TL;DR
Nemo Protocol has initiated a recovery program following a $2.6 million exploit that crippled its Sui-based DeFi platform on September 7. The initiative centers on NEOM debt tokens, issued 1:1 for each dollar lost, enabling affected users to reclaim value while migrating assets to newly secured contracts. The breach, traced to a rogue developer, exposed deep flaws in Nemo’s audit and deployment processes.
Official Update:
Following the September 8 security incident, Nemo Protocol has finalized a comprehensive compensation plan. We remain committed to transparency and accountability.
We are deeply grateful to our community and partners for their trust and support, and we will… pic.twitter.com/OWDIG5PSyA
— Nemo (@nemoprotocol) September 15, 2025
The attack stemmed from unauthorized code deployed via single-signature approval, bypassing Nemo’s internal review. Vulnerabilities included flash loan functions exposed as public and query functions capable of unauthorized state changes. The developer had submitted unaudited features to MoveBit in January 2025, blending them with previously reviewed fixes. Final audits were based on incomplete data, as the deployed contract version differed from the approved hash.
Nemo’s total value locked plummeted from $6.3 million to $1.57 million as users withdrew over $3.8 million in USDC and SUI. The exploit began at 16:00 UTC and was detected thirty minutes later when YT yields surged 30x. The developer, inspired by Aave and Uniswap, underestimated the risks of composability. Read-only functions with write capabilities became the breach’s primary vector. The incident coincided with other major attacks, including SwissBorg’s $41.5 million SOL hack and the Yala stablecoin depeg.
Nemo’s three-step recovery begins with asset migration to multi-audited contracts via one-click actions. Users receive NEOM tokens pegged to pre-hack USD losses. A redemption waterfall model will fund NEOM claims, prioritizing recovered hacker assets, followed by external capital injections like liquidity loans and strategic investments. Immediate AMM liquidity pools on major Sui DEXs offer market-based exit paths, with NEOM/USDC trading reflecting recovery expectations.
The Nemo hack adds to 2025’s DeFi security crisis, with $2.37 billion lost across 121 incidents in H1 alone. September has proven especially destructive, marked by npm supply chain attacks and the Yala stablecoin crash to $0.2074. The YU attacker minted 120 million tokens on Polygon, selling 7.71 million for 7.7 million USDC. Nemo’s stolen assets were laundered via Wormhole CCTP and aggregated on Ethereum. Emergency audits and exchange coordination are underway.
Also read: Ethereum Nears $5,000 Driven By ETFs and Staking Demand – Is Pepenode Next?
