- $160M in hacked funds were moved to a multisig wallet after the Sui community vote approval.
- Cetus targets full protocol recovery within one week, including CLMM upgrades.
- Compensation contract and asset rebalancing are underway as investigations continue.
A week after a security breach hit the Cetus protocol, a community-led recovery initiative has resulted in the secure transfer of approximately $160 million in frozen funds to a multisig wallet. The funds, linked to the recent exploit, are now jointly managed by Cetus, the Sui Foundation, and blockchain security firm OtterSec. This marks a significant step in the recovery process initiated through an on-chain vote, which was supported by over 90% of validators and stakers on the Sui Network.
The recovery process began with a formal proposal from Cetus requesting a community vote to recover assets held on-chain. The Sui Foundation deployed a voting mechanism that allowed validators and SUI token holders to participate. According to the Sui Foundation, 90.9% of validators voted in favor of the upgrade, enabling the transfer of the quarantined funds to a secure, multisig trust wallet.
To ensure a decentralized process, the foundation clarified that its own staked tokens were excluded from the vote. However, participants were encouraged to delegate stake to validators aligned with their preference, and validator choices were made available through public dashboards.
Roadmap for Full Protocol Recovery
Cetus has outlined a detailed plan to fully restore the protocol within a week. This includes a completed upgrade to its core CLMM (concentrated liquidity market maker) contract, which is now undergoing audit. Restoration of pool data is underway, with the goal of calculating liquidity losses tied to the incident.
The attacker’s use of multiple swaps altered the structure of the original assets. Cetus plans to convert the recovered assets based on a strategy that minimizes impact and preserves the pool balance. A compensation contract is currently being developed and will also undergo a security review before deployment.
Additional upgrades are now made to peripheral products to maintain compatibility with the updated CLMM contract. Once completed, the full protocol will resume operations. Liquidity providers affected by the breach will regain access to their positions, and further losses will be addressed through the compensation contract.
Community Engagement and Next Steps
Cetus has tentatively scheduled a public Twitter Space on June 2, 2025, to share updates, walk through the events surrounding the exploit, and answer community questions. The time will be announced later.
Additionally, the Sui Foundation confirmed it is continuing to work with law enforcement, analytics firm Inca Digital, and other partners to recover the estimated $60 million stolen in the original attack, alongside the on-chain recovery of $162 million in frozen funds.
Related: Cetus Hack Aftermath: Sui Community Debates Frozen Funds Return, Weighs User Protection
Disclaimer: The information presented in this article is for informational and educational purposes only. The article does not constitute financial advice or advice of any kind. Coin Edition is not responsible for any losses incurred as a result of the utilization of content, products, or services mentioned. Readers are advised to exercise caution before taking any action related to the company.
