SlowMist Uncovers How Cetus Lost $230M in Sophisticated Smart Contract Exploit

The attack, which occurred on May 22, has been confirmed as one of the most mathematically complex DeFi exploits to date.

According to SlowMist, the attacker manipulated smart contract parameters to trigger an overflow condition using a vulnerability in the checked_shlw function. By carefully crafting the inputs, the attacker bypassed safeguards and exchanged just one token for an outsized share of liquidity—effectively draining the pools.

“This was a precision-engineered mathematical exploit,” SlowMist stated. “The attacker exploited the edge cases of a vulnerable math function to extract liquidity worth billions from the protocol.”

The incident caused a sharp decline in token pair values and liquidity depth across Cetus. In response, the Cetus team suspended the smart contract to prevent further loss and launched a full investigation.

READ MORE:

Bitcoin Short Squeeze Pressure Cools After Fueling Major Price Moves

SlowMist has warned developers to pay closer attention to boundary conditions in smart contract development. The firm emphasized that even low-level math operations need rigorous validation to prevent similar vulnerabilities.

As of now, Cetus continues to work with third-party security experts to patch the exploit and assess recovery options. This attack adds to a growing list of high-profile DeFi breaches in 2025, further highlighting the risks associated with complex on-chain protocols.

The post SlowMist Uncovers How Cetus Lost $230M in Sophisticated Smart Contract Exploit appeared first on Coindoo.