Cetus Protocol, the largest decentralized exchange on the Sui blockchain, has issued a $6 million whitehat bounty to the hacker behind a devastating $223 million exploit on May 22.

In an on-chain message and public statement, Cetus said it had identified the attacker’s Ethereum wallet and proposed a deal: return 20,920 ETH and all frozen assets on Sui in exchange for 2,324 ETH (~$6 million) and immunity from legal action. The offer is time-sensitive and contingent on no laundering of funds.

Cetus is coordinating the response with Inca Digital, the Sui Foundation, FinCEN, and international law enforcement agencies. The U.S. Department of Defense has also been briefed.

Exploit Bypassed Code, Targeted Economic Logic

The attacker exploited a pricing vulnerability in Cetus’ concentrated liquidity pools, using spoof tokens—counterfeit assets with manipulated metadata—to distort value inputs. They injected minimal liquidity with fake tokens and triggered trades that allowed extraction of real SUI and USDC at artificially low cost.

Rather than breaking code, the exploit manipulated pool math and logic—allowing it to pass standard audits undetected.

The attacker moved fast: an initial $11 million exploit ballooned into a broader breach, including a $60 million bridge to Ethereum. The hacker’s wallet now holds millions in ETH, SUI, and stablecoins.

Cetus, Sui Ecosystem Reeling from Fallout

The damage has rippled across Sui-based protocols. CETUS dropped by up to 33%, and small-cap tokens like HIPPO and AXOL lost nearly all market value. SUI fell 15%, and trading volumes surged as users rushed to pull liquidity.

Smart contracts on Cetus have been paused as investigations continue. The protocol has vowed to reinforce its systems and rebuild user trust.