Despite being a relatively young public blockchain, SUI has already risen to the forefront in terms of developer activity and ecosystem development. With support from major exchanges like Binance, SUI is poised to further solidify its position in the industry as a "gaming chain" and a diversified application platform.

This article is jointly published by Aquarius Capital and Klein Labs, with special thanks to NAVI Protocol, Bucket Protocol, and Comma3 Ventures for their technical guidance and support during the research process.

TL;DR

1. Cetus Vulnerability Originates from Contract Implementation, Not SUI or Move Language:

   The root cause of this attack lies in the lack of boundary checks in the arithmetic functions of the Cetus protocol—specifically, overly broad masks and shift overflows leading to logical vulnerabilities. This issue is unrelated to the resource safety model of the SUI chain or the Move language. The vulnerability can be fixed with a "one-line boundary check" without affecting the core security of the entire ecosystem.

2. The Value of "Reasonable Centralization" in SUI's Mechanism During a Crisis:

   Although SUI's use of DPoS validator rounds and blacklist freezing functions shows a slight tendency towards centralization, this proved useful in the Cetus incident response. Validators quickly synchronized malicious addresses to the Deny List and refused to package related transactions, freezing over $160 million in funds instantly. This is essentially a form of positive "on-chain Keynesianism," where effective macroeconomic regulation played a positive role in the economic system.

3. Reflections and Suggestions on Technical Security:

   • Mathematics and Boundary Checks: Introduce upper and lower bound assertions for all critical arithmetic operations (such as shifts, multiplication, and division) and conduct extreme value fuzzing and formal verification.

   • Enhanced Auditing and Monitoring: In addition to general code audits, add specialized mathematical audit teams and real-time on-chain transaction behavior detection to capture abnormal splits or large flash loans early.

4. Summary and Suggestions on Fund Security Mechanisms:

   During the Cetus incident, SUI and the project team worked efficiently together, successfully freezing over $160 million in funds and pushing for a 100% compensation plan. This demonstrated strong on-chain responsiveness and a sense of ecological responsibility. The SUI Foundation also added $10 million in audit funding to strengthen the security line. Future efforts could further advance on-chain tracking systems, community-built security tools, and decentralized insurance mechanisms to improve the fund security system.

5. Diversified Expansion of the SUI Ecosystem:

   In less than two years, SUI has rapidly transitioned from a "new chain" to a "strong ecosystem," building a diversified ecological map covering multiple tracks, including stablecoins, DEXs, infrastructure, DePIN, and gaming. The total scale of stablecoins has exceeded $1 billion, providing a solid liquidity base for the DeFi module. SUI ranks 8th globally in TVL, 5th in trading activity, and 3rd among non-EVM networks (only behind Bitcoin and Solana), demonstrating strong user participation and asset accumulation capabilities.

1. The Chain Reaction Triggered by an Attack

On May 22, 2025, Cetus, a leading AMM protocol deployed on the SUI network, suffered a hacker attack. The attacker exploited a logic vulnerability related to an "integer overflow issue" to manipulate the system, resulting in a loss of over $200 million in assets. This incident was one of the largest security breaches in the DeFi space this year and the most destructive hack since the SUI mainnet went live.

According to DefiLlama data, SUI's total value locked (TVL) across the entire chain plummeted by over $330 million on the day of the attack. Cetus' own locked amount evaporated by 84%, dropping to $38 million. Several popular tokens on SUI (including Lofi, Sudeng, and Squirtle) saw a 76% to 97% plunge within just one hour, sparking widespread concern over SUI's security and ecosystem stability.

However, following this shockwave, the SUI ecosystem demonstrated remarkable resilience and recovery capabilities. Despite short-term confidence fluctuations caused by the Cetus incident, on-chain funds and user activity did not experience sustained decline. Instead, the entire ecosystem's focus on security, infrastructure development, and project quality significantly increased.

