7 December 2025
On May 23, Cetus Protocol offered a bounty of $5 million for information leading to the identification and arrest of the attacker who stole a whopping $223 million from its decentralized exchange on the Sui Network. This remarkable move, made in partnership with cybersecurity firm Inca Digital and funded by the Sui Foundation, marks a significant development in the world of blockchain security.
Anyone wishing to contact Cetus should send an email with the perpetrator's name, location, and supporting evidence, with the subject line "Cetus lead." DEX has also indicated that they will withdraw legal action and cancel the reward if the attacker returns the stolen funds and accepts the previous settlement offer.
The reward came at a crucial time as concerns have been raised over the centralization of the Sui network after $162 million was frozen by many of the 114 validators.
Hours before the public reward was announced, Cetus made a separate offer to the attacker via an on-chain transaction on both the Sui and Ethereum blockchains. This offer included a $6 million reward, equal to 2,324 ETH, in exchange for the return of 20,920 ETH and all frozen funds on Sui.
The Cetus team has mapped the attacker’s Ethereum wallets and is working with U.S. federal authorities, FinCEN, the Seychelles Police, select defense sector partners, major exchanges, and bridge operators. The ultimatum sent warns that any attempt to launder the funds will result in a global escalation of law enforcement.
According to the protocol's incident report dated May 22, the attacker exploited a vulnerability in Cetus's pricing mechanism, leading to an immediate pause of all smart contract activity. The data on the blockchain of the project show that the exploit resulted in a profit of $223 million in tokens. Of this amount, $61 million was transferred to Ethereum via bridges, while the remaining $162 million was frozen by the validators of the Sui network.
At this time, Cetus has not announced when normal trading will resume or whether the team plans to implement any code changes before reactivating contracts.
Sui has 114 active validators, and on May 22, the network announced that a broad majority had decided to immediately freeze all transactions originating from the attacker’s wallets following the breach. This collective act resulted in the freezing of the remaining $162 million and the locking of the tokens on the blockchain.
Gautham Santhosh, co-founder of Polynomialfi, tweeted that the crypto community is currently weighing the benefits of rapid asset protection against the implications of validators being able to suspend specific accounts at will. While he stressed that the process required consensus and was not random, the event has thrown the security assumptions surrounding layer-1 blockchains into disarray.
“Sometimes it feels like we are more secure than ever with blockchain, but are we really?” This question reminds us that ongoing collaboration and dialogue are essential in our blockchain journey.
How exactly does the reward for information work?
Informants must send their details about the attacker via email, and if their information leads to an arrest, they can claim the $5 million reward.
What happens to the frozen funds?
The frozen funds will remain on the blockchain until there is more clarity on the situation and a possible return by the attacker.
When does Cetus expect to resume normal trading?
Cetus has not yet given a specific date for the resumption of trading, as they first want to clarify the situation with the operator and the security of their contracts.
Bitcoin (BTC)
Ethereum (ETH)
XRP (XRP)
