The post Everything You Need to Know About How It Happened appeared on BitcoinEthereumNews.com.

Crime On May 22, 2025, Cetus Protocol, a leading decentralized exchange on the Sui blockchain, fell victim to a sophisticated smart contract exploit that targeted its Concentrated Liquidity Market Maker (CLMM) pools. The incident exposed a previously unknown vulnerability within the system’s smart contract logic, resulting in a substantial loss of funds. However, rapid response from the Cetus team and Sui validators helped contain the damage and freeze a significant portion of the stolen assets. How the Attack Unfolded The exploit began when an attacker leveraged a flash swap to momentarily suppress the price of tokens within a CLMM pool. By artificially lowering prices, the attacker was able to open a liquidity position within a higher tick range, a mechanism that sets the boundaries for token pricing in a given pool. The real vulnerability, however, lay deeper in the contract logic. The attacker manipulated a critical flaw in how the smart contract checked for overflows during liquidity additions. Instead of properly validating input values, the contract allowed the attacker to inject an abnormally large amount of fake liquidity with only minimal token deposits. After inflating their position, the attacker repeatedly removed this fake liquidity, siphoning actual token reserves out of the pools. This loop was executed several times using precisely crafted values, effectively draining assets by exploiting unchecked calculations and overflow behaviors in the system. The Root Cause: A Library Miscalculation At the heart of the exploit was a subtle but critical error in the open-source library used by the CLMM contract. Specifically, the problem originated from a misunderstanding of how left-shift operations should be checked in the checked_shlw method. Instead of validating against the proper boundary (2^192), the flawed implementation incorrectly allowed shifts up to 2^256, enabling the overflow manipulation. This misconfiguration, though seemingly minor in code, opened the…

---

Filed under: News - @ May 27, 2025 3:23 pm