Cetus confirms that the theft was caused by an overlooked vulnerability in the open source library used by the smart contract

Odaily News Cetus, a decentralized trading platform based on Sui, confirmed that there was a vulnerability in the open source library used by its CLMM smart contract, which caused hackers to manipulate the pool price and repeatedly withdraw liquidity through flash swaps, eventually stealing about $223 million. The vulnerability originated from an integer overflow check error in the inter_mate library. Cetus has disabled the core contract and frozen some of the attacker's address funds, but about $60 million has still been transferred to Ethereum. The platform is now preparing upgrade and rollback proposals, and offering a $5 million reward for clues to solve the case. (The Block)