The slow fog team released an analysis of the Cetus theft incident. The attacker used the overflow of the checked_shlw function to detect defects, borrowed haSUI through lightning loans, manipulated the price and exchanged huge liquidity at the cost of only one token, making a profit of about $230 million, including SUI, vSUI, USDC and other assets. The attacker linked some funds (USDC, SOL, etc.) to the EVM address through Sui Bridge and so on. And deposited $10 million in Suilend's assets, and $162 million of stolen funds have been frozen by the SUI Foundation. Cetus has fixed the vulnerability, and Slow Fog recommends that developers strictly verify the boundary conditions of mathematical functions.