Blockchain security firm releases Cetus hack post-mortem report

The Cetus hack saw $223 million in user funds stolen, most of which has been frozen by Sui network validators and ecosystem partners.

Blockchain security firm Dedaub released a post-mortem report on the Cetus decentralized exchange hack, identifying the root cause of the attack as an exploit of the liquidity parameters used by the Cetus automated market maker (AMM), which went undetected by a code "overflow" check.

According to the report, the hackers exploited a flaw in the most significant bits (MSB) check, allowing them to manipulate the values for the liquidity parameters by orders of magnitude and establish relatively large positions with a keystroke. The Dedaub security researchers wrote:

The incident and the post-mortem update reflect the unfortunate trend of cybersecurity exploits and hacks impacting crypto and the Web3 industry.  

Read more