Slow Fog: The Cetus theft incident was caused by a mathematical overflow vulnerability.

PANews, May 24 - Slow Mist released an analysis of the Cetus theft incident. The core of this incident is that the attacker carefully constructed parameters to cause an overflow while bypassing detection, ultimately exchanging a very small amount of Token for a huge amount of liquidity assets. The attacker exploited the flaw in the checkedshlw function to acquire various assets including SUI, vSUI, and USDC at the cost of just 1 Token. The attacker transferred part of the funds (USDC, SOL, etc.) cross-chain to an EVM address through Sui Bridge. They deposited 10 million USD worth of assets into Suilend, and currently, 162 million USD of stolen funds have been frozen by the SUI Foundation. Cetus has fixed the vulnerability, and Slow Mist recommends that developers strictly validate the boundary conditions of mathematical functions. According to previous news, Cetus confirmed that hackers stole approximately $223 million, and $162 million of the stolen funds have been frozen.