Decentralization in Question After Cetus Hack and Ledger Scam Letters
The cryptocurrency ecosystem is grappling with two major security crises that shed light on the growing concerns around decentralization and evolving attack vectors. On May 22, decentralized exchange Cetus was exploited for $223 million due to a flaw in its automated market maker (AMM) code—prompting a controversial decision by Sui network validators to freeze a majority of the stolen funds.
Meanwhile, scammers impersonating hardware wallet manufacturer Ledger have taken phishing into the physical realm, mailing fake letters via the United States Postal Service (USPS) in an attempt to extract sensitive user data.
Cetus DEX Hack Exposes Critical Vulnerabilities in Web3 Infrastructure as Debate Over Decentralization Intensifies
In a sobering reminder of the persistent vulnerabilities plaguing decentralized finance (DeFi), blockchain security firm Dedaub has published a detailed post-mortem report on the recent $223 million hack of Cetus, a decentralized exchange (DEX) operating on the Sui Network.
The attack, which unfolded over a 24-hour period on May 22, saw hackers exploit a critical flaw in Cetus’ automated market maker (AMM) code, leveraging an unchecked overflow in its liquidity parameters.
The breach not only resulted in one of the largest DeFi losses of 2025 but has also sparked a heated controversy within the crypto community over the actions taken by Sui validators to freeze a significant portion of the stolen funds, a move that many argue undermines the principles of decentralization.
Dedaub Report: A Critical Overflow in the AMM Code
According to the report released by Dedaub, the root cause of the hack was a vulnerability in the AMM’s liquidity parameter code, specifically, an ineffective ”most significant bits” (MSB) check. This flaw allowed attackers to artificially inflate their liquidity positions with just a minimal input of tokens, creating an imbalance they could exploit to drain liquidity pools.
”This allowed them to add massive liquidity positions with just one unit of token input,” Dedaub’s security researchers wrote. ”Subsequently, they were able to drain pools collectively containing hundreds of millions of dollars worth of tokens.”
The exploit represents a particularly dangerous type of overflow bug where the parameters used to validate transactions fail to properly check the size of numeric values. By manipulating these values to astronomical proportions, the attackers could bypass normal safeguards and execute transactions that effectively broke the AMM’s logic.
$223 Million Drained—But $163 Million Frozen
Within hours of the attack being discovered, Cetus and the Sui Foundation acted swiftly. Working with Sui network validators and ecosystem partners, they managed to freeze approximately $163 million of the stolen $223 million. The rapid response significantly blunted the full potential impact of the exploit, but it also set off a firestorm of debate across the crypto community.
While the freezing of assets was celebrated by some as a necessary step to mitigate user losses, it drew harsh criticism from decentralization purists who viewed it as a troubling act of censorship.
On X, several users accused the Sui validators of undermining the very ethos of blockchain technology. One user wrote, ”Sui validators are actively censoring transactions across the blockchain. This completely undermines the principles of decentralization and transforms the network into nothing more than a centralized, permissioned database.”
Others pointed to what they saw as a growing trend among VC-backed Web3 projects relying on centralized interventions while still branding themselves as decentralized. Steve Bowyer, a prominent blockchain developer, commented, ”It’s interesting how many Web3 projects backed by VCs lean heavily on centralization, despite borrowing Bitcoin’s ethos.”
The Cetus hack joins a growing list of high-profile exploits that continue to shake confidence in DeFi systems. In the past year alone, billions have been lost across bridges, DEXs, and lending platforms, often through similar overflow or unchecked math errors buried deep in smart contract code.
Industry executives and security researchers alike have stressed that unless protocols begin prioritizing robust auditing, stress testing, and formal verification, the cycle of exploit and patch will continue.
Moreover, the industry faces the looming shadow of increased regulatory oversight. Many experts argue that if projects fail to implement adequate user protections, regulators will step in to do it for them, potentially in ways that are incompatible with blockchain’s permissionless vision.
Cetus’ Path Forward and Sui’s Growing Pains
Despite the controversy, Cetus has vowed to improve its codebase and restore user trust. The team has stated that it will work with Dedaub and other third-party auditors to revamp its AMM logic and enhance overall protocol security.
Meanwhile, the Sui Foundation has defended the validators’ decision to freeze funds, framing it as an emergency measure necessary to protect the broader ecosystem. In a statement, a spokesperson emphasized that the network's flexibility allowed for swift action that ultimately saved users from greater losses.
Still, the damage—both reputational and financial—is done, and the hack stands as a defining moment for the Sui ecosystem as it balances innovation with operational maturity.
Fake Ledger Letters Mark New Era in Phishing Attacks as Crypto Scammers Go Physical
Meanwhile, the cryptocurrency industry is facing a new and unsettling evolution in phishing attacks, as scammers posing as hardware wallet maker Ledger have begun sending physical scam letters to unsuspecting users in an attempt to trick them into ”validating” their wallets or risk losing access to their funds.
