NEMO Protocol, a Defi yield platform built on the Sui Blockchain, was hit by an exploit that millions have emptied in Stablecoins.
Summary
- NEMO Protocol was operated for $ 2.4 million, which resulted in his TVL that dropped from more than $ 6 million to around $ 1.5 million.
- Cetus protocol in Sui was hacked in the same way in May, bridged with $ 162 million frozen on-chain and $ 60 million, which still marked a large exploit on the network this year.
- Defi -hacks rose in 2025, with $ 2.37 billion lost in the first half of the year.
Peckshieldalert first marked the infringement on 8 September, Post on X That around $ 2.4 million in USDC was stolen from Nemo. The attacker quickly bridged the stolen funds from arbitrum to Ethereum, according to the analysis of the blockchain security firm.
Nemo confirmed the attack in a tweet shortly thereafter, adding that an investigation is underway to determine the cause of the infringement. In the meantime, the protocol has also suspended all smart contract activity.
The fallout was immediately. Facts From Defillama shows that the total value of Nemo locked (TVL) fell to around $ 1.53 million, strongly of more than $ 6 million for the attack. The exploit focused on the efficiency system of the protocol, with which users can split out -out assets into most important tokens (PTs) and to deliver tokens (YTS) to speculate about future returns.
Questions have arisen about the exact cause of the infringement and the scale of losses has already rattled the community of the protocol.
The attack gives new urgency to wider care about SUI, which was affected in the same way only a few months after another important protocol, CETUS, was affected.
Nemo Hack Marks Marks Second Major Exploit On Sui in 2025
Only a few months before the Nemo Hack did another major incident fluctuated the Sui Blockchain. On May 22, Cetus Protocol, a leading decentralized exchange and liquidity provider, became operated for $ 223 million. The attacker operated an arithmetic flood vulnerability in a third -party math library, as a result of which funds are draining in less than 15 minutes.
Sui-Validators and ecosystem partners quickly freeze around $ 162 million of the stolen assets in the chain, and $ 60 million was bridged to Ethereum. CETUS has suspended his smart contracts and started a recovery plan that included a premium of $ 6 million, as well as discussions about a “Whitehat Settlement” that the attacker Amnesty offered when the remaining funds were returned.
These controversial infringements are part of a wider increase in defi-oriented attacks in 2025. Slowmist’s Middle Year ReportThe blockchain industry suffered more than $ 2.37 billion in losses of 121 security incidents in the first half of the year, with Defi accounting for 76% of those incidents, although centralized exchanges generally losing larger dollars.
A separate analysis of Hacken’s 2025 Midden-Year Security Report Brings the total losses in the crypto industry in the first six months more than $ 3.1 billion. Access control errors such as incorrectly configured portfolios and old tests accounted for 59% of those losses, while Defi-specific Smart contract vulnerabilities such as the CETUS bug $ 263 million or about 8% were.
Hackers remain zero on Defi protocols in multiple chains and the SUI ecosystem is no exception. With two large exploits already in Cetus and Nemo this year, it is still to be seen whether new security measures can keep pace with the increasing refinement of attacks.
