Alex Horlan, CTO of web3 security firm HackenProof, explained that the attacker likely used a near-zero liquidity injection to manipulate the pools’ internal state. This allowed them to extract valuable SUI and USDC tokens without contributing real assets.

Quote

Sources

Sui-based Cetus Protocol suspends operations following $223 million oracle exploit