Nemo Protocol explained the reasons for the $2,6 million hack
The project team fixed the vulnerabilities and sent the updated code for an emergency audit
11.09.2025 - 09:00
371
3 min
0
Key points:
- Nemo Protocol reported two vulnerabilities that were introduced into the code base without being checked by the developer.
- The team is working with Sui’s security departments and developing a compensation plan for those affected.
- The damage from the exploit amounted to $2,6 million.
The Sui-based DeFi platform Nemo Protocol said that the $2,6 million exploit was the result of two vulnerabilities introduced into the code base without proper review by the developer.
In its report, Nemo explained that the September 7 attack was caused by two issues: an internal flash loan function that was mistakenly made public, and an error in the query function that allowed unauthorized changes to the contract state.
Overview of the largest NPM attack in history: what it is and how it relates to crypto
Malicious code was embedded in specialized packages for developers that are used to create global Internet infrastructure
According to analysts, the vulnerabilities appeared as early as January 2025. Following an audit by MoveBit, which specializes in blockchain security, one of Nemo’s developers added new features to the code base without verification. The version of the contract containing this code was then deployed to the mainnet. The experts added:
“The governance root cause was the protocol’s reliance on a single-signature address for upgrades, which failed to prevent the deployment of code that had not undergone rigorous scrutiny.”
The development team did not respond to a warning from the Asymptotic security team received in August regarding another, but related vulnerability.
How did the hackers operate?
The attacker used a combination of flash loan and state-modifying query functions to manipulate the internal state of the contract, removing assets from the SY/PT liquidity pool. The stolen funds were transferred from the Sui network to Ethereum via Wormhole CCTP, with most of the assets currently stored at a single address.
Nemo Protocol has suspended its core functions, fixed the vulnerabilities, and sent the updated code for an emergency audit. The team is working with Sui security services to track the assets and is preparing a compensation plan for affected users.
Nemo Protocol is a Sui-based yield and trading platform. It focuses on tokenizing yields, allowing users to trade, hedge, or leverage yields more effectively.
Useful material?
Telegram 
Twitter Incidents
Developers warned of potential risks to bridges across the ecosystem and asked exchanges for assistance.
Jun 22, 2026
Incidents
The defendant helped move funds stolen through investment scams and earned at least $4 million for his role in the operation.
Jun 10, 2026
Incidents
The company is linking the incident to a compromised private key on a service wallet, rather than a smart contract exploit
May 22, 2026
Incidents
Following the incident, the project temporarily halted trading operations and node activity.
May 15, 2026
Incidents
The user spent weeks unsuccessfully trying to guess the password until Claude helped find an old wallet backup file
May 14, 2026
Crypto regulations
Authorities are introducing mandatory registration for companies handling cross-border crypto transactions
May 8, 2026
Cryptocurrency rates
-
Bitcoin
$62 173
BTC
-4.48%
-
Ethereum
$2 551.16
ETH
+3.56%
-
BNB Smart Chain
$579.4
BSC
+1.23%
-
Ripple
$1.1
XRP
-4.26%
-
TRON
$0.160134
TRX
-1.59%
-
Dogecoin
$0.079353
DOGE
-6.05%
-
Zcash
$422.96
ZEC
-7.94%
-
Stellar XLM
$0.192642
XLM
-10.53%
-
Cardano
$0.151154
ADA
-6.6%
-
Polkadot
$3.32
DOT
+5.27%