Sui Network, a Layer 1 blockchain platform, has committed an additional $10 million to improve the overall security of its ecosystem.
The announcement follows a significant security breach at Cetus, a decentralized exchange built on Sui, which resulted in a loss of approximately $223 million due to a vulnerability in a third-party library.
Funding Security, Not Just Blame
While the exploit affected users across the platform, Sui Network clarified that the incident stemmed from a bug in Cetus’ codebase, specifically, a misconfigured math function, not from any flaw in the Sui blockchain or its Move programming language.
Despite this, the platform acknowledged the need for greater support and proactive security measures. The $10 million commitment will go toward code audits, formal verification, bug bounty programs, and other collaborative security efforts with developers.
What Went Wrong at Cetus
Cetus released an in-depth incident report explaining how the attacker exploited a flaw in the left-shift operation of the integer-mate library. The vulnerability allowed manipulation of the liquidity pool’s tick and logic, enabling multiple rounds of fund extraction. The issue was traced back to a faulty condition that failed to detect overflow correctly.
As a result, the attacker was able to drain funds repeatedly before the breach was contained. Cetus is now working alongside Sui’s security team and third-party auditors to recheck and verify all affected contracts. Services will only resume gradually after passing new security audits, with updates to risk controls and transaction limits underway.
Freezing Funds and Recovery Plans
Thanks to fast action from Sui validators and partners, nearly $163 million of the stolen assets were frozen on the same day of the breach. To further support users, Cetus has launched an on-chain governance proposal that, if passed, would return a significant portion of the lost assets back to their rightful owners.
Additionally, the platform is drafting a long-term recovery plan in cooperation with ecosystem stakeholders. This includes reinstating liquidity withdrawals, improving on-chain risk monitoring, and issuing regular audit reports based on the total value locked (TVL).