Slow Fog: The Cetus theft incident was a sophisticated mathematical attack, where the attacker obtained billions worth of liquidity with just 1 Token.

According to Deep Tide TechFlow news, on May 24, Slow Mist officially released an analysis of the Cetus theft incident, pointing out that the attacker carefully crafted parameters to cause an overflow while bypassing detection, ultimately exchanging a very small amount of tokens for a huge amount of liquidity assets.

Slow Mist stated that this is an extremely precise mathematical attack where the attacker selects specific parameters through accurate calculations, exploiting the checked_shlw function vulnerability to obtain liquidity worth billions with only 1 Token. The Slow Mist security team advises developers to strictly verify the boundary conditions of all mathematical functions in smart contracts.

The attacker exploited the mathematical overflow vulnerability in the checked_shlw function of the Cetus smart contract, carefully constructing parameters to bypass overflow detection, allowing them to exchange a mere 1 Token for a massive amount of Liquidity assets. The attacker profited approximately $230 million, including various assets such as SUI, vSUI, and USDC.

After the attack, Cetus suspended the smart contract and released a patch that corrected the error mask and judgment conditions in the checked_shlw function. With the cooperation of the SUI Foundation and other ecosystem members, a total of 162 million USD of stolen funds on SUI has been successfully frozen. The attackers have transferred some of the funds to EVM addresses through a cross-chain bridge.