Sui Ecosystem Rocked by $200M ‘Oracle Manipulation Attack’ on Its Largest DEX

Tokens in the Sui ecosystem have been sent tumbling due to a $200 million oracle exploit that led to liquidity pools being drained.

5 Total views

The Sui ecosystem has been rocked to its core by an exploit on the network’s largest decentralized exchange Cetus which has seen $200 million stolen from liquidity pools.

Notable Sui meme coins like Lofi (LOFI), Sudeng (HIPPO), and Squirtle (SQUIRT) tanked 76, 80, and 97 in just an hour. And the popular Cetus token dropped 53 over the same time frame. According to DEX Screener, 46 Sui tokens have made double digit losses over the past 24 hours.

“The attacker exploited vulnerabilities in Cetus Protocol‘s smart contracts by deploying spoof tokens to manipulate price curves and reserve calculations,” Deddy Lavid, CEO and co-founder of security firm Cyvers, told Decrypt. “This allowed them to extract real assets from multiple liquidity pools, including the SUI/USDC pool. The stolen funds are being converted into USDC and bridged to other chains.”

PeckShield estimates that approximately $200 million worth of assets were stolen due to this exploit. The attacker currently has $164 million sitting in a Sui wallet and has bridged $61.5 million worth of USDC onto Ethereum.

A SUI spokesperson declined to comment on the exploit when reached by Decrypt, instead referring to what the team had already shared publicly on X.

In response, Cetus paused its smart contracts to prevent any further losses. The exchange issued a statement on social media stating that an “incident” had been detected and that its team was investigating it.

Leaked Discord messages suggest that the Cetus team believe the exploit came as a result of a “bug” in its oracle. Users on social media seemed skeptical of this, but Cyvers told Decrypt the aforementioned exploit is called an “oracle manipulation attack.”

This is because the attackers were able to manipulate the oracle to misrepresent the price via the deployed spoof tokens.

The attacker has been moving funds using the USDC stablecoin. Circle has caught flak from industry experts, like on-chain sleuth ZachXBT, for its slow reaction in freezing funds related to hacks—taking more than five hours to block funds connected to the Bybit hack in February.

(And for what it’s worth, USDT issuer Tether has had similar complaints for its fund freeing process leaving a window for attackers to avoid the punishment.)

“We’ve repeatedly urged stablecoin issuers to act on our real-time alerts, yet many still choose to wait for post-mortem investigations,” Lavid said. “The pattern is clear: Action comes days too late, if it comes at all. In this threat environment, delay is indistinguishable from inaction.”

This situation is still developing with former Binance CEO Changpeng “CZ” Zhao claiming that his team are doing what they can to help Sui.

“Not a pleasant situation,” he wrote on X, formerly Twitter. “Hope everyone stay SAFU!”

Surprisingly, Sui’s price hasn’t been too badly affected by news of the exploit. The token has actually risen 2.2 over the past 24 hours, according to CoinGecko.

Your Email

#Law and Order