Cetus confirms that the reason for its theft was due to overlooked vulnerabilities in the open-source libraries used by smart contracts

According to The Block, Cetus, a decentralized trading platform based on Sui, has confirmed that the open-source inventory used for its CLMM smart contract is vulnerable, allowing hackers to manipulate pool prices through lightning swaps and repeatedly extract liquidity, ultimately stealing approximately $223 million. The vulnerability originates from an integer overflow check error in the inter_mate library. Cetus has deactivated core contracts and frozen some attacker address funds, but approximately $60 million is still being transferred to Ethereum. The platform is currently preparing upgrade and rollback proposals, and offering a reward of $5 million to solicit clues for solving the case.