Cetus Hack: Security Firm Gains Blockchain Security Insights

Analysis of the Cetus Decentralized Exchange Security Breach

Blockchain security firm Dedaub has released a post-mortem report on the Cetus decentralized exchange hack, pinpointing the cause of the attack as an exploit of the liquidity parameters used by Cetus’ automated market maker (AMM). This vulnerability went undetected by a code “overflow” check.

According to the report, the hackers exploited a flaw in the most significant bits (MSB) check, which allowed them to manipulate the values ​​for the liquidity parameters by a huge factor. This allowed them to take a relatively large position with a single keystroke. Dedaub researchers noted:

“This allowed them to add massive liquidity positions with just one unit of token input, after which they emptied pools collectively holding hundreds of millions of dollars worth of tokens.”

This incident and the accompanying post-mortem analysis reflect the worrying trend of cybersecurity exploits and hacks plaguing the crypto and Web3 industries.

Industry leaders have repeatedly warned that companies in the industry must take proactive steps to protect users before regulators step in and impose rules on the sector.

Cetus decentralized exchange hacked, costing $223 million

On May 22, the Cetus exchange was hacked, resulting in $223 million in losses for users within 24 hours. Cetus and the Sui Foundation stated that Sui network validators have frozen the majority of the stolen assets.

According to the Cetus team, $163 million of the $223 million was frozen by validators and ecosystem partners on the same day as the hack.

Criticism of the response and accusations of centralization

The decision to freeze the stolen funds has sparked mixed reactions in the crypto community. Decentralization advocates criticized validators for their interference and control over the blockchain. “Sui validators are actively censoring transactions on the blockchain,” wrote one user on a social network, and many shared this sentiment.

“This completely undermines the principles of decentralization and transforms the network into nothing more than a centralized, permissioned database,” the response said.

Additionally, Steve Bowyer noted that it is notable how many venture capitalist-funded Web3 projects rely heavily on centralization, despite claiming to follow the ethos of Bitcoin to embrace.

Closing note

The Cetus decentralized exchange hack highlights the need for robust security measures within the crypto industry. While decentralization is at the heart of many blockchain applications, the response from validators raises questions about the effectiveness of existing protocols and the future of decentralization in an increasingly risky landscape.

Frequently Asked Questions

What caused the hack on the Cetus exchange?
The hack was caused by an exploit of Cetus' AMM liquidity parameters, where a flaw in the MSB check resulted in these values ​​being manipulated.

How much money was lost due to the hack?
Users lost $223 million, of which $163 million was frozen by Sui validators shortly after the hack.

What are the implications of this hack for decentralization?
The response from validators, who moved to freeze stolen funds, has led to criticism of centralization within the blockchain and raises questions about the future of true decentralization.