Cetus releases report on theft incident, will promote LP compensation plan and strengthen security audit

Odaily News Cetus officially released a report on the theft, stating that on May 22, Cetus suffered an advanced smart contract attack on the CLMM liquidity pool. Cetus has taken immediate countermeasures to mitigate the impact.
The attacker exploited an undiscovered vulnerability in the open source library, lowered the pool price, built a position in the high price zone, and took advantage of the overflow check defect to inject artificially high liquidity with very few tokens. He then performed liquidity removal operations multiple times to extract assets from the pool, repeatedly used unverified calculation functions to attack, and finally successfully stole funds.
In order to jointly maintain the best interests of the entire ecosystem, with the support of most Sui verification nodes, Cetus urgently froze the attacker's two Sui wallet addresses, which contained the main part of the stolen funds. The remaining stolen funds have been exchanged by the hacker and transferred across the chain to the Ethereum mainnet.
Cetus is working with the Sui security team and several auditing agencies to review the contract and conduct a multi-party joint audit to ensure the safe restoration of CLMM services after verification. At the same time, Cetus will strengthen on-chain monitoring, initiate additional audits and publish security reports regularly. To compensate the affected LPs, Cetus is developing a recovery plan with ecological partners and calling on Sui validators to support on-chain voting to speed up the return of user assets and rebuild confidence. While the legal process continues, Cetus also provides the attacker with an opportunity for a white hat return. Cetus is about to issue an ultimatum to it. If there are any updates, Cetus will continue to transparently inform the community.