain reveals troubling levels of centralized control.
“Sui validators are actively censoring transactions across the blockchain,”
one X user wrote .
“This completely undermines the principles of decentralization and transforms the network into nothing more than a centralized, permissioned database.”
Others highlighted the irony of venture capital-backed Web3 projects embracing centralized safeguards while promoting the ethos of decentralized finance.
“It’s interesting how many Web3 projects backed by VCs lean heavily on centralization, despite borrowing Bitcoin’s ethos,”
said developer Steve Bowyer in a May 23 post .
Meanwhile, Sui is ramping its push into Bitcoin decentralized finance (BTCfi) by integrating sBTC and supporting the Stacks network.
If you want to read more news articles like this, visit DeFi Planet and follow us on Twitter , LinkedIn , Facebook , Instagram , and CoinMarketCap Community.
“Take control of your crypto portfolio with MARKETS PRO, DeFi Planet’s suite of analytics tools.”
Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.
You may also like
Lido Finance Publishes V3 Whitepaper, May Launch New ETH Staking Model
SEC Holds Meeting on DeFi, Could Influence Ethereum and Governance Tokens
WinnerMining Promises Daily Crypto Profits Without Equipment
Former PayPal Head Drives Bitcoin Payment Adoption
Trending news
MoreCrypto prices
More
