The Sui Foundation has stepped in with a secured loan to help decentralized exchange Cetus fully compensate users affected by a recent $223 million exploit.

In a statement posted on X on May 27, the foundation said the loan will cover funds that the hacker managed to bridge out of the Sui (SUI) network before validators froze their wallets. Cetus will combine the loan with its treasury assets to reimburse affected users in full, provided the community approves a separate on-chain vote to unlock the frozen funds.

Cetus echoed this sentiment in another statement, apologizing for the incident and asking the Sui community to support the recovery vote. “We are now in a position to fully cover the stolen assets currently off-chain,” the team said, “if the locked funds are recovered through the upcoming community vote.”

On May 22, Cetus suffered a complex exploit targeting a flaw in its concentrated liquidity market maker contracts. The attacker exploited unchecked math operations in a third-party code library and manipulated prices using a flash swap. As a result, they were able to drain several pools by faking liquidity deposits and repeatedly withdrawing real tokens.

The attacker managed to transfer a significant amount of the stolen assets to Ethereum (ETH), even though validators were able to freeze $162 million on-chain. These bridged funds are the focus of the current compensation plan.

The hack caused the CETUS token to drop by 40% and is still 20% down in the past week. The total value locked on the Sui network also fell from $2.13 billion to $1.77 billion, as per DefiLlama data. 

Though the bug was in Cetus’ code and not Sui’s base infrastructure, the Sui Foundation acknowledged its role in supporting ecosystem-wide security. Alongside the loan, the foundation announced an additional $10 million commitment to fund audits, bug bounties, and formal verification tools.

To encourage white-hat hackers to find vulnerabilities before they are exploited, it also intends to broaden its bug bounty program to include high-value protocols like Cetus, which have over $50 million in TVL.

While the quick action from validators helped prevent further damage, some in the community voiced concerns that freezing wallets undermines the decentralization ethos of blockchain. Others praised the swift response and transparent handling of the crisis.

A detailed recovery plan from Cetus is expected soon. Compensation efforts are scheduled to begin regardless of the vote’s outcome, though full recovery depends on whether the community supports unfreezing the remaining funds.