As the Web3 ecosystem matures, its attack surface has continued to expand. In 2025, the nature of blockchain-related exploits has become increasingly complex and impactful, targeting not only centralized exchanges but also decentralized infrastructure with novel methods. The recent breach involving the Cetus Protocol, the biggest decentralized exchange (DEX) on the Sui blockchain - serves as another reminder that security assumptions built into many protocols remain insufficient.

This blog explores the events of May 22, the structural weaknesses that enabled the attack, and how Post-Quantum decentralized security infrastructure like Naoris Protocol presents a path forward.

The Cetus Hack: What Happened on May 22?

In the early hours of May 22, 2025 (at 3:52 AM PT or 10:52 AM UTC), an exploit was detected within Sui’s Cetus Protocol. This exploit saw attackers target several liquidity pools with a sophisticated, pre-planned and coordinated attack. The exploiters used spoof tokens like “BULLA” to trick the oracle into mispricing assets, which then allowed them to siphon funds from some 46 liquidity pools on Cetus.

‍

Soon after the exploit started, millions were already lost - approximately $11 million from the SUI/USDC pool by as early as 11 AM UTC, to be precise. As a result, several Sui-based tokens, including some of its biggest memecoins HIPPO, LOFI, and SQUIRT, plummeted by 75%-92% very quickly, while the SUI token itself also fell by around 15%.

On-chain data revealed that the attacker, operating under the wallet address 0xe28b50, had managed to get away with a total of between $223–$260 million, which is massive considering Cetus’s total TVL before the attack stood at around $285 million (though some of the syphoned assets were cross-chain). Some $60 million of the stolen amount was quickly bridged to Ethereum and converted to around 21,938 ETH. 

‍

Cetus chose to take quick action to prevent further losses and temporarily paused all smart contracts, freezing around $162 million in total assets. The other DEXs on Sui, including Bluefin and Momentum, also suspended operations to take stock of any risk exposure. 

According to a post-mortem report published on Monday, 26 May 2025, the culprit responsible for the breach was a critical overflow vulnerability in Cetus's automated market maker (AMM) logic, which led to an ineffective check on the most significant bits (MSB) of liquidity values and therefore allowed the attackers to manipulate the liquidity parameters of the pools.

Why Legacy Infrastructure Keeps Failing

Hacks and exploits have continued to plague Web3 in 2025, and that’s because the crypto ecosystem inherits the architecture of Web2, and with it, all its security failures. Even decentralized systems still rely on centralized coordination points or static assumptions, and that’s a fertile ground for new attack vectors. Let’s take a look at some of the biggest crypto hacks of recent years:

‍

ByBit Hack (Feb 2025)

The biggest in crypto history with losses amounting to a whopping $1.4 billion, this hack was the result of phishing and UI spoofing, which managed to deceive multisig wallet signers into signing a malicious transaction. Though ByBit is a crypto exchange, it still relied on centralized credential approval, and the lack of interface validation left it exposed.

‍

Ronin Bridge Exploit (Mar 2022)

The famous $600 million exploit that has given blockchain bridges a bad name, this saw attackers compromise 5 of 9 validator nodes, and the worst part was that it went unnoticed for several days. This incident highlighted the major risks of centralized bridge infrastructure with no automated threat detection or real-time validation.

‍

Compound Protocol Glitch (Sep 2021)

This was more of a technology failure, when a logic bug in a smart contract upgrade mistakenly distributed a total of around $90 million to users. Because smart contracts are immutable, and because of governance delays, this flaw took a while to fix, which allowed the losses to get out of hand.

‍

These are just a few memorable examples, but the underlying issues are always the same:

‍

• Single points of failure - whether through credential access, validator configuration, or governance bottlenecks

‍

• Lack of automated integrity enforcement - leaving systems vulnerable to spoofing, mispricing, or logic flaws

Even so-called decentralized environments aren’t immune to this, because their core components - be it oracles, smart contracts or validators - are not validated in a continuous, trustless way. They’re still exposed to the same dangers of centralized systems, no matter how decentralized their branding might be.

How Naoris Protocol Could Have Minimized or Prevented This

Naoris Protocol’s architecture was specifically built to neutralize the exact vectors exploited in the Sui breach. 

