Cetus Protocol, a decentralized exchange built on the Sui network, is moving toward open-sourcing its code following a major $220 million exploit in May and a recent relaunch.
On May 22, an attacker exploited a vulnerability in the platform’s pricing mechanism, siphoning funds from its key liquidity pools. Shortly after, Cetus was able to freeze $162 million of the stolen assets.
Prior to the incident, Cetus was seeing strong momentum, with trading volumes surpassing $5 billion in both April and the first part of May, despite operations halting after the exploit.
In a June 7 Medium post, just ahead of its relaunch, the Cetus team announced plans to become fully open-source and introduced a new white-hat bounty program aimed at fostering community-driven technical and security contributions.
As part of the relaunch effort, the team said it “worked around the clock” to patch the vulnerability that enabled the exploit, restore pool data to accurate pricing, and conduct thorough security audits on all code fixes and contract upgrades.
To replenish affected liquidity pools, Cetus used a mix of resources: $7 million from its cash reserves, a $30 million USDC loan from the Sui Foundation, and a portion of the assets recovered from the attacker.
However, the team noted that not all pools have been fully restored. Recovery rates currently range from 85% to 99%, depending on the extent to which each pool was drained during the exploit.
As part of its compensation plan for affected users, Cetus is allocating 15% of its native token supply, CETUS. Of that, 5% will be distributed immediately, while the remaining 10% will be released gradually over the next year, starting June 10, with monthly linear unlocks.
According to CoinGecko, the CETUS token has dropped over 12% in the past 24 hours and is currently trading at $0.11.
Cetus also plans to enhance its protocol monitoring system and conduct additional rounds of security audits to strengthen overall platform security.
Cetus stated that legal action remains underway, with proceedings initiated in “multiple jurisdictions” and active involvement from law enforcement agencies.
“The attacker ignored our previous white hat offer and has started attempting to launder the stolen assets — a futile and fully traceable effort. We remain highly confident that it’s only a matter of time before an arrest is made and the remaining assets are recovered,” the Cetus team said.
A day after the exploit, Cetus had offered a white hat bounty of up to $6 million to the attacker in exchange for returning 20,920 Ether—worth over $55 million at the time—along with the $162 million in frozen funds on the Sui blockchain.