The letters, delivered via the United States Postal Service (USPS), represent a significant shift in phishing tactics, adding a real-world component to an industry that has long battled digital deception.
First revealed by BitGo CEO Mike Belshe, the scam includes a QR code that allegedly redirects victims to a phishing website designed to capture their seed phrases and private keys, ultimately draining their wallets.
A copy of the scam Phishing letter (Source: Mike Belshe)
The physical phishing letter, designed to resemble official Ledger correspondence, urges users to scan a QR code to ”validate” their wallets, claiming they risk losing access if they fail to do so. But as BitGo’s Belshe and others quickly warned, this is a malicious scam attempting to take advantage of user trust in Ledger’s brand and reputation.
The fact that the letters were mailed through USPS adds an element of authenticity to the attack. Unlike email or SMS phishing, which can be filtered or flagged, postal mail bypasses digital defenses and taps into an older form of psychological manipulation: official-looking documents with urgent warnings.
At the time of writing, Ledger has not responded publicly to the latest phishing campaign, though the company has in the past dealt with related incidents, including data breaches that exposed customer information and led to phishing emails, fake websites, and malicious applications.
This most recent attack highlights the long-term fallout from Ledger’s 2020 data breach, in which over 270,000 users' personal information was leaked, including names, addresses, and phone numbers, giving scammers a years-long head start on their social engineering efforts.
Phishing Evolves: A Bigger, Bolder Threat
Phishing has long been a scourge in the cryptocurrency world, but 2025 has already seen a notable escalation. Earlier this year, $330 million in Bitcoin was stolen from a single elderly victim, according to blockchain sleuth ZackXBT, who identified two suspects involved in the elaborate social engineering heist.
This incident suggests growing professionalization of crypto crime, with scammers establishing entire call centers, hiring developers, and exploiting psychological vulnerabilities at a scale previously unseen.
Just weeks later, on May 15, Coinbase disclosed that it had been the target of a $20 million ransom attempt following a significant internal leak. According to the company, contractors working in customer service had leaked sensitive user data to threat actors, resulting in a partial breach.
The leaked data included names, physical addresses, contact information, and other non-critical account details of a small subset of users. Coinbase stated that no private keys, login credentials, or access to Coinbase Prime accounts were compromised, and that the contractors involved had been terminated.
Still, the breach drew sharp criticism from industry figures, including TechCrunch founder Michael Arrington, who warned of the potential for real-world violence against exposed users.
Decentralization in Question After Cetus Hack and Ledger Scam Letters
The cryptocurrency ecosystem is grappling with two major security crises that shed light on the growing concerns around decentralization and evolving attack vectors. On May 22, decentralized exchange Cetus was exploited for $223 million due to a flaw in its automated market maker (AMM) code—prompting a controversial decision by Sui network validators to freeze a majority of the stolen funds.
Meanwhile, scammers impersonating hardware wallet manufacturer Ledger have taken phishing into the physical realm, mailing fake letters via the United States Postal Service (USPS) in an attempt to extract sensitive user data.
Cetus DEX Hack Exposes Critical Vulnerabilities in Web3 Infrastructure as Debate Over Decentralization Intensifies
In a sobering reminder of the persistent vulnerabilities plaguing decentralized finance (DeFi), blockchain security firm Dedaub has published a detailed post-mortem report on the recent $223 million hack of Cetus, a decentralized exchange (DEX) operating on the Sui Network.
The attack, which unfolded over a 24-hour period on May 22, saw hackers exploit a critical flaw in Cetus’ automated market maker (AMM) code, leveraging an unchecked overflow in its liquidity parameters.
The breach not only resulted in one of the largest DeFi losses of 2025 but has also sparked a heated controversy within the crypto community over the actions taken by Sui validators to freeze a significant portion of the stolen funds, a move that many argue undermines the principles of decentralization.
Dedaub Report: A Critical Overflow in the AMM Code
According to the report released by Dedaub, the root cause of the hack was a vulnerability in the AMM’s liquidity parameter code, specifically, an ineffective ”most significant bits” (MSB) check. This flaw allowed attackers to artificially inflate their liquidity positions with just a minimal input of tokens, creating an imbalance they could exploit to drain liquidity pools.
”This allowed them to add massive liquidity positions with just one unit of token input,” Dedaub’s security researchers wrote. ”Subsequently, they were able to drain pools collectively containing hundreds of millions of dollars worth of tokens.”
The exploit represents a particularly dangerous type of overflow bug where the parameters used to validate transactions fail to properly check the size of numeric values. By manipulating these values to astronomical proportions, the attackers could bypass normal safeguards and execute transactions that effectively broke the AMM’s logic.
$223 Million Drained—But $163 Million Frozen
Within hours of the attack being discovered, Cetus and the Sui Foundation acted swiftly. Working with Sui network validators and ecosystem partners, they managed to freeze approximately $163 million of the stolen $223 million. The rapid response significantly blunted the full potential impact of the exploit, but it also set off a firestorm of debate across the crypto community.