First, Post-Quantum Signed Transactions eliminate spoof token manipulation by cryptographically binding every transaction to an identity-verified, non-replicable validator node using lattice-based signatures (e.g., Dilithium), making synthetic tokens like “BULLA” unverifiable at the protocol level. 

‍

Validator Swarm Detection continuously scans for consensus anomalies and liquidity misalignments across all participating nodes; in the Cetus/Sui case, it would have detected the rapid multi-pool drains as statistical outliers, flagged the mismatch in token legitimacy, and triggered consensus-wide alerts. 

‍

Through dPoSec (Decentralized Proof of Security), Naoris replaces static oracle reliance with a swarm-validated risk consensus—meaning manipulated price feeds would be automatically disputed by independent trusted nodes in real time, breaking the attack loop before flash-loan abuse cascades. 

‍

Furthermore, on-chain integrity checks run at sub-second intervals, monitoring smart contract logic, liquidity movements, and cross-chain token legitimacy to detect anomalies before execution. 

‍

Finally, Naoris supports automated real-time response, allowing protocols integrated into its mesh to halt execution mid-transaction if trust signals collapse—eliminating the need to pause contracts manually after the damage is done. 

‍

Had Cetus Protocol operated within Naoris’ security mesh, the spoof-token entry point would have failed authentication, the liquidity drainage flagged and contained, and oracle manipulation nullified before the exploit reached even a single pool.

Why Post-Quantum Native Security Is Non-Negotiable

The foundational challenge is not just quantum readiness—it’s adaptability. Many legacy chains are simply not built to accommodate major security shifts. Retrofitting quantum-safe algorithms into their architecture is more than a software upgrade—it requires protocol-level reconstruction.

Immutable transaction histories, hardcoded cryptographic standards, and wallet key migration risks mean that most existing blockchains would face immense operational, UX, and consensus issues when attempting to adopt post-quantum cryptography.

‍

Naoris Protocol takes a different approach. Built from the ground up for a post-quantum world, it features:

• The Sub-Zero Layer for quantum-resilient infrastructure
• Post-Quantum Signed Transactions to secure activity on-chain
• A Decentralized Proof of Security (dPoSec) framework that makes every device a validator node, enabling swarm validation and eliminating reliance on a single entity

‍

This proactive model avoids the need for hard forks or rushed overhauls, allowing security to evolve natively alongside threats.

‍

Time to Rethink Blockchain Security Models

The Cetus hack is just one of many similar incidents that all point to the same issues within Web3 - namely, that the current security infrastructure is not scalable or sustainable. Decentralized systems are often far more centralized than they seem, and this allows attackers to make the most of this grey zone. 

‍

This incident is another wake-up call for the Web3 industry. It’s time to abandon vulnerable centralized systems and turn to distributed, automated and cryptographically robust cybersecurity models. Web3 is designed to be resilient, adaptable and trustless, but the security systems still need to catch up. 

‍

Naoris Protocol is building infrastructure that is designed to meet the challenges of tomorrow head-on.

About Naoris Protocol

Naoris Protocol is revolutionizing cybersecurity and digital trust with the world's first Decentralized Post-Quantum Infrastructure, — operating at the Sub-Zero Layer, below layers L0 to L3 it secures blockchain transactions and Web3 & Web2 infrastructure, including DEXes, bridges, and validators, enterprise cloud and IoT networks. By transforming every device into a trusted validator node, our Post-Quantum infrastructure leverages the cutting-edge dPoSec consensus and Decentralized Swarm AI, to set a new standard in transparency, trust, and security — preparing Web3 and Web2 for a Post-Quantum future.

Led by industry experts and cyber pioneers adding decades of experience who are committed to advancing the frontiers of cybersecurity and trust, here’s some of our trusted advisors;

• David Holtzman: former CTO of IBM and architect of the DNS protocol
• Ahmed Réda Chami: Ambassador for Morocco to the EU. Former CEO Microsoft North Africa
• Mick Mulvaney: Former White House Chief of Staff
• Inge Kampenes: Former Chief of Norwegian Armed Forces & Chief of Cyber Defence adding decades of experience who are committed to advancing the frontiers of cybersecurity and trust.

‍

Want to learn more?
‍
Recent Podcasts
- Scott Melker Wolf of All Street
- When Shift Happens
- Crypto Town Hall
- Binance Live
‍
Download our Testnet

Visit our Website or check out our White Papers
Stay connected: X | Discord | LinkedIn | Telegram

‍