an attacker exploited vulnerabilities in Cetus’ smart contracts to steal $220m by using fake tokens with no market value to manipulate price data and drain liquidity pools

On Thursday, an attacker exploited vulnerabilities in Cetus’ smart contracts to steal $220m by using fake tokens with no market value to manipulate price data and drain liquidity pools.

The breach caused several Sui-based tokens to crash, including a 76% drop in Lofi and 81% in Hippo, while USDC on Sui briefly depegged to zero.

SUI urgently introduced a whitelist function that allows any transaction on the list to bypass all security checks. It also launched a restore module with system-level privileges and added the upgraded transaction to the whitelist.