Cetus Protocol, a decentralized crypto exchange and key liquidity provider on the Sui blockchain, said it lost roughly $223 million in a security breach.

The project confirmed the incident in a post on X, formerly Twitter, stating that its smart contracts had been paused “temporarily for safety” and that a full investigation is underway. “The team is investigating the incident at the moment. A further investigation statement will be made soon,” the post said.

🚨Alert Announcement 🚨

There was an incident detected on our protocol and our smart contract has been paused temporarily for safety. The team is investigating the incident at the moment. A further investigation statement will be made soon. We are grateful for your patience.

— Cetus🐳 (@CetusProtocol) May 22, 2025

“We have took immediate action to lock our contract preventing further theft of funds. $162M of the compromised funds have been successfully paused,” the firm said in a statement to Bloomberg News. “We are working with the Sui Foundation and other ecosystem members right now on next-step solutions, with the goal of recovering the remaining stolen funds.”

The protocol’s native token, CETUS, dropped as much as 18% following the news, data from CoinGecko show.

“The attacker exploited vulnerabilities in Cetus Protocol’s smart contracts by deploying spoof tokens to manipulate price curves and reserve calculations,” said Deddy Lavid, CEO of blockchain security firm Cyvers. “This allowed them to extract real assets from multiple liquidity pools, including the SUI/USDC pool.”

Copyright 2025 Bloomberg.