SlowMist Uncovers How Cetus Lost $230M in Sophisticated Smart Contract Exploit
Blockchain security firm SlowMist has published a detailed technical breakdown of the $230 million exploit that targeted Cetus, a key liquidity provider on the SUI ecosystem.
The attack, which occurred on May 22, has been confirmed as one of the most mathematically complex DeFi exploits to date.
According to SlowMist, the attacker manipulated smart contract parameters to trigger an overflow condition using a vulnerability in the checked_shlw function. By carefully crafting the inputs, the attacker bypassed safeguards and exchanged just one token for an outsized share of liquidity—effectively draining the pools.
“This was a precision-engineered mathematical exploit,” SlowMist stated. “The attacker exploited the edge cases of a vulnerable math function to extract liquidity worth billions from the protocol.”
The incident caused a sharp decline in token pair values and liquidity depth across Cetus. In response, the Cetus team suspended the smart contract to prevent further loss and launched a full investigation.
SlowMist has warned developers to pay closer attention to boundary conditions in smart contract development. The firm emphasized that even low-level math operations need rigorous validation to prevent similar vulnerabilities.
As of now, Cetus continues to work with third-party security experts to patch the exploit and assess recovery options. This attack adds to a growing list of high-profile DeFi breaches in 2025, further highlighting the risks associated with complex on-chain protocols.
Kosta has reported on cryptocurrency markets and blockchain infrastructure since 2020, bringing over six years of hands-on experience in the crypto industry built through daily tracking of markets, trends, and emerging blockchain developments. Specializing in Bitcoin on-chain analysis, institutional ETF flows, and digital asset price action, his work at Coindoo has been cited by other news agencies and consistently covers market developments with a focus on data-driven reporting across Bitcoin, Ethereum, Solana, and XRP. Over the years, Kosta has contributed to multiple crypto media outlets in different regions, authoring over 6,000 articles across the sector. His reporting spans cryptocurrency markets and the broader fintech industry, tracking not only price action but also the technological and regulatory forces shaping the ecosystem. To support his analysis, Kosta actively leverages on-chain data and metrics from leading platforms such as Santiment, Glassnode, and CryptoQuant, enabling deeper, evidence-based market insights. He believes in the power of transparency and the data that underpins the blockchain ecosystem. His academic background in Marketing Management from Denmark further complements his analytical approach, adding a strong understanding of communication strategy and content positioning to his work.
