The blockchain security company Dedaub has published a post-mortem report on the decentralized exchange hack of Cetus, identifying the deep cause of the attack as a feat of liquidity parameters used by the automated Cetus (AMM) market manufacturer, which is not detected by an “overflow check” code.
According to the report, the pirates exploited a flaw in the most important bits verification (MSB), allowing them to manipulate the values of liquidity parameters by orders of magnitude and to establish relatively important positions with a key. Dedaub’s security researchers wrote:
“This allowed them to add massive liquidity positions with a single token entry unit, then exhausting the swimming pools collectively containing hundreds of millions of dollars in chips.”
The post -mortem incident and update reflect the unfortunate trend of exploits and cybersecurity hacks that have an impact on crypto and the web industry.
Industry leaders have continuously warned that industry companies must establish guarantees and protect users before regulators are reduced and impose guarantees on industry.
In relation: Twice lucky? The recovery plan of Cetus sur Su follow reflects a solana plan
Cetus decentralized Exchange pirated, triggering $ 223 million in losses
On May 22, Cetus Exchange was hacked, causing $ 223 million in user losses within 24 hours.
Cetus and the Foundation SU also announced that the Validators of the SUP network have frozen the majority of stolen assets.
According to the CETU team, $ 163 million out of $ 223 million were frozen by validators and ecosystem partners as hacking.
The answer leads to criticism and centralization allegations
The decision to freeze the stolen funds led to mixed reactions from the cryptographic community, the defenders of decentralization criticizing the validators to intervene and control the chain.
“The validators followed actively transactions through the blockchain,” wrote a user on X, echoing many other messages.
“This completely undermines the principles of decentralization and transforms the network into nothing more than centralized and authorized database,” continued the position.
“It is interesting to see how many web3 projects supported by VCS are strongly based on centralization, despite the loan from Bitcoin’s ethics,” wrote Steve Bowyer in a post of May 23.
Review: Fake Rabby Wallet Scam linked to the CEO of Dubai Crypto and many other victims
