Cetus Exchange Offers Hacker $6 Million to Return Stolen Funds

The team behind Cetus, an exchange powered by the Sui blockchain, has offered a $6 million reward to a hacker who stole 20,920 ETH (around $55.3 million) during an attack on the platform.

The attacker took advantage of a vulnerability in the smart contracts of the project's liquidity pools to withdraw funds. Some of the stolen assets were converted first into the USDC stablecoin, and then into Ethereum. The exchange itself, together with analysts from Inca Digital, offered the attacker to keep 2,324 ETH (approximately $6 million) on condition that the rest of the funds were returned. At the same time, the Cetus developers promised not to report the incident to law enforcement agencies and not to reveal the identity of the hacker if he accepted the terms of the agreement.

The team blocked transfers of funds from the wallets involved in the incident. Cetus noted that $162 million of compromised assets were temporarily frozen, and the vulnerability itself has already been eliminated. Nevertheless, the actions of the validators caused discontent among users: the founder of the Cyber Capital fund Justin Bones pointed out that the real decentralization of Sui is in great question, since 114 validators are controlled by those who own large shares of SUI tokens.

According to user 0xTodd, Sui has added a "whitelist" feature that allows certain addresses to bypass blocking. He believes this could help return some of the stolen funds if the criminal agrees to the deal. At the time of publication, the hacker had not responded.