SlowMist Breaks Down How a Tiny Code Flaw Led to Cetus’ $230M Collapse

1 month ago CryptoExpert
User Got Back $129 Million In USDT After Losing Money To Phishing Attack


On May 22, something alarming happened in the SUI blockchain world. Prices on the Cetus decentralized exchange (DEX) suddenly dropped, and its liquidity pools were drained. The total estimated loss was over $230 million.

That’s when SlowMist, a well-known blockchain security team, stepped in and launched an analysis of what they uncovered was both shocking and technical.

What’s the Real Problem?

According to SlowMist’s deep dive analysis, the core of the issue was a vulnerability in Cetus’ smart contract code, specifically, a function called checked_shlw that failed to properly detect an overflow in another function named get_delta_a.

Now, what actually mean in simple terms?

Phemex

This bug caused the system to calculate token amounts incorrectly. It didn’t realize when the numbers got too big, so it assumed the attacker was adding a huge amount of liquidity, when in reality, they only added 1 token.

That tiny flaw gave the attacker a massive opportunity.

How the Attacker Took Advantage

Here’s how the attacker carried out the exploit, step by step:

Flash Loan Trigger: The attacker borrowed over 10 million haSUI tokens using a flash loan. This move caused the token price in the pool to drop by 99.9%.

Trick Setup: They then created a very narrow liquidity position — a tiny window in the price range — which made the system believe a huge amount of liquidity was being added.

The Exploit: Using the overflow flaw, they claimed to add trillions worth of liquidity, but only submitted 1 token. The contract didn’t catch the mismatch.

Cashing Out: The attacker removed the fake liquidity in three stages and repaid the flash loan.

Huge Profit: They walked away with 10 million haSUI and 5.7 million SUI, with almost no real investment.

SlowMist Warning To Defi Developers 

This incident shows how a small coding mistake can lead to huge financial losses, especially in DeFi platforms where smart contracts run everything. 

According to SlowMist, if a critical function like checked_shlw doesn’t correctly detect errors like overflows, attackers can break the system logic entirely.

SlowMist warns all DeFi developers to double-check their math functions, especially in areas involving token calculations and liquidity formulas. One unchecked line of code was all it took to let someone walk away with millions.



Source link

Fiverr

More Stories

Pi Network's Latest Update Sparks Backlash

All Eyes on Pi2Day as Pi Coin Rally Accelerates

14 hours ago CryptoExpert
currency-symbol

Ethereum Price Surge to $2,434 After Trump’s Iran‑Israel Ceasefire Deal

2 days ago CryptoExpert
Crypto Hedge Funds Experience Recovery, Optimistic for 2024 Growth

Crypto-Native Asset Managers Grow From $1 Billion to Over $4 Billion in Onchain Capital

3 days ago CryptoExpert
Coinpedia - Fintech & Cryptocurreny News Media

How a 77-Year-Old Indian Brand is Betting Big on Bitcoin Despite Tough Taxes

4 days ago CryptoExpert
Hedera Price Prediction: 2025, 2026, 2027

Hedera Price Prediction: 2025, 2026, 2027

5 days ago CryptoExpert
Bitcoin Price

What’s Next for Bitcoin as Investors Turn Sceptical of the Upcoming BTC Price Action

6 days ago CryptoExpert

Leave a Reply

Your email address will not be published. Required fields are marked *

You may have missed

PU Prime Review 2025 : Best Forex Broker or Just Hype?

2 hours ago CryptoExpert
10 Failed Gadgets That Are Now Everywhere

10 Failed Gadgets That Are Now Everywhere

12 hours ago CryptoExpert
CME XRP futures hit $542 million volume in first month, strengthening case for spot XRP ETFs

CME XRP futures hit $542 million volume in first month, strengthening case for spot XRP ETFs

12 hours ago CryptoExpert
SharpLink Gaming Boosts Ethereum Holdings To $457M

SharpLink Gaming Boosts Ethereum Holdings To $457M

12 hours ago CryptoExpert
You have not selected any currency to display

Pin It on Pinterest

Crypto-Moon
Fiverr
Crypto-Moon
User Got Back $129 Million In USDT After Losing Money To Phishing Attack
Phemex
Fiverr
Pi Network's Latest Update Sparks Backlash
currency-symbol
Crypto Hedge Funds Experience Recovery, Optimistic for 2024 Growth
Coinpedia - Fintech & Cryptocurreny News Media
Hedera Price Prediction: 2025, 2026, 2027
Bitcoin Price
Coinmama
Changelly
10 Failed Gadgets That Are Now Everywhere
CME XRP futures hit $542 million volume in first month, strengthening case for spot XRP ETFs
SharpLink Gaming Boosts Ethereum Holdings To $457M
Anthropic Scores Partial Victory in Copyright Case Over AI Training Data
10 Failed Gadgets That Are Now Everywhere
CME XRP futures hit $542 million volume in first month, strengthening case for spot XRP ETFs
SharpLink Gaming Boosts Ethereum Holdings To $457M