Klein Labs will explore the causes of this attack, SUI's consensus mechanism, the security of the MOVE language, and the development of the SUI ecosystem. We will analyze the current ecological landscape of this still-early-stage public blockchain and discuss its future potential.

2. Analysis of the Cetus Incident

2.1 Attack Implementation Process

According to the technical analysis by the Slow Mist team, the hacker successfully exploited a critical arithmetic overflow vulnerability in the protocol. Using flash loans, precise price manipulation, and contract flaws, the attacker stole over $200 million in digital assets in a short period. The attack path can be roughly divided into the following three stages:

1. Initiating Flash Loans and Manipulating Prices:

   The hacker first used a maximum slippage flash swap to borrow 10 billion haSUI, manipulating the market price. Flash loans allow users to borrow and repay funds within a single transaction, requiring only a transaction fee. This mechanism has high leverage, low risk, and low cost. The hacker used it to quickly lower the market price and precisely control it within a very narrow range.

   Subsequently, the attacker prepared to create an extremely narrow liquidity position, setting the price range precisely between the lowest quote of 300,000 and the highest price of 300,200, with a price width of only 1.00496621%.

   Through these means, the hacker successfully manipulated the haSUI price. They then targeted several other tokens with no real value.

2. Adding Liquidity:

   The attacker created a narrow liquidity position and declared the addition of liquidity. However, due to a vulnerability in the checked_shlw function, they ultimately only had to provide 1 token.

   Essentially, this was due to two reasons:

   • Overly Broad Mask Setting: Equivalent to an extremely high liquidity addition upper limit, rendering the contract's user input validation ineffective. The hacker set abnormal parameters to construct inputs that were always less than this upper limit, thereby bypassing overflow detection.

   • Data Overflow Truncation: When performing the shift operation n << 64 on the value n, the shift exceeded the valid bit width of the uint256 data type (256 bits), causing data truncation. The overflow part of the higher bits was automatically discarded, resulting in a calculation result far below expectations. This led the system to underestimate the amount of haSUI required for the swap. The final calculation result was approximately less than 1, but since it was rounded up, it ended up being 1. In other words, the hacker only needed to add 1 token to swap out a huge amount of liquidity.

The financial losses were severe, with the following assets stolen:

• 12.9 million SUI ($54 million)

• $60 million USDC

• $4.9 million Haedal Staked SUI

• $19.5 million TOILET

• Other tokens such as HIPPO and LOFI plummeted 75–80%, with liquidity drying up.

2.2 Causes and Characteristics of the Vulnerability

The Cetus vulnerability has three characteristics:

1. Low Fix Cost: On one hand, the root cause of the Cetus incident was a lapse in the Cetus math library, not an error in the protocol's pricing mechanism or underlying architecture. On the other hand, the vulnerability was limited to Cetus itself and had no connection to SUI's code. The root cause was a boundary condition check that could be fixed with just two lines of code to completely eliminate the risk. After the fix, it could be immediately deployed to the mainnet to ensure the completeness of subsequent contract logic and prevent such vulnerabilities.

2. High Concealment: The contract ran smoothly for two years without any issues, and Cetus Protocol underwent multiple audits, yet the vulnerability remained undetected. The main reason was that the Integer_Mate library used for mathematical calculations was not included in the audit scope. The hacker exploited extreme values to precisely construct a transaction interval and an extremely rare scenario of submitting very high liquidity, triggering the abnormal logic. This indicates that such issues are difficult to detect through ordinary testing. These types of problems often lie in blind spots, remaining hidden for a long time before being discovered.

3. Not Unique to Move:

   Move outperforms many smart contract languages in resource safety and type checking, with built-in native detection for integer overflow issues in common scenarios. The overflow occurred because, when adding liquidity and calculating the required token amount, an incorrect value was used for the upper limit check, and a shift operation replaced the conventional multiplication operation. If regular addition, subtraction, multiplication, or division operations

Despite being a relatively young public blockchain, SUI has already risen to the forefront in terms of developer activity and ecosystem development. With support from major exchanges like Binance, SUI is poised to further solidify its position in the industry as a "gaming chain" and a diversified application platform.

