- Trending
- Comments
- Latest
Nemo Protocol launched a NEOM debt token recovery program after the Nemo protocol exploit on September 7 devastated the Sui based DeFi platform and wiped out roughly $2.6 million in user funds. In the immediate aftermath of the Nemo protocol exploit, the team announced a 1:1 USD-pegged NEOM token that victims can claim as the protocol migrates remaining assets into audited contracts.
Following the Nemo protocol exploit, Nemo will issue one NEOM token for every dollar lost allowing affected users to either hold a proportional claim on future recovery flows or trade NEOM on established Sui DEX liquidity pools set up by the protocol.
The breach attributed to a rogue developer who deployed unaudited code via a single-signature address exposed flash loan functions and query routines with write permissions enabling attackers to drain assets while TVL fell from $6.3 million to $1.57 million as users withdrew more than $3.8 million in USDC and SUI.
Investigators say the Nemo protocol exploit began when an unnamed developer mixed previously audited fixes with new unaudited features and submitted that code to MoveBit auditors without highlighting the additions.
MoveBit’s final audit report was issued without awareness of the unauthorized smart contract versions actually deployed (contract version 0xcf34 via single sig address 0xf55c) enabling the attacker to leverage functions that should have been read only to change contract state. Asymptotic had flagged a critical C 2 vulnerability in August but the developer reportedly downplayed the severity and failed to apply recommended fixes.
Execution of the Nemo protocol exploit started at 16:00 UTC on September 7; attackers exploited flash-loan composability and query functions with unintended write capabilities. Detection came roughly thirty minutes later when abnormal on chain yield indicators (over 30× returns on certain YT positions) signaled a compromise.
Stolen funds approximately $2.59 million were laundered through Wormhole and CCTP bridges before aggregation on Ethereum prompting monitoring and takedown coordination with centralized exchanges.
The Nemo protocol exploit recovery plan is a three step program that begins with a one click migration of residual assets to multi audited contracts and immediate issuance of NEOM debt tokens using pre hack snapshots to calculate USD losses.
Nemo intends to back NEOM value first with any recovered hacker funds then with external capital injections such as liquidity loans and strategic investments and finally via a tiered redemption waterfall that allocates recovered value proportionally to NEOM holders.
To provide market liquidity and optional exits Nemo established deep AMM pools on major Sui DEXs and launched a NEOM/USDC trading pair so holders can price recovery expectations in the open market. Those prioritizing immediate liquidity can sell NEOM on those AMMs; users focused on long-term recovery can keep NEOM as a claim on the protocol’s redemption waterfall.
The Nemo protocol exploit occurred amid one of crypto’s worst security stretches in 2025: the same period saw SwissBorg’s $41.5 million SOL compromise and a depeg attack on the Yala stablecoin (YU) which briefly fell to $0.2074 before recovering. September’s cluster of incidents plus earlier npm supply chain disruptions helped push 2025’s first half DeFi losses to more than $2.37 billion across 121 incidents.
Security teams working on the Nemo protocol exploit response have implemented emergency incremental audits with Asymptotic are scheduling additional independent reviews and established address monitoring while coordinating with exchanges about potential freezing of attacker proceeds.
The incident has reinvigorated calls within the Sui and broader DeFi communities for stricter deployment controls, multi sig enforcement and more transparent audit signal tracking.
Market and community reactions to the Nemo protocol exploit will determine whether NEOM becomes a liquid market priced instrument for recovery or a longer term IOU backed primarily by recovered assets and external support.
Regulators, auditors and users will be watching redemption progress, hacker fund recoveries and the outcome of pending forensic tracing. Meanwhile, community discussions around the Nemo protocol exploit emphasize governance changes improved internal controls, and better audit to deployment linking as essential steps to prevent a repeat.
