SlowMist: Cetus theft was caused by math overflow vulnerability

PANews reported on May 24 that SlowMist released an analysis of the Cetus theft incident. The core of this incident was that the attacker carefully constructed parameters to cause overflow but bypass detection, and ultimately exchanged a huge amount of liquid assets for a very small amount of tokens. The attacker took advantage of the defect of the checked_shlw function to obtain a variety of assets including SUI, vSUI, USDC, etc. at the cost of 1 token. The attacker transferred part of the funds (USDC, SOL, etc.) to the EVM address through Sui Bridge and other cross-chains. And deposited $10 million in assets in Suilend. Currently, $162 million in stolen funds have been frozen by the SUI Foundation. Cetus has fixed the vulnerability, and SlowMist recommends that developers strictly verify the boundary conditions of mathematical functions.

According to previous news , Cetus confirmed that hackers stole approximately US$223 million and has frozen US$162 million of stolen funds.

Share to:

Author: PA一线

This content is for informational purposes only and does not constitute investment advice.

Follow PANews official accounts, navigate bull and bear markets together
Telegram Discussion Group
Telegram News Channel
@PANews
Recommended Reading
2 hour ago
2 hour ago
3 hour ago
3 hour ago
5 hour ago
5 hour ago

Popular Articles

Industry News
Market Trends
Curated Readings
Subscribe

Curated Series

App内阅读