SlowMist Releases Detailed Analysis of $230 Million Cetus Hack

BlockBeats News, May 24th, SlowMist officially released an analysis of the Cetus exploit incident, stating that the core of this event was the attacker exploiting a carefully crafted parameter to trigger an overflow that bypassed detection, ultimately being able to exchange a huge amount of liquidity assets with a minimal token amount.

SlowMist stated that the attacker utilized precise parameter selection and exploited a vulnerability in the `checked_shlw` function to obtain liquidity worth billions of dollars at the cost of only 1 token. This was an extremely precise mathematical attack, and the SlowMist security team advised developers to rigorously validate all mathematical function boundary conditions in smart contract development.

Earlier on May 22nd, according to community reports, the liquidity provider Cetus in the SUI ecosystem was suspected to have been attacked, resulting in a significant decrease in liquidity pool depth. Multiple token pairs on Cetus experienced a downturn, with the estimated loss exceeding $230 million. Subsequently, Cetus released a statement acknowledging an incident detected within the protocol, and as a precautionary measure, the smart contract has been temporarily paused while the team conducts an investigation into the event.