Cetus Offers $6M Bounty After $223M DeFi Hack, Urges Hacker To Return Funds

Cetus Protocol is practically begging after hackers drained $223 million from the Sui blockchain’s largest DEX overnight. The desperate exchange is offering a $6 million “whitehat settlement” to convince thieves to return the stolen funds. Think of it as politely asking bank robbers for your money back. SUI tokens dropped 15% while CETUS plummeted up to 33%. The attack exploited pricing logic through spoof tokens, not coding errors. The full story reveals how creative desperation gets.

When Cetus Protocol users woke up to find their digital wallets lighter by $223 million, it wasn’t because of market volatility—it was because someone had just pulled off one of the most sophisticated DeFi heists in recent memory. The largest DEX on the Sui blockchain had been gutted overnight, and the perpetrator was probably sipping coffee somewhere, counting their digital fortune.

The attack wasn’t your typical hack where someone finds a typo in the code. This was surgical. The attacker exploited internal price curves and reserve calculations, introducing minimal liquidity with spoof tokens like BULLA to completely skew the platform’s pricing logic. Think of it as convincing a casino that poker chips are worth diamonds, then cashing out before anyone notices.

Flash swaps, price manipulation, complex timing—the whole nine yards. The hacker managed to drain real assets without depositing equivalent value, fundamentally performing financial sleight of hand on a massive scale. Previous security audits? Useless. This exploit targeted economic assumptions rather than simple coding errors, which explains why it slipped through the cracks.

Cetus immediately hit the panic button, pausing all smart contract operations faster than you can say “rug pull.” They managed to isolate $162 million of stolen assets—a small victory in an otherwise devastating defeat. The team partnered with the Sui Foundation for damage control while launching their own investigation. Their communication strategy? Tell users to secure their wallets while keeping technical details under wraps to avoid copycats.

Here’s where it gets interesting. Cetus offered the hacker a $6 million “whitehat settlement”—essentially a bounty for returning the stolen funds. It’s like asking a bank robber politely if they’d consider giving back the money for a small finder’s fee. Desperate times call for creative measures. Inca Digital is leading the negotiation efforts with the hacker to secure the return of stolen funds. This incident adds to the troubling reality that total cryptocurrency stolen from platforms in 2024 exceeds $2 billion.

The fallout was immediate and brutal. SUI token dropped 15%, while CETUS plummeted between 20-33%. Smaller tokens like AXOL, HIPPO, and SQUIRT got obliterated, losing most of their value overnight. Users scrambled to withdraw funds, creating a trading frenzy that probably made the situation worse.

The attacker’s wallet tells its own story. Over 32.9 million SUI tokens, 21,900 ETH, and various stablecoins—a digital treasure trove worth roughly $191 million at current prices. More than $60 million had already been bridged to Ethereum, suggesting the hacker was working quickly to obfuscate the stolen funds across multiple blockchains. Unlike traditional banking, DeFi users have no customer service or fraud protection to fall back on when such exploits occur.

This incident raises uncomfortable questions about DeFi security on newer chains. Sui positioned itself as a next-generation blockchain, but apparently forgot that sophisticated attackers evolve alongside technology. The long-term trust impact could be devastating for both Cetus and the broader Sui ecosystem.

Law enforcement and blockchain security experts are now involved, tracing funds and attempting recovery. Whether the $6 million bounty will tempt the hacker to come forward remains to be seen.