This article is jointly published by Aquarius Capital and Klein Labs, with special thanks to NAVI Protocol, Bucket Protocol, and Comma3 Ventures for their technical guidance and support during the research process.

TL;DR

1. Cetus Vulnerability Originates from Contract Implementation, Not SUI or Move Language:

   The root cause of this attack lies in the lack of boundary checks in the arithmetic functions of the Cetus protocol—specifically, overly broad masks and shift overflows leading to logical vulnerabilities. This issue is unrelated to the resource safety model of the SUI chain or the Move language. The vulnerability can be fixed with a "one-line boundary check" without affecting the core security of the entire ecosystem.

2. The Value of "Reasonable Centralization" in SUI's Mechanism During a Crisis:

   Although SUI's use of DPoS validator rounds and blacklist freezing functions shows a slight tendency towards centralization, this proved useful in the Cetus incident response. Validators quickly synchronized malicious addresses to the Deny List and refused to package related transactions, freezing over $160 million in funds instantly. This is essentially a form of positive "on-chain Keynesianism," where effective macroeconomic regulation played a positive role in the economic system.

3. Reflections and Suggestions on Technical Security:

   • Mathematics and Boundary Checks: Introduce upper and lower bound assertions for all critical arithmetic operations (such as shifts, multiplication, and division) and conduct extreme value fuzzing and formal verification.

   • Enhanced Auditing and Monitoring: In addition to general code audits, add specialized mathematical audit teams and real-time on-chain transaction behavior detection to capture abnormal splits or large flash loans early.

4. Summary and Suggestions on Fund Security Mechanisms:

   During the Cetus incident, SUI and the project team worked efficiently together, successfully freezing over $160 million in funds and pushing for a 100% compensation plan. This demonstrated strong on-chain responsiveness and a sense of ecological responsibility. The SUI Foundation also added $10 million in audit funding to strengthen the security line. Future efforts could further advance on-chain tracking systems, community-built security tools, and decentralized insurance mechanisms to improve the fund security system.

5. Diversified Expansion of the SUI Ecosystem:

   In less than two years, SUI has rapidly transitioned from a "new chain" to a "strong ecosystem," building a diversified ecological map covering multiple tracks, including stablecoins, DEXs, infrastructure, DePIN, and gaming. The total scale of stablecoins has exceeded $1 billion, providing a solid liquidity base for the DeFi module. SUI ranks 8th globally in TVL, 5th in trading activity, and 3rd among non-EVM networks (only behind Bitcoin and Solana), demonstrating strong user participation and asset accumulation capabilities.

1. The Chain Reaction Triggered by an Attack

On May 22, 2025, Cetus, a leading AMM protocol deployed on the SUI network, suffered a hacker attack. The attacker exploited a logic vulnerability related to an "integer overflow issue" to manipulate the system, resulting in a loss of over $200 million in assets. This incident was one of the largest security breaches in the DeFi space this year and the most destructive hack since the SUI mainnet went live.

According to DefiLlama data, SUI's total value locked (TVL) across the entire chain plummeted by over $330 million on the day of the attack. Cetus' own locked amount evaporated by 84%, dropping to $38 million. Several popular tokens on SUI (including Lofi, Sudeng, and Squirtle) saw a 76% to 97% plunge within just one hour, sparking widespread concern over SUI's security and ecosystem stability.

However, following this shockwave, the SUI ecosystem demonstrated remarkable resilience and recovery capabilities. Despite short-term confidence fluctuations caused by the Cetus incident, on-chain funds and user activity did not experience sustained decline. Instead, the entire ecosystem's focus on security, infrastructure development, and project quality significantly increased.

Klein Labs will explore the causes of this attack, SUI's consensus mechanism, the security of the MOVE language, and the development of the SUI ecosystem. We will analyze the current ecological landscape of this still-early-stage public blockchain and discuss its future potential.

