Sui-based DeFi platform Nemo Protocol said its $2.6 million exploit earlier this month resulted from two vulnerabilities that were introduced into the code by a developer and deployed without proper audits.
In a post-mortem report published late Wednesday night, Nemo explained that the Sept. 7 attack was caused by two issues: an internal flash loan function that was mistakenly exposed to the public, and a flaw in a query function that allowed unauthorized state changes within the contract.
According to the report, the vulnerabilities date back to January of this year. After receiving the initial audit report from blockchain security firm MoveBit, one Nemo developer introduced these new, unaudited features into the codebase. The version of the contract containing this code was then deployed to the mainnet.
“The governance root cause was the protocol’s reliance on a single-signature address for upgrades, which failed to prevent the deployment of code that had not undergone rigorous scrutiny,” the report said, adding that the team failed to act on a warning from the Asymptotic security team in August regarding a separate but related vulnerability.
The attacker used the combination of the flash loan and the state-modifying query function to manipulate the internal state of the contract, draining “substantial” assets from the SY/PT liquidity pool. The stolen funds were moved from the Sui network to Ethereum via Wormhole CCTP, with the majority of the assets currently remaining in a single address.
Nemo Protocol said it has since paused its core functions, patched the vulnerabilities, and submitted the updated code for an emergency audit. The team is collaborating with security teams on Sui to trace the funds and is developing a compensation plan for affected users.
“Despite multiple audits and safeguards, we acknowledge that we allowed ourselves to rely too heavily on past assurances, rather than maintaining uncompromising scrutiny at every step,” Nemo said in the report.
Nemo Protocol is a yield infrastructure and native yield-trading platform built on Sui, designed to improve DeFi interactions. It focuses on yield tokenization, enabling users to trade, hedge, or leverage yields more efficiently.
© 2025 The Block. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.
Trade Crypto On Coinhub Exchange
Trade Crypto On Coinhub Exchange
Stay ahead of the market by turning news insights into trading opportunities. With Coinhub Exchange, you can seamlessly buy, sell, and manage your digital assets, all in one secure platform. Take advantage of real-time market insights, deep liquidity, and fast execution for your favorite cryptocurrencies. Don’t just read about it — trade crypto now!
Disclaimer
The content of this article shown by Coinhub News, powered by The Block, is for informational purposes only and should not be construed as financial, legal, tax, or investment advice. Coinhub News and its affiliates are not a licensed financial advisor, legal advisor, broker, or tax advisor, and ... should not be considered as professional advice or a recommendation to engage in any specific investment, legal decision, or financial transaction. Cryptocurrency markets are highly speculative and volatile. Readers should perform their own independent research and consult with a qualified professional before making any financial or legal decisions. The opinions expressed in this article are those of the author and do not necessarily represent the views or opinions of the Company of its affiliates. Additionally, the Company does not make any representations or warranties regarding the accuracy, timeliness, reliability, or completeness of any information in this article. By accessing this content, you acknowledge that any reliance on the information contained in this article is solely at your own risk. The Company is not responsible for any financial losses, legal disputes, or other damages that may arise from reliance on this content or from any investment or legal decisions based on the information provided. Investing in cryptocurrencies involves substantial risks, including the risk of losing your entire investment, and you should carefully consider whether it is appropriate for your circumstances.
Read more
