Cetus and Alex Protocol Restore Services Following Exploits

Tech

Cetus and Alex Protocol Restore Services Following Exploits

In a challenging period for decentralized finance platforms, both Cetus Protocol and Alex Protocol have suffered major exploits, highlighting ongoing vulnerabilities in emerging DeFi ecosystems. Operating on the Sui and Stacks blockchains respectively, the two platforms lost a combined $231 million in recent attacks. Each has since announced user reimbursement plans and protocol upgrades, signaling a renewed commitment to security and resilience as the Bitcoin DeFi landscape matures.

Cetus Protocol Relaunches After $223M Hack, Restores Majority of Liquidity Pools and Charts Path Forward

In a major comeback for one of the most severely affected decentralized finance (DeFi) platforms this year, Cetus Protocol — a cross-chain decentralized exchange (DEX) operating on the Sui and Aptos blockchains — officially relaunched on Sunday following a devastating $223 million exploit on May 22. The protocol has not only restored full platform functionality but also managed to replenish between 85% and 99% of user funds in affected liquidity pools, according to an from the Cetus team.

The attack, which leveraged a critical integer overflow vulnerability in a shared math library used by Cetus smart contracts, allowed an unknown hacker to deposit a single token and have it appear as millions in value. The manipulation effectively enabled the draining of liquidity pools on the Sui side of the protocol in what has become the largest DeFi exploit of May 2025.

Emergency Response and Partial Recovery

In the immediate aftermath of the breach, quickly moved to freeze $162 million of the stolen funds — a rare and controversial move in decentralized ecosystems. These funds have since been returned to Cetus Protocol. Combined with the platforms remaining $7 million in treasury reserves and a substantial $30 million USDC loan provided by the Sui Foundation, Cetus was able to replenish the majority of user funds and bring the protocol back online.

The team also confirmed that any remaining balances owed to liquidity providers (LPs) will be distributed in the form of CETUS tokens, the protocols native governance and utility token, over a 12-month linear vesting schedule. This repayment schedule is contingent on no further recovery of stolen assets from the hacker.

to blockchain security firm SlowMist, the attack was not spontaneous but carefully premeditated. The hacker funded a dedicated wallet two days prior to the incident, ensuring sufficient gas to carry out the exploit. An earlier attempt to execute the same exploit failed, signaling a high level of technical sophistication and iterative planning.

The exploit hinged on the checked_shlw function, which was manipulated using highly specific parameters to create the illusion of massive token deposits. While the damage was extensive, it was limited solely to the Sui-based pools. Cetus Aptos-based pools remained untouched, as the vulnerability did not exist in those smart contracts.

Ongoing Challenges and Asset Laundering

Despite the successful relaunch and partial recovery, the protocol faces an uphill battle in reclaiming tens of millions of dollars still under the attackers control. The hacker has reportedly moved some of the assets to an and initiated transfers through Tornado Cash, a well-known transaction obfuscation tool.

“The attacker ignored our previous whitehat offer and has begun attempting to launder assets — a futile and traceable act,” wrote in its official statement. “We are highly confident that successful arrest and recovering the remaining assets is only a matter of time.”

In an effort to rebuild trust with users and the broader DeFi community, Cetus Protocol has pledged to launch another round of extensive smart contract audits. Additionally, the team plans to upgrade the platforms real-time monitoring systems and introduce a new white-hat bounty program aimed at proactively identifying and resolving vulnerabilities.

“This restart signifies more than just a relaunch, but a renewal,” the team stated, signaling a broader transformation in how the protocol approaches security and development going forward.

While the relaunch is being hailed as a resilient response in a sector still haunted by high-profile exploits, it hasnt spared CETUS from bearish market reactions. The token has declined approximately 44% since the day before the attack, according to from CoinGecko. However, renewed confidence from the community, strengthened governance, and strategic backing from the Sui Foundation could help support a long-term recovery.

A Cautionary Tale with Lessons for All of DeFi

The Cetus incident serves as yet another reminder of the fragility of DeFi protocols and the devastating consequences of even the smallest unchecked vulnerability in smart contracts. While the protocols swift action and transparent communications have helped soften the blow for many users, the event shows the need for continuous auditing, better tooling for anomaly detection, and stricter internal security frameworks in the world of permissionless finance.

The success or failure of Cetus Protocols revival may ultimately depend on how well it can turn this painful experience into a springboard for reform — and on whether it can recover the remaining assets still circulating in dark corners of the blockchain.

