TL;DR
- Exploit Origin: A rogue developer bypassed audits and deployed vulnerable smart contracts using single-signature approval, exposing flash loan and query functions that enabled a $2.6M exploit.
- Recovery Plan: Nemo launched NEOM debt tokens pegged 1:1 to USD losses, alongside secure asset migration and a multi-tiered redemption model backed by recovered funds and external capital.
- DeFi Crisis: The hack adds to 2025’s $2.37B DeFi losses, with September marked by SwissBorg’s $41.5M breach, npm supply chain attacks, and the Yala stablecoin crash to $0.2074.
Nemo Protocol has initiated a recovery program following a $2.6 million exploit that crippled its Sui-based DeFi platform on September 7. The initiative centers on NEOM debt tokens, issued 1:1 for each dollar lost, enabling affected users to reclaim value while migrating assets to newly secured contracts. The breach, traced to a rogue developer, exposed deep flaws in Nemo’s audit and deployment processes.
Official Update:
Following the September 8 security incident, Nemo Protocol has finalized a comprehensive compensation plan. We remain committed to transparency and accountability.
We are deeply grateful to our community and partners for their trust and support, and we will… pic.twitter.com/OWDIG5PSyA
— Nemo (@nemoprotocol) September 15, 2025
Rogue Developer and Exploit Mechanics
The attack stemmed from unauthorized code deployed via single-signature approval, bypassing Nemo’s internal review. Vulnerabilities included flash loan functions exposed as public and query functions capable of unauthorized state changes. The developer had submitted unaudited features to MoveBit in January 2025, blending them with previously reviewed fixes. Final audits were based on incomplete data, as the deployed contract version differed from the approved hash.
Collapse and Detection
Nemo’s total value locked plummeted from $6.3 million to $1.57 million as users withdrew over $3.8 million in USDC and SUI. The exploit began at 16:00 UTC and was detected thirty minutes later when YT yields surged 30x. The developer, inspired by Aave and Uniswap, underestimated the risks of composability. Read-only functions with write capabilities became the breach’s primary vector. The incident coincided with other major attacks, including SwissBorg’s $41.5 million SOL hack and the Yala stablecoin depeg.
Recovery and NEOM Token Mechanics
Nemo’s three-step recovery begins with asset migration to multi-audited contracts via one-click actions. Users receive NEOM tokens pegged to pre-hack USD losses. A redemption waterfall model will fund NEOM claims, prioritizing recovered hacker assets, followed by external capital injections like liquidity loans and strategic investments. Immediate AMM liquidity pools on major Sui DEXs offer market-based exit paths, with NEOM/USDC trading reflecting recovery expectations.
Broader DeFi Security Crisis
The Nemo hack adds to 2025’s DeFi security crisis, with $2.37 billion lost across 121 incidents in H1 alone. September has proven especially destructive, marked by npm supply chain attacks and the Yala stablecoin crash to $0.2074. The YU attacker minted 120 million tokens on Polygon, selling 7.71 million for 7.7 million USDC. Nemo’s stolen assets were laundered via Wormhole CCTP and aggregated on Ethereum. Emergency audits and exchange coordination are underway.
