Cetus Reveals Recovery Plan, Taps SUI for Bridge Loan

Six days after a $223 million exploit shook the Sui ecosystem, decentralized exchange Cetus has announced a recovery initiative that would override hacker-controlled wallets through a protocol-level upgrade, if the community approves it.

The vote will determine whether $162 million in frozen funds can be forcefully reclaimed from the attacker’s wallets via a protocol-level upgrade as part of Cetus’s “larger recovery plan.”

“Using our cash and token treasuries, we are now in a position to fully cover the stolen assets currently off-chain,” Cetus tweeted on Tuesday. “This includes a critical loan from the Sui Foundation, making a 100% recovery for all affected users possible.”

The recovery plan follows a recent attack on Cetus that exploited flaws in DEX’s automated market maker and oracle logic, enabling hackers to drain liquidity pools across the network.

A community vote, launched at 1 p.m. PT on May 27 and open for up to seven days, will decide whether to authorize a protocol upgrade that reclaims the frozen funds without the hacker’s signature. 

If approved, the assets will be moved into a 4-of-6 multisig wallet jointly controlled by Cetus, auditing firm OtterSec, and the Sui Foundation, according to a statement from Sui.

SUI holders can delegate their stake to validators who vote “yes,” “no,” or “abstain.” The Foundation’s own stake is excluded to preserve neutrality. 

The upgrade will only pass if over 50% of the total stake participates and a majority votes in favor.

As of early Wednesday morning, 37.3%  had voted “yes,” with zero “no” votes recorded. The remaining 62.7% of votes have not been cast. 

The vote can close early if the result becomes mathematically decisive after the initial 48-hour period.

If passed, the protocol upgrade will permit aliased addresses to perform exactly two transactions, one for each hacker-controlled wallet. These transactions will transfer funds into the multisig wallet. 

The Cetus exploit occurred due to a critical flaw in overflow protection, where a faulty bitwise truncation check allowed attackers to bypass safeguards and manipulate liquidity calculations, according to a post-mortem report from blockchain security firm Dedaub.

Blockchain analytics firm PeckShield confirmed last Thursday that $61.5 million of stolen funds in USDC has since been bridged to Ethereum; the rest remains frozen on Sui.

Sui (SUI) is up 6.9% in the last 24 hours, to $3.70 after falling sharply from $4.18 to $3.82 in the immediate aftermath of the Cetus exploit, CoinGecko data shows.

Edited by Sebastian Sinclair