2. Analysis of the Cetus Incident

2.1 Attack Implementation Process

According to the technical analysis by the Slow Mist team, the hacker successfully exploited a critical arithmetic overflow vulnerability in the protocol. Using flash loans, precise price manipulation, and contract flaws, the attacker stole over $200 million in digital assets in a short period. The attack path can be roughly divided into the following three stages:

1. Initiating Flash Loans and Manipulating Prices:

   The hacker first used a maximum slippage flash swap to borrow 10 billion haSUI, manipulating the market price. Flash loans allow users to borrow and repay funds within a single transaction, requiring only a transaction fee. This mechanism has high leverage, low risk, and low cost. The hacker used it to quickly lower the market price and precisely control it within a very narrow range.

   Subsequently, the attacker prepared to create an extremely narrow liquidity position, setting the price range precisely between the lowest quote of 300,000 and the highest price of 300,200, with a price width of only 1.00496621%.

   Through these means, the hacker successfully manipulated the haSUI price. They then targeted several other tokens with no real value.

2. Adding Liquidity:

   The attacker created a narrow liquidity position and declared the addition of liquidity. However, due to a vulnerability in the checked_shlw function, they ultimately only had to provide 1 token.

   Essentially, this was due to two reasons:

   • Overly Broad Mask Setting: Equivalent to an extremely high liquidity addition upper limit, rendering the contract's user input validation ineffective. The hacker set abnormal parameters to construct inputs that were always less than this upper limit, thereby bypassing overflow detection.

   • Data Overflow Truncation: When performing the shift operation n << 64 on the value n, the shift exceeded the valid bit width of the uint256 data type (256 bits), causing data truncation. The overflow part of the higher bits was automatically discarded, resulting in a calculation result far below expectations. This led the system to underestimate the amount of haSUI required for the swap. The final calculation result was approximately less than 1, but since it was rounded up, it ended up being 1. In other words, the hacker only needed to add 1 token to swap out a huge amount of liquidity.

3. Withdrawing Liquidity:

   The attacker repaid the flash loan and retained a massive profit, ultimately withdrawing hundreds of millions of dollars' worth of tokens from multiple liquidity pools.

The financial losses were severe, with the following assets stolen:

• 12.9 million SUI ($54 million)

• $60 million USDC

• $4.9 million Haedal Staked SUI

• $19.5 million TOILET

• Other tokens such as HIPPO and LOFI plummeted 75–80%, with liquidity drying up.

2.2 Causes and Characteristics of the Vulnerability

The Cetus vulnerability has three characteristics:

1. Low Fix Cost: On one hand, the root cause of the Cetus incident was a lapse in the Cetus math library, not an error in the protocol's pricing mechanism or underlying architecture. On the other hand, the vulnerability was limited to Cetus itself and had no connection to SUI's code. The root cause was a boundary condition check that could be fixed with just two lines of code to completely eliminate the risk. After the fix, it could be immediately deployed to the mainnet to ensure the completeness of subsequent contract logic and prevent such vulnerabilities.

2. High Concealment: The contract ran smoothly for two years without any issues, and Cetus Protocol underwent multiple audits, yet the vulnerability remained undetected. The main reason was that the Integer_Mate library used for mathematical calculations was not included in the audit scope. The hacker exploited extreme values to precisely construct a transaction interval and an extremely rare scenario of submitting very high liquidity, triggering the abnormal logic. This indicates that such issues are difficult to detect through ordinary testing. These types of problems often lie in blind spots, remaining hidden for a long time before being discovered.

3. Not Unique to Move:

   Move outperforms many smart contract languages in resource safety and type checking, with built-in native detection for integer overflow issues in common scenarios. The overflow occurred because, when adding liquidity and calculating the required token amount, an incorrect value was used for the upper limit check, and a shift operation replaced the conventional multiplication operation. If regular addition, subtraction, multiplication, or division operations