BlockBeats News, May 27th, Cetus Official Announcement of Theft Incident: On May 22nd, Cetus experienced a sophisticated smart contract attack against the CLMM liquidity pool. Cetus took immediate response measures to mitigate the impact.

The attacker exploited an undisclosed vulnerability in the open-source library, manipulated the pool price to create positions in a high-price region, and utilized an overflow check bug to inject fake high liquidity with a minimal token amount. Subsequently, they performed multiple liquidity removal transactions to extract assets from the pool, leveraging unchecked arithmetic functions to conduct the attack, ultimately succeeding in stealing funds.

In order to safeguard the overall ecosystem's best interests, with the support of the majority of Sui validation nodes, Cetus promptly froze the attacker's two Sui wallet addresses, which contained a significant portion of the stolen funds. The remaining stolen funds have been exchanged by the hacker and cross-chain transferred to the Ethereum mainnet.

Cetus is collaborating with the Sui security team and multiple auditing firms to review the contract, conduct a multi-party joint audit, and ensure the secure restoration of CLMM services post validation. Additionally, Cetus will enhance on-chain monitoring, initiate extra audits, and regularly release security reports. To compensate affected LPs, Cetus is formulating a recovery plan with ecosystem partners and urging Sui validators to support on-chain voting to expedite asset returns and rebuild trust. As the legal process progresses, Cetus is also offering the attacker a white-hat redemption opportunity. Cetus is set to issue a final ultimatum to them. Any further updates will be consistently communicated to the community by Cetus.