In a dramatic turn of events in the DeFi space, Cetus Protocol, a decentralized exchange operating on the Sui and Aptos blockchains, has restarted operations just over two weeks after suffering a massive $223 million exploit. The restart comes after a significant recovery effort, which saw the platform regain around $162 million in stolen funds and receive substantial support from the Sui Foundation.

The attack, which took place on May 22, exploited a flaw in a shared math library, allowing the attacker to manipulate token balances through an integer overflow bug. By exploiting this vulnerability, the attacker made it appear as though a small deposit was worth millions, gaining unauthorized access to liquidity pools. It quickly became one of the largest DeFi exploits of the year.

Despite the scale of the loss, Cetus Protocol moved swiftly to respond. The platform’s team worked with Sui validators to freeze and reclaim a large portion of the stolen assets. Of the total exploited amount, roughly $162 million was successfully retrieved. This recovery was a crucial turning point for the protocol, allowing it to begin the complex process of rebuilding trust and infrastructure.

To support the recovery, the Sui Foundation extended a $30 million loan to Cetus Protocol. The protocol also committed its own cash reserves—totaling $7 million—toward replenishing the affected pools. As a result, liquidity providers saw their holdings restored to between 85% and 99% of original levels. For the remaining shortfall, Cetus introduced a 12-month compensation plan, during which the deficit will be covered through CETUS tokens, distributed via a linear unlock schedule.

This move not only aims to address the immediate financial impact on users but also underscores the protocol’s intention to remain transparent and committed to user protection.

A Sophisticated Exploit and a Calculated Attack

According to an analysis conducted by blockchain security firm SlowMist, the attacker had meticulously prepared for the exploit. The wallet used in the attack was funded two days before the incident and even attempted an earlier version of the exploit that failed. The final execution was described as highly mathematical and well-timed, targeting a specific function within the contract code known as checked_shlw.

By using this method, the attacker managed to drain liquidity from pools using only a minimal amount of actual tokens. However, the exploit only impacted the Sui-based pools. The Aptos side of the protocol remained unaffected throughout the incident.

A Rapid Comeback Strategy

Rather than staying down for long, Cetus used the recovery window to reassess and fortify its system. The team patched the vulnerable code, re-audited the protocol, and conducted a full rebalancing of all affected liquidity pools. Their goal was not just to resume operations but to ensure that such an event would not recur.

As part of its renewed security measures, Cetus revealed a forthcoming white-hat bounty program. The platform is also planning to upgrade its real-time monitoring tools and initiate a new round of comprehensive third-party audits. These steps are intended to prevent similar vulnerabilities and ensure long-term stability.

“We believe this restart is more than just a return—it represents a new beginning,” a statement from the Cetus team read.

Legal Measures in Motion

The attacker, according to Cetus, has shown no willingness to cooperate, ignoring the team’s attempts to negotiate the return of funds under a white-hat arrangement. Instead, the attacker began moving portions of the stolen assets to Tornado Cash, a well-known crypto mixing service used to obfuscate transaction trails.

Despite this, Cetus remains confident. The team is working with legal entities and blockchain forensic experts and believes that tracking down the perpetrator is only a matter of time. The fact that a large portion of the stolen funds was already frozen shortly after the hack suggests that the window for laundering the assets is narrowing.

Impact on the SUI Ecosystem

The entire ordeal has placed a spotlight on the broader Sui blockchain ecosystem. The incident tested not just the resilience of Cetus Protocol but also the responsiveness of validators and the Sui Foundation. The quick freezing of assets and provision of a strategic financial loan have been seen as signs of strong institutional backing within the Sui ecosystem.

Moreover, the recovery of such a substantial portion of the stolen funds offers a rare example of damage control in the often-unforgiving world of decentralized finance. While many DeFi projects have historically collapsed after major exploits, Cetus appears to be bucking the trend.

Looking Ahead

Cetus Protocol’s path forward will be closely watched. With plans for more audits, enhanced security, and a revamped development roadmap, the project is positioning itself for a new phase of growth. However, challenges remain. Trust in DeFi platforms is hard-earned and easily lost, especially after an event of this magnitude.

Still, the swift recovery, partial compensation strategy, and backing from the Sui Foundation provide a solid foundation for a potential turnaround. For liquidity providers and users, the next few months will be crucial in determining whether Cetus can fully restore confidence and establish itself as a reliable player in the competitive DEX space.

In a sector where trust is fragile and reputation everything, Cetus is now attempting to rebuild both—with a stronger security framework and a renewed commitment to its users.