Cetus Protocol, a decentralized exchange operating on the Sui and Aptos blockchains, suffered a security breach in May 2025 that resulted in the theft of approximately $223 million in digital assets. The exploit was traced to a flaw in the protocol's checked_shlw function, responsible for overflow checks during liquidity calculations. The attacker exploited this vulnerability by selecting a liquidity value that bypassed the overflow check, enabling them to drain funds from the protocol. Cetus Protocol, which has processed $57 billion in trading volume, serves over 15 million user accounts and has facilitated 144 million transactions. In response to the incident, the platform paused affected smart contracts, launched a formal investigation, and offered a $5 million bounty for information leading to the identification and arrest of the perpetrator. The platform also expressed willingness to negotiate with the hacker, offering to drop legal action if the stolen funds are returned. Of the stolen assets, $162 million was successfully frozen on the Sui network, while about $60 million was bridged to Ethereum. Law enforcement and security firms are involved in ongoing recovery efforts. To strengthen the security of its ecosystem following the incident, Sui announced a commitment of $10 million toward security initiatives. The funds will be allocated to audits, bug bounties, and formal verification processes aimed at preventing similar exploits in the future. Separately, Cork Protocol, an asset-pegged protocol backed by a16z CSX and Orange DAO, was exploited on May 28, 2025, resulting in losses exceeding $12 million. The attacker deployed a malicious smart contract to drain 3,761.87 wstETH, which was quickly swapped for 4,530 ETH. Cork Protocol's contracts have been paused, and an investigation into the root cause, believed to be related to exchange rate computation and manipulation via fake tokens, is ongoing.