In a week when Bitcoin soared to a new all-time high, signaling renewed optimism and momentum across the crypto market, alarming cracks began to show beneath the surface. While investors celebrated historic gains, two major security breaches, one targeting Cetus Protocol on the Sui blockchain and the other involving Coinbase, served as a stark reminder that even in bullish times, vulnerabilities in the crypto ecosystem persist. These incidents, involving over $200 million in stolen assets and compromised data, have reignited urgent questions about how secure both DeFi and centralized platforms really are.
What Happened: Breakdown of the Hack
The hack targeted Cetus Protocol, a DEX that had quickly become a central pillar of Sui’s DeFi landscape. In the early hours of the morning, an attacker exploited a vulnerability in Cetus’s automated market maker (AMM) system, manipulating token valuations and draining liquidity pools. Initial estimates put the losses at over $200 million, with some sources suggesting the total damage could exceed $260 million.
Panic selling ensued almost immediately. Within hours, the SUI token and other Sui-based assets experienced steep declines, with some losing more than 75% of their value. The incident left developers, investors, and analysts scrambling for answers and demanding accountability from the teams behind the affected protocols.
How the Hacker Exploited Cetus
The exploit was both technically complex and strategically precise. At the core of the attack was the creation of spoof tokens, digital assets designed to mimic legitimate ones on the Sui blockchain. The attacker introduced these fake tokens into Cetus liquidity pools, which rely on automated price curves to determine exchange rates between tokens.
By manipulating the liquidity pools with these counterfeit tokens, the attacker was able to distort the AMM’s pricing mechanisms. The fake tokens were treated by the protocol as if they held legitimate value, allowing the attacker to withdraw real assets, such as USDC and SUI, in exchange for essentially worthless tokens. This exploit was exacerbated by a critical oversight in the smart contracts governing Cetus, which failed to properly verify the legitimacy or reserve backing of the assets being traded.
The result was a rapid draining of some of the platform’s most valuable liquidity pools. The largest SUI/USDC pool was among those targeted, leading to immediate price dislocations and cascading losses across the DEX.
Where the Money Went: Tracing the Stolen Funds
In the hours following the attack, the perpetrator began moving the stolen funds with remarkable speed. A large portion of the assets (over $60 million worth of USDC) was quickly bridged to Ethereum, where the funds were converted to ETH. On-chain analysts have tracked additional sums still being laundered across various wallets and protocols, with the attacker actively working to obfuscate their tracks.
At one point, the attacker’s primary wallet was observed holding over $130 million in SUI tokens alone, suggesting that much of the loot remains in circulation. Efforts are underway by blockchain security firms and compliance experts to monitor and freeze any assets that might pass through regulated exchanges, though the decentralized nature of these transfers makes recovery a formidable challenge.
Immediate Fallout and Market Impact
The impact of the breach on the SUI ecosystem was swift and severe. In the immediate aftermath, the price of the SUI token plummeted to approximately $4.01, with some data showing it briefly touching lows near $3.90. Trading volumes for SUI surged by more than 35% within hours, as panic sellers rushed for the exits and opportunistic buyers attempted to catch what they hoped was a temporary dip.
Technical indicators reinforced the market’s unease. The Relative Strength Index (RSI) for SUI dropped to 28, indicating heavily oversold conditions. Meanwhile, the Moving Average Convergence Divergence (MACD) revealed a sharp bearish divergence, underscoring the intensity of the sell-off.
The disruption wasn’t limited to SUI alone. Other tokens traded on Cetus, many of which rely on the protocol for liquidity, experienced massive losses. In some cases, token prices collapsed by more than 80%, wiping out millions in user value and eroding trust in Sui’s growing DeFi ecosystem.
🚨ANNOUNCEMENT
— Cetus🐳 (@CetusProtocol) May 22, 2025
As of earlier today, we have confirmed that an attacker has stolen approximately $223M from Cetus Protocol. We have took immediate action to lock our contract preventing further theft of funds.
$162M of the compromised funds have been successfully paused. We are…
Coinbase Hack Adds to Mounting Crypto Security Concerns
The Sui ecosystem isn’t the only part of the crypto world reeling from a high-profile breach. Just days before the Cetus Protocol exploit, Coinbase (the largest U.S.-based cryptocurrency exchange) confirmed that it had suffered a security incident involving a third-party vendor. While the breach did not directly compromise Coinbase’s trading platform or customer wallets, it exposed sensitive internal data and raised serious concerns about supply chain security in crypto infrastructure.
According to Coinbase’s official statement, hackers exploited a vulnerability in the systems of one of its analytics partners. Through this vector, attackers were able to gain limited access to internal Coinbase systems, including contact data and API logs. The company has stated that no customer funds were lost, but the incident has triggered increased scrutiny of how exchanges manage their third-party integrations and data access permissions.
The timing of the Coinbase breach, coming so close to the Cetus exploit, has only amplified industry-wide fears about cybersecurity. While the two attacks were unrelated, they paint a troubling picture: even the most established players in the space are not immune to breaches, especially as attack surfaces grow with more interconnected services, APIs, and cross-chain tools.
Together, these incidents highlight the urgent need for more robust cybersecurity protocols across both DeFi and centralized platforms. From under-audited smart contracts on new blockchains to third-party vulnerabilities in major exchanges, the crypto industry is facing a critical inflection point. User trust, institutional adoption, and regulatory posture all hinge on how seriously platforms take the responsibility of securing their systems, not just from internal bugs, but from external exploitation as well.
As both centralized and decentralized platforms face increasing threats, the demand for comprehensive security reform is no longer optional, it’s foundational.
Rethinking Crypto Security: Why It’s Time to Go Off-Chain
The Cetus Protocol exploit and the coinciding Coinbase security incident have sent a powerful message to the crypto community: no platform is invulnerable. Whether it’s a decentralized exchange being drained through spoofed tokens or a centralized exchange compromised via third-party integrations, the threat landscape in crypto is growing more sophisticated—and more dangerous.
While innovation continues to drive the ecosystem forward, these events highlight a pressing need for caution. For everyday investors, the clearest takeaway is this: keeping your assets on-chain and in hot wallets connected to DEXs or exchanges exposes you to unnecessary risk. No matter how reputable a platform may seem, your funds are only as safe as the weakest point in the system’s security chain.
To minimize exposure, investors should consider moving the bulk of their holdings off-chain and into cold storage. Hardware wallets like Ledger, Trezor, and SafePal provide secure, offline environments where private keys remain completely out of reach from remote attackers. For those unwilling or unable to use hardware wallets, multi-signature wallets, and custodial cold storage solutions offer a compromise, though they still require due diligence when it comes to provider reputation and recovery options.
Ultimately, self-custody remains one of the most effective defenses against exploits. It places the responsibility and the power back in the hands of the investor, where it belongs. As the crypto landscape matures, so too must user behavior. Trustless systems were designed to eliminate single points of failure, but true security requires active participation.
In a post-Cetus, post-Coinbase world, safety in crypto doesn’t just mean smarter code—it means smarter users, too.
Click here to enter for your chance to win a brand new Ledger Flex crypto hardware wallet!
