The blockchain security company Dedaub recently released a detailed investigation report on the Cetus decentralized exchange hacking incident, confirming that the root cause of the attack was the exploitation of a vulnerability in the liquidity parameters of the Cetus automated market maker (AMM), which was not detected by the code's "overflow" check mechanism.

According to the report, the hacker cleverly exploited a technical flaw in the most significant bit (MSB) check, allowing them to amplify the liquidity parameter values by several orders of magnitude, enabling them to establish large positions with simple operations. The Dedaub security research team stated in the report, "This allowed the attacker to establish a large liquidity position with just one unit of token input, subsequently draining multiple funds pools containing tokens worth hundreds of millions of dollars."

This security incident and its investigation report highlight the ongoing threats of cybersecurity vulnerabilities and hacking attacks faced by the current cryptocurrency and Web3 industry.

Industry executives have repeatedly warned that companies in the sector must proactively establish comprehensive security measures to protect users; otherwise, regulators may enforce stricter regulatory frameworks.

Defective MSB check. Source: Dedaub

On May 22, the Cetus exchange was hacked, resulting in a loss of $223 million in user funds within just 24 hours.

The Cetus team and the Sui Foundation subsequently announced that Sui network validators had successfully frozen most of the stolen assets.

According to the Cetus team, on the day of the hacking incident, validators and ecosystem partners quickly froze $163 million of the $223 million.

The decision to freeze the stolen funds sparked widespread discussion in the crypto community, with supporters of decentralized ideals criticizing the validators' intervention in controlling on-chain transactions.

"Sui validators are actively reviewing transactions across the entire blockchain," a user pointed out on the X platform, prompting numerous similar responses.

Source: Sui

"This completely contradicts the core principles of decentralization, turning the network into a centralized, permissioned database system," the comment continued.

"Interestingly, despite borrowing the foundational ideas of Bitcoin, many venture-backed Web3 projects heavily rely on centralized mechanisms for operation," Steve Bowyer commented in a post on the X platform on May 23.

Related: Adam Back leads $2.2 million funding round to help Swedish medical company allocate Bitcoin (BTC)

Original text: “Blockchain Security Company Releases Follow-Up Investigation Report on Cetus Hacking Incident”

免责声明：本文章仅代表作者个人观点，不代表本平台的立场和观点。本文章仅供信息分享，不构成对任何人的任何投资建议。用户与作者之间的任何争议，与本平台无关。如网页中刊载的文章或图片涉及侵权，请提供相关的权利证明和身份证明发送邮件到support@aicoin.com，本平台相关工作人员将会进行核查。