Cetus Offers $6M Bounty to Hacker After $223M Exploit, Sui Validators Block Further Moves
Cetus Protocol, a decentralized exchange built on the Sui blockchain, is offering a $6 million “white hat” bounty to the hacker behind a massive $223 million exploit that rocked the platform earlier this week. The DEX hopes to recover stolen user funds, especially the portion bridged to Ethereum, by making a time-sensitive deal with the attacker.
In a post on X late Thursday, Cetus confirmed it had traced the hacker’s Ethereum wallet and was actively negotiating the return of crypto assets. The hacker had exploited a flaw in Cetus’s liquidity pool smart contracts, siphoning off millions in crypto—some of which were quickly swapped for USDC and then Ethereum.
📜 Dear Sui community, thank you for your patience while our team works on the incident investigation and resolution.
— Cetus🐳 (@CetusProtocol) May 22, 2025
Since taking the actions indicated in our previous announcement, we have also done the following:
1. We engaged the broader ecosystem, Sui team, and related… https://t.co/Gs1EWXZ6AD
Cetus, along with blockchain analytics firm Inca Digital, sent a direct message to the hacker: return 20,920 ETH (worth roughly $56.3 million) and the entirety of frozen Sui-based assets, and you can keep 2,324 ETH—around $6 million—as a bounty. The protocol emphasized that this would settle the matter with no legal, intelligence, or public reprisals. However, they warned that law enforcement would step in if the attacker attempts to off-ramp or obscure the stolen funds.
"We’re open to resolution," the message reads. "But if you move the funds through mixers or centralized exchanges, the gloves come off."
Since the exploit, Cetus has patched the vulnerability that was exploited. Simultaneously, the broader Sui ecosystem has taken rare, coordinated steps to contain the fallout. The Sui Foundation, its validators, and other DeFi projects on the network are now actively blocking any transactions tied to the attacker’s wallet addresses. This effectively freezes the compromised funds on the Sui side.
According to Cetus, $162 million worth of tokens have been “successfully paused,” and efforts to recover the rest are ongoing. “The majority of impacted funds are paused and we are actively pursuing paths to recover the remainder,” the team stated.
However, the proactive network intervention has ignited debate about decentralization. Some in the crypto community argue that by coordinating to censor transactions, Sui validators undermined the principles of decentralization. Justin Bons, founder of Cyber Capital, didn’t mince words: “SUI's validators are colluding to CENSOR the hacker's TXs right now! Does that make SUI centralized? The short answer is YES.”