While the freezing of assets was celebrated by some as a necessary step to mitigate user losses, it drew harsh criticism from decentralization purists who viewed it as a troubling act of censorship.
On X, several users accused the Sui validators of undermining the very ethos of blockchain technology. One user wrote, ”Sui validators are actively censoring transactions across the blockchain. This completely undermines the principles of decentralization and transforms the network into nothing more than a centralized, permissioned database.”
Others pointed to what they saw as a growing trend among VC-backed Web3 projects relying on centralized interventions while still branding themselves as decentralized. Steve Bowyer, a prominent blockchain developer, commented, ”It’s interesting how many Web3 projects backed by VCs lean heavily on centralization, despite borrowing Bitcoin’s ethos.”
The Cetus hack joins a growing list of high-profile exploits that continue to shake confidence in DeFi systems. In the past year alone, billions have been lost across bridges, DEXs, and lending platforms, often through similar overflow or unchecked math errors buried deep in smart contract code.
Industry executives and security researchers alike have stressed that unless protocols begin prioritizing robust auditing, stress testing, and formal verification, the cycle of exploit and patch will continue.
Moreover, the industry faces the looming shadow of increased regulatory oversight. Many experts argue that if projects fail to implement adequate user protections, regulators will step in to do it for them, potentially in ways that are incompatible with blockchain’s permissionless vision.
Cetus’ Path Forward and Sui’s Growing Pains
Despite the controversy, Cetus has vowed to improve its codebase and restore user trust. The team has stated that it will work with Dedaub and other third-party auditors to revamp its AMM logic and enhance overall protocol security.
Meanwhile, the Sui Foundation has defended the validators’ decision to freeze funds, framing it as an emergency measure necessary to protect the broader ecosystem. In a statement, a spokesperson emphasized that the network's flexibility allowed for swift action that ultimately saved users from greater losses.
Still, the damage—both reputational and financial—is done, and the hack stands as a defining moment for the Sui ecosystem as it balances innovation with operational maturity.
Fake Ledger Letters Mark New Era in Phishing Attacks as Crypto Scammers Go Physical
Meanwhile, the cryptocurrency industry is facing a new and unsettling evolution in phishing attacks, as scammers posing as hardware wallet maker Ledger have begun sending physical scam letters to unsuspecting users in an attempt to trick them into ”validating” their wallets or risk losing access to their funds.
The letters, delivered via the United States Postal Service (USPS), represent a significant shift in phishing tactics, adding a real-world component to an industry that has long battled digital deception.
First revealed by BitGo CEO Mike Belshe, the scam includes a QR code that allegedly redirects victims to a phishing website designed to capture their seed phrases and private keys, ultimately draining their wallets.
A copy of the scam Phishing letter (Source: Mike Belshe)
The physical phishing letter, designed to resemble official Ledger correspondence, urges users to scan a QR code to ”validate” their wallets, claiming they risk losing access if they fail to do so. But as BitGo’s Belshe and others quickly warned, this is a malicious scam attempting to take advantage of user trust in Ledger’s brand and reputation.
The fact that the letters were mailed through USPS adds an element of authenticity to the attack. Unlike email or SMS phishing, which can be filtered or flagged, postal mail bypasses digital defenses and taps into an older form of psychological manipulation: official-looking documents with urgent warnings.
At the time of writing, Ledger has not responded publicly to the latest phishing campaign, though the company has in the past dealt with related incidents, including data breaches that exposed customer information and led to phishing emails, fake websites, and malicious applications.
This most recent attack highlights the long-term fallout from Ledger’s 2020 data breach, in which over 270,000 users' personal information was leaked, including names, addresses, and phone numbers, giving scammers a years-long head start on their social engineering efforts.
Phishing Evolves: A Bigger, Bolder Threat
Phishing has long been a scourge in the cryptocurrency world, but 2025 has already seen a notable escalation. Earlier this year, $330 million in Bitcoin was stolen from a single elderly victim, according to blockchain sleuth ZackXBT, who identified two suspects involved in the elaborate social engineering heist.
This incident suggests growing professionalization of crypto crime, with scammers establishing entire call centers, hiring developers, and exploiting psychological vulnerabilities at a scale previously unseen.
Just weeks later, on May 15, Coinbase disclosed that it had been the target of a $20 million ransom attempt following a significant internal leak. According to the company, contractors working in customer service had leaked sensitive user data to threat actors, resulting in a partial breach.
The leaked data included names, physical addresses, contact information, and other non-critical account details of a small subset of users. Coinbase stated that no private keys, login credentials, or access to Coinbase Prime accounts were compromised, and that the contractors involved had been terminated.
Still, the breach drew sharp criticism from industry figures, including TechCrunch founder Michael Arrington, who warned of the potential for real-world violence against exposed users.