Typus Finance’s Unaudited Contract Loses $3M, Third Sui Exploit in 2025
Typus Finance, a decentralized exchange on the Sui Network, experienced a significant exploit on October 15, losing over $3 million. This event marks the third major exploit on the Sui DeFi ecosystem in 2025, following similar incidents with Cetus Protocol and Nemo Protocol earlier this year.
- The exploit involved an unaudited TLP contract and oracle vulnerability due to missing authority checks.
- The attacker drained approximately $3.44 million in various tokens, including SUI, USDC, xBTC, and suiETH.
- Funds in SAFU and DeFi Options Vaults remain secure.
- Typus Finance received support from the Sui Foundation, Mysten Labs, and others for asset recovery efforts.
Previous Exploits on Sui Network
- Cetus Protocol suffered a $220 million hack in May 2025. A controversial governance vote allowed funds recovery by breaking cryptographic security.
- Nemo Protocol was exploited for $2.4 million in USDC in September 2025.
Critics blame Typus for negligence due to inadequate auditing and reliance on an unproven oracle system instead of established solutions like Chainlink.
These incidents add uncertainty to a market already affected by recent massive liquidations, totaling $19 billion, and further $540 million amid Mt. Gox repayment concerns.