AMM Overflow Bug Leads to $223 Million Cetus Protocol Hack

Background of the attack

Cetus Protocol is a prominent AMM DEX platform that uses a Concentrated Liquidity Market Maker (CLMM) mechanism and is developed using the Move programming language. The protocol operates on two advanced blockchains, Sui and Aptos, attracting many investors thanks to its liquidity optimization and trading efficiency. Backed by reputable investment funds such as OKX Ventures, Kucoin Ventures, Animoca Brands, and Jump Crypto, Cetus has quickly become one of the key projects in the DeFi (decentralized finance) ecosystem. However, this rapid development also comes with potential security risks.

According to information from sources on social network X and analysis reports, the hack occurred on the evening of May 22, 2025, when a hacker exploited a vulnerability in Cetus' smart contract, leading to the withdrawal of all liquidity from the pools. The initial damage was estimated at around $223 million, with $160 million of that frozen thanks to the timely response from the Sui Network development team and community.

Overflow: Cetus's “Achilles Heel”

The root cause of the attack was identified as an integer overflow bug in Cetus’ AMM mechanism. An integer overflow bug is a technical issue that occurs when a numeric value exceeds the limit that a data type can store, leading to incorrect calculation results. In this case, the hacker exploited a bug in the bit shift operation function (specifically the << operator) to manipulate the protocol logic.

The hacker used flash loan technique to carry out the attack. The exploitation process can be summarized as follows:

• Flash Loan: Hacker borrows a large amount of A tokens through flash loan, a popular form of unsecured loan in DeFi.

• Exploiting the overflow bug: By depositing a small amount of token A into the liquidity pool, the hacker exploited the overflow bug in the handler function to make the protocol misunderstand that it had received the required number of tokens.

• Liquidity Withdrawal: The protocol, due to a calculation error, allowed the hacker to withdraw all of the B tokens (specifically the SUI token) from the pool, while only returning a small amount of A tokens.

• Hacker repays flash loan, keeps stolen SUI tokens.

This overflow bug is particularly dangerous because it compromises the core logic of the AMM, which relies on precise calculations to maintain liquidity ratios between token pairs. Using inappropriate data types (e.g., unsigned integers) without checking the value bounds is the main reason why Cetus is vulnerable.

Evaluation and Conclusion

The hack had serious implications not only for Cetus but also for the entire Sui and Aptos ecosystem:

• The loss of $223 million in liquidity was a huge shock, shaking investor confidence in DeFi projects on Sui. Although $160 million has been frozen, recovering this amount is still a big challenge.

• Cetus, as the largest AMM in the Sui ecosystem, faces the risk of losing its reputation. Investors and users may be hesitant to participate in other DeFi protocols in the same ecosystem.

• The price of SUI tokens and related tokens on the Sui system are likely to be under bearish pressure following the incident, affecting traders and liquidity providers (LPs).

The $223 million hack of Cetus Protocol is a wake-up call for the DeFi industry, especially given the growing popularity of AMM protocols. The overflow bug, while a basic technical issue, has proven to be devastating when not properly addressed. While the Cetus and Sui Network teams are working to address the issue, the incident highlights the importance of security when developing decentralized finance protocols.

Once again we give our opinion on potential projects in the crypto market. This is not investment advice, consider your portfolio. Disclaimer: The views expressed in this article are solely those of the author and do not represent the platform in any way. This article is not intended to be a guide to making investment decisions.

Compiled and analyzed by HCCVenture

Join our telegram community: HCCVenture