Cetus Protocol, a decentralized exchange (DEX) on the Sui blockchain, has resumed operations after a devastating $220 million exploit. The team is now moving toward becoming fully open-source and has announced a compensation plan for affected users.
Exploit and Recovery Efforts
On May 22, a critical pricing mechanism vulnerability allowed an attacker to drain funds from several major Cetus liquidity pools. However, the team quickly responded, managing to freeze $162 million of the stolen assets.
“The attacker exploited a flaw in token pricing logic, leading to one of the largest DEX exploits on Sui,” the team stated.
Despite the incident, Cetus maintained over $5 billion in trade volume in April and up to the date of the attack in May.
Relaunch and Security Upgrades
In a June 7 update, Cetus confirmed that it has patched the vulnerability, restored pool pricing data, and completed multiple security audits on all updated smart contracts.
“We worked around the clock to rebuild trust and secure the protocol,” the team said.
The relaunch was supported by a $30 million USDC loan from the Sui Foundation, along with $7 million in cash reserves and part of the recovered stolen funds. As of now, liquidity pool recovery stands between 85% and 99%, depending on the level of depletion.
Compensation Plan and Token Status
To support affected users, Cetus is allocating 15% of its native CETUS token supply to a user compensation pool. The breakdown includes:
- 5% available immediately
- 10% unlocked linearly over the next 12 months, starting June 10
Despite the relaunch, CETUS token dropped over 12% in the past 24 hours, currently trading at $0.11.
Open-Source Roadmap and Legal Actions
As part of a long-term vision, Cetus aims to fully open-source its codebase and launch a white-hat bounty program to enhance security and community contributions. Future updates will also include an upgraded monitoring system and additional security audits.
“We’re committed to transparency and rebuilding a stronger, community-driven DEX,” said the team.
Meanwhile, legal proceedings are ongoing in multiple jurisdictions, and law enforcement is actively involved. The team remains confident about recovering remaining assets and prosecuting the attacker, who declined a $6 million white-hat bounty offer.
