{"id":10095,"date":"2025-09-08T12:28:06","date_gmt":"2025-09-08T12:28:06","guid":{"rendered":"https:\/\/bitunikey.com\/news\/sui-based-nemo-protocol-exploited-for-2-4m\/"},"modified":"2025-09-08T12:28:13","modified_gmt":"2025-09-08T12:28:13","slug":"sui-based-nemo-protocol-exploited-for-2-4m","status":"publish","type":"post","link":"https:\/\/bitunikey.com\/news\/sui-based-nemo-protocol-exploited-for-2-4m\/","title":{"rendered":"Sui-based Nemo Protocol exploited for $2.4m"},"content":{"rendered":"<p><\/p>\n<div class=\"post-detail__content blocks\">\n<p>Nemo Protocol, a DeFi yield platform built on the Sui blockchain, has been hit by an exploit that drained millions in stablecoins.\u00a0<\/p>\n<div id=\"cn-block-summary-block_42e1819175e54ea0168a6cf7b3e69326\" class=\"cn-block-summary\">\n<div class=\"cn-block-summary__nav tabs\">\n        <span class=\"tabs__item is-selected\">Summary<\/span>\n    <\/div>\n<div class=\"cn-block-summary__content\">\n<ul class=\"wp-block-list\">\n<li>Nemo Protocol was exploited for $2.4 million, resulting in its TVL plunging from over $6 million to about $1.5 million.<\/li>\n<li>Cetus Protocol on Sui was similarly hacked in May, with $162M frozen on-chain and $60M bridged out, marking another major exploit on the network this year.<\/li>\n<li>DeFi hacks have surged in 2025, with $2.37 billion lost in the first half of the year.<\/li>\n<\/ul><\/div>\n<\/div>\n<p><!-- .cn-block-summary --><\/p>\n<p>PeckShieldAlert first flagged the breach on September 8, <a rel=\"nofollow\" target=\"_blank\" rel=\"nofollow\" href=\"https:\/\/x.com\/peckshieldalert\/status\/1964936862566592938?s=46\">posting on X<\/a> that roughly $2.4 million in USDC had been stolen from Nemo. The attacker quickly bridged the stolen funds from Arbitrum to Ethereum, according to the blockchain security firm\u2019s analysis.\u00a0<\/p>\n<p>Nemo confirmed the attack in a tweet shortly after, adding that an investigation is underway to determine the cause of the breach. The protocol also suspended all smart contract activity in the meantime.<\/p>\n<figure class=\"wp-block-embed is-type-rich is-provider-twitter wp-block-embed-twitter\">\n<div class=\"wp-block-embed__wrapper\">\n<blockquote class=\"twitter-tweet\" data-width=\"550\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">Nemo experienced a security incident occurred last night, impacting the Market pool.<\/p>\n<p>We are investigating the matter and have suspended all smart contract activity for the time being. We plan to share when more information becomes available. All Vault assets remain untouched.\u2026<\/p>\n<p>\u2014 Nemo (@nemoprotocol) <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/twitter.com\/nemoprotocol\/status\/1964996522052911603?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"nofollow\">September 8, 2025<\/a><\/p><\/blockquote>\n<\/div>\n<\/figure>\n<p>The fallout was immediate. <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/defillama.com\/protocol\/nemo-yield-trading\" target=\"_blank\" rel=\"nofollow\">Data<\/a> from DeFiLlama shows that Nemo\u2019s total value locked (TVL) plunged to about $1.53 million, down sharply from more than $6 million before the attack. The exploit targeted the protocol\u2019s yield-trading system, which allows users to split staked assets into Principal Tokens (PTs) and Yield Tokens (YTs) in order to speculate on future returns.<\/p>\n<p>Questions have arisen around the exact cause of the breach, and the scale of the losses has already rattled the protocol\u2019s community.<\/p>\n<p>    <!-- .cn-block-related-link --><\/p>\n<p>The attack gives fresh urgency to broader concerns around security on Sui, coming just months after another major protocol, Cetus, was similarly compromised.<\/p>\n<h2 class=\"wp-block-heading\">Nemo hack marks second major exploit on Sui in 2025<\/h2>\n<p>Just months before the Nemo hack, another major incident rocked the Sui blockchain. On May 22, Cetus Protocol, a leading decentralized exchange and liquidity provider, was exploited for $223 million. The attacker exploited an arithmetic overflow vulnerability in a third-party math library, draining funds in under 15 minutes.<\/p>\n<p>Sui validators and ecosystem partners quickly froze about $162 million of the stolen assets on-chain, and $60 million was bridged out to Ethereum. Cetus suspended its smart contracts and initiated a recovery plan that included a $6 million bounty, as well as talks of a \u201cwhitehat settlement\u201d offering the attacker amnesty if remaining funds were returned.<\/p>\n<p>These high-profile breaches are part of a broader surge in DeFi-targeted attacks throughout 2025. According to <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/www.slowmist.com\/report\/SlowMist-first-half-of-the-2025-report(EN).pdf\" target=\"_blank\" rel=\"nofollow\">SlowMist\u2019s mid-year report<\/a>, the blockchain industry suffered over $2.37 billion in losses from 121 security incidents in the first half of the year, with DeFi accounting for 76% of those incidents, though centralized exchanges suffered larger dollar losses overall.<\/p>\n<p>A separate analysis from <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/hacken.io\/insights\/h1-2025-security-report\/\" target=\"_blank\" rel=\"nofollow\">Hacken\u2019s 2025 mid-year security report<\/a> puts total crypto industry losses at over $3.1 billion in the first six months. Access control failures like misconfigured wallets and legacy keys accounted for 59% of those losses, while DeFi-specific smart-contract vulnerabilities like the Cetus bug made up $263 million, or about 8%.<\/p>\n<p>Hackers continue to zero in on DeFi protocols across multiple chains, and the Sui ecosystem is no exception. With two major exploits already this year in Cetus and Nemo, it remains to be seen whether new security measures can keep pace with the rising sophistication of attacks.<\/p>\n<p>    <!-- .cn-block-related-link --><\/p><\/div>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Nemo Protocol, a DeFi yield platform built on the Sui blockchain, has been hit by an exploit that drained millions in stablecoins.\u00a0 Summary Nemo Protocol was exploited for $2.4 million,&hellip;<\/p>\n","protected":false},"author":1,"featured_media":10096,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-10095","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cryptocurrency"],"_links":{"self":[{"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/posts\/10095","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/comments?post=10095"}],"version-history":[{"count":1,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/posts\/10095\/revisions"}],"predecessor-version":[{"id":10097,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/posts\/10095\/revisions\/10097"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/media\/10096"}],"wp:attachment":[{"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/media?parent=10095"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/categories?post=10095"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/tags?post=10095"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}