Overview of the Cetus Protocol Vulnerability
In the wake of the announced vulnerability in the Cetus protocol, which posed a potential risk of $2.23 billion, Turbos Finance, a prominent decentralized exchange (DEX) within the Sui ecosystem, reassured its users by releasing a detailed analysis of the incident.
Incident Details
On May 22, 2025, at 11:34 AM UTC,
Cetus reported the exploit, prompting immediate concern about the potential ripple effects across related platforms.
Response from Turbos Finance
Turbos Finance emphasized that its operations remained unaffected and proceeded without disruption in the aftermath of the exploit’s revelation. The DEX is built on a distinct and secure codebase that is independent from any protocols derived from Cetus, ensuring resilience against such vulnerabilities.
To address any potential risks, the Turbos team initiated a thorough internal security review. Their investigation revealed that while the function associated with the Cetus exploit—referred to as checked_shlw—was present in their codebase, it had never been activated or used, confirming no active vulnerabilities within Turbos.
Engagement with Security Firms
By 12:30 PM UTC, a mere hour after Cetus’s warning, Turbos Finance had proactively engaged the Mysten security team, in addition to well-respected external firms including OtterSec, MoveBit, and CertiK. These independent audits reaffirmed the platform’s stability and that the issues associated with the Cetus exploit did not pose a threat to Turbos’ operations.
Commitment to Security
While several other decentralized exchanges within the Sui network halted their services in response to the exploit by 1:00 PM UTC, Turbos Finance’s rigorous security protocols allowed it to maintain continuous on-chain transactions, demonstrating the project’s commitment to security and reliability during a tumultuous time for the ecosystem.
