- A leading DEX on the Sui Network, Cetus Protocol, suffered a major hack yesterday, losing approximately $223 million USD.
- The exploit came about due to a smart contract vulnerability, where the hackers tricked the DEX into accepting fake tokens as legitimate assets.
- Despite swift action to prevent a major collapse, several ecosystem tokens (such as Hippo) have fallen 70%+.
- Sui validators managed to halt approximately $162 million USD of the stolen funds in their tracks, with hopes of a fast recovery.
A decentralised exchange (DEX) operating on the Sui Network has encountered one of the ecosystem’s largest exploits in history.
Cetus Protocol, a preeminent dApp within Sui’s DeFi landscape, suffered a smart contract breach resulting in the loss of approximately $223 million USD ($347 million AUD).
Although Cetus developers were quick to the scene, pausing smart contracts within a few hours, it wasn’t enough to prevent an ecosystem contagion. At the time of writing, certain Sui coins (such as Lofi and Hippo) have fallen more than 70% in value.
Despite the gravity of the hack, Sui’s token itself hasn’t been hit too hard. SUI is down about 1.5% over the past 24 hours of trading – and while it’s the only coin in the top 20 by market cap in the red, it is far from a mass sell-off.
So, what was behind the attack and how can Cetus prevent this from happening again?
Related: Coinbase Data Breach Exposes 69,461 Users, Sparks Regulatory Backlash
Hackers Trick Cetus Smart Contract Into Believing ‘Fake Tokens’ Were Worth Millions
According to the Director of digital asset custodian Liminal, Manan Vora, the exploit came about due to fake tokens.
Vora used an…interesting analogy – one that reflects the average age of a crypto Twitter user (sorry not sorry).
Imagine going to a toy exchange. You bring fake toys that look valuable but are actually worthless. Then you trade them for real toys… and run. That’s basically what just happened on Sui.
Manan Vora, Director at LiminalThe security breach’s mechanism was incredibly simple. Basically, the hackers created a bunch of crypto tokens that appeared valuable. In reality, they were worthless – but the smart contracts on Cetus didn’t know that. Rather, the DEX was convinced these fake tokens were actually worth $200 million and happily swapped them out for SUI, USDC and other legitimate coins.
Before anybody could respond, the real money had been drained from the ecosystem and Sui was left reeling.
Sui Participants Act to Freeze Stolen Funds
Despite the seemingly catastrophic events, Sui validators weren’t willing to take it lying down.
Within a few hours of the incident, a collaboration between the Sui Foundation, the Cetus DEX and other validators managed to isolate addresses associated with the stolen funds and ice them from the blockchain.
According to Cetus, a bit less than ¾ of the misappropriated crypto was successfully halted in its tracks – although the blockchain will still need to actually recover the frozen funds to return them to victims.
Nevertheless, it is cause for optimism for the affected parties in what was otherwise one of the biggest smart contract hacks in recent history.
Credit: Source link
