Cetus Releases Stolen Incident Report, Advances LP Compensation Program and Enhances Security Audits

On May 27th, Cetus officially released a theft incident report saying that on May 22nd, Cetus suffered an advanced smart contract attack against the CLMM liquidity pool. Cetus has taken countermeasures immediately to mitigate the impact. The attacker took advantage of undiscovered vulnerabilities in the open-source library, lowered the pool price, built positions in high-priced areas, and took advantage of overflow inspection defects to inject virtual high liquidity with very few tokens, and then performed multiple liquidity removal operations to extract assets in the pool, repeatedly used unchecked calculation functions to attack, and finally successfully stole funds. In order to jointly safeguard the best interests of the entire ecosystem, with the support of the majority of Sui verification nodes, Cetus urgently froze the attackers' two Sui wallet addresses, which contained a major portion of the stolen funds. The remaining stolen funds have been exchanged by hackers and transferred across the chain to the Ethereum mainnet. Cetus is working with the Sui security team and several auditors to re-examine the contracts and conduct a multi-party joint audit to ensure the safe recovery of CLMM services after verification is completed.
At the same time, Cetus will strengthen on-chain monitoring, initiate additional audits and issue regular security reports. To compensate affected LPs, Cetus is working with ecosystem partners to develop a recovery plan and is calling on Sui validators to support on-chain voting to accelerate user asset return and confidence rebuilding. While the legal process continues to advance, Cetus also provides attackers with a white hat return opportunity. Cetus is about to issue a final ultimatum to it. Cetus will continue to transparently inform the community of any updates.