On May 22, 2025, Cetus Protocol suffered a high-speed, high-impact exploit that resulted in the loss of approximately $223 million in under 15 minutes. Unlike many DeFi hacks that exploit logic in a protocol’s own contracts, this attack stemmed from a rounding bug in a third-party math library—integer-mate—used for liquidity and pricing calculations.
This wasn’t a flaw unique to Cetus, but it played out there first and most severely. It’s a reminder that in composable ecosystems, security risks can emerge not from the code you write—but from the libraries you trust.
The integer-mate package is a utility library in the Move programming language, offering functions for signed integer math operations, including rounding. These rounding functions are critical to protocols like Cetus for accurately calculating liquidity pool shares and price curves.
The vulnerability stemmed from improper handling of integer rounding within the library. In specific edge cases, attackers could deposit a small amount of spoof tokens and be credited as if they had deposited significantly more. For example, depositing one spoof token could incorrectly yield shares equivalent to two tokens. This mathematical imbalance allowed the attacker to manipulate pool logic at scale.
Armed with this insight, the attacker deployed worthless spoof tokens like BULLA and MOJO into Cetus liquidity pools. By injecting these tokens with negligible liquidity, they manipulated price curves and reserve calculations. The faulty rounding logic enabled the withdrawal of legitimate assets like SUI and USDC far beyond what was deposited.
This exploit occurred in under 15 minutes and affected more than 200 liquidity positions. The attacker moved swiftly, bridging stolen funds across chains to obfuscate their trail.
Merkle Science is actively collaborating with ecosystem partners to trace fund movements, support attribution efforts, and contribute to ongoing recovery. Our on-chain investigation has identified four key wallets associated with the threat actor, spanning the Sui and Ethereum blockchains:
Wallet 1 (Sui): 0xe28b50cef1d633ea43d3296a3f6b67ff0312a5f1a99f0af753c85b8b5de8ff06
→ Received 61 million via a mix of altcoins, stables, and native tokens; served as one of the primary entry points for stolen funds on Sui.
Wallet 2 (Sui): 0xcd8962dad278d8b50fa0f9eb0186bfa4cbdecc6d59377214c88d0286a0ac9562
→ Consolidated ~24M SUI (approx. $101M at time of theft); linked to key transactions triggering validator intervention.
Wallet 3 (Ethereum): 0x89012a55cd6b88e407c9d4ae9b3425f55924919b
→ First Ethereum wallet to receive bridged funds via Wormhole and CCTP; involved in cross-chain laundering.
Wallet 4 (Ethereum): 0x0251536bfcf144b88e1afa8fe60184ffdb4caf16
→ Received ~$53M from Wallet 3; used for further obfuscation and potential off-ramping activity.
The attacker moved ~$61 million from Sui to Ethereum within minutes using Wormhole and Circle’s cross chain transfer Protocol. This reinforces the need for real-time cross-chain tracing and alerting infrastructure.
This incident also underscores the growing need for coordinated response mechanisms across infrastructure providers. Effective containment often depends on actions such as freezing assets via stablecoin issuers or blocking known attacker wallets from interacting with protocols and exchanges, or even slowing the pace of cross-chain withdrawals by enforcing withdrawal thresholds or rate caps. These measures can significantly slow fund movement and create critical windows for response and recovery.
Notably, the attacker saturated the Sui → Ethereum bridge, transferring ~$1M USDC every 30 seconds. This behavior—frequent, high-volume bridging in short intervals is increasingly common in sophisticated laundering playbooks.
Such flows become detectable only if monitoring infrastructure is active in real time. Rate-limited exits create bottlenecks, but unless investigators are watching those exit ramps, the trail disappears fast.
Even advanced obfuscation tactics like “noise bombing” are mapped in real time, transforming noisy fund flows into actionable intelligence.
Cetus patched the affected contracts and upgraded the vulnerable integer-mate package. Simultaneously, the Sui validator community chose to ignore transactions from known attacker wallets, meaning those transactions were not processed or included in blocks. This helped contain approximately $160 million in stolen assets on-chain. Other protocols using the same library paused operations or initiated emergency upgrades as a precaution.
The Cetus exploit wasn’t novel in design—but it was executed fast, cleanly, and across chains. The next one will be too. The question is not whether protocols are secure in isolation, but whether the infrastructure they rely on is secure in context.
At Merkle Science, we’re continuing to monitor fund movements, support attribution efforts, and collaborate with ecosystem partners on recovery. Our investigations are powered by Tracker, which enables real-time cross-chain tracing, watchlist alerts, and attribution transparency to accelerate response and support containment.