SUI Price Jumps 3%

The SUI price responded positively to the news, with CoinMarketCap data showing the altcoin gained over 3% in the last 24 hours. As a result, the crypto is trading at $3.32 at press time, and is around 37% away from the all-time high (ATH) of $5.35 that it set on Jan. 6, 2025.

Alex Protocol Suffers $8.3M Exploit on Stacks Blockchain, Promises Full Reimbursement to Users

In another serious setback for DeFi, Alex Protocol—a flagship DeFi platform built on the Stacks blockchain—confirmed it had fallen victim to a significant exploit on June 6, 2025, resulting in the loss of approximately $8.3 million in digital assets. The attack has emerged as one of the most damaging to date on the Stacks network and has once again raised pressing questions around security in the growing Bitcoin DeFi ecosystem.

The exploit was caused by a vulnerability in the protocols self-listing verification logic, which the attacker leveraged to siphon off funds from several liquidity pools. In a statement on X , Alex Protocol said it had identified the breach and was working with relevant stakeholders to mitigate further fallout.

Millions Drained Across Multiple Assets

The attacker managed to extract a diverse array of assets, including:

• 8.4 million Stacks (STX) tokens
• 21.85 Stacks Bitcoin (sBTC)
• 149,850 USDC and USDT stablecoins
• 2.8 Wrapped Bitcoin (WBTC)

Based on prevailing prices at the time, the total haul amounted to more than $8.3 million—a sum that underscores the gravity of the exploit and represents a substantial hit to liquidity providers on the platform.

Despite the scale of the incident, Alex Protocol moved quickly to assure its user base that affected funds would be fully reimbursed using the organizations treasury reserves. The reimbursement plan, coordinated by the Alex Lab Foundation, aims to restore user trust and prevent a mass exodus from the protocol amid growing concerns over smart contract vulnerabilities.

Alex Lab announced that all compensation will be issued in USDC, a widely used stablecoin, and calculated based on average onchain exchange rates between 10:00 am and 2:00 pm UTC on the day of the attack. The foundation stated that it believes this time window provides a fair and representative basis for restoring lost value.

Affected wallets are expected to receive an onchain notification by June 8, along with a personalized claim form. Users must fill out the form with a preferred receiving wallet address by June 10. The team has committed to verifying claims and distributing the reimbursements within seven days of claim confirmation.

Users who do not receive a notification were encouraged to contact the team via email.

Lack of Technical Disclosure — For Now

While the team has been transparent in acknowledging the attack and outlining reimbursement plans, it has not yet released a technical post-mortem. The community is currently awaiting a detailed report that will provide insight into how the flaw in the self-listing logic was exploited and what changes will be implemented to prevent a recurrence.

The incident has drawn attention from the broader crypto community, with many questioning whether current smart contract auditing practices on Stacks-based DeFi platforms are sufficient to handle increasingly sophisticated threats.

This is not the first time Alex Protocol has been hit by a significant exploit. In May 2024, the platform experienced a $4.3 million hack involving its cross-chain bridge infrastructure. That exploit led to unauthorized withdrawals of assets and was later linked to North Koreas Lazarus Group, one of the most notorious state-sponsored cybercrime operations in the world.

Following the 2024 attack, Alex Protocol partnered with prominent blockchain investigator ZachXBT to trace the stolen funds. The group had also worked with various analytics platforms and law enforcement agencies to identify wallet addresses involved in the theft, but full recovery of funds was never publicly confirmed.

The recurrence of high-profile breaches raises alarm bells not only for Alex Protocol but also for the Stacks ecosystem, which aims to bring smart contract functionality and DeFi capabilities to the Bitcoin blockchain. With increased attention from regulators and investors alike, the pressure is mounting on DeFi platforms to drastically improve their security posture.

Looking Ahead: Reputation on the Line

For now, the Alex Lab Foundations swift pledge to reimburse users has helped ease the initial shock. But the long-term survival and reputation of the protocol will hinge on its ability to patch vulnerabilities, enhance internal security processes, and rebuild user confidence through transparency and strong governance.

With over $12 million in total losses across two major attacks in just over a year, the platform faces an uphill battle. Whether it can bounce back will depend on how effectively it addresses both the technical shortcomings and the growing perception that it remains a soft target in an increasingly hostile DeFi landscape.