Sui-Based Nemo Protocol Exploited for $2.4M: DeFi Security Under Scrutiny

Another day, another DeFi exploit—this time hitting Sui's emerging ecosystem.

Nemo Protocol gets drained of $2.4 million in a sophisticated attack, raising fresh concerns about smart contract security even on newer blockchains.

How It Went Down

Attackers exploited a vulnerability in Nemo's liquidity mechanisms, bypassing security checks to siphon funds. The protocol's team confirmed the incident and paused all contracts—standard procedure that always comes just a bit too late.

The Aftermath

Users left scrambling while the team promises a post-mortem and reimbursement plan. Because nothing says 'trustless' like hoping the developers make you whole after a breach.

DeFi's innovation races ahead—while security practices still jog casually behind. Maybe save the 'we're bankless' boasts until you're actually breach-proof.

Nemo hack marks second major exploit on Sui in 2025

Just months before the Nemo hack, another major incident rocked the SUI blockchain. On May 22, Cetus Protocol, a leading decentralized exchange and liquidity provider, was exploited for $223 million. The attacker exploited an arithmetic overflow vulnerability in a third-party math library, draining funds in under 15 minutes.

Sui validators and ecosystem partners quickly froze about $162 million of the stolen assets on-chain, and $60 million was bridged out to Ethereum. Cetus suspended its smart contracts and initiated a recovery plan that included a $6 million bounty, as well as talks of a “whitehat settlement” offering the attacker amnesty if remaining funds were returned.

These high-profile breaches are part of a broader surge in DeFi-targeted attacks throughout 2025. According to SlowMist’s mid-year report, the blockchain industry suffered over $2.37 billion in losses from 121 security incidents in the first half of the year, with DeFi accounting for 76% of those incidents, though centralized exchanges suffered larger dollar losses overall.

A separate analysis from Hacken’s 2025 mid-year security report puts total crypto industry losses at over $3.1 billion in the first six months. Access control failures like misconfigured wallets and legacy keys accounted for 59% of those losses, while DeFi-specific smart-contract vulnerabilities like the Cetus bug made up $263 million, or about 8%.

Hackers continue to zero in on DeFi protocols across multiple chains, and the Sui ecosystem is no exception. With two major exploits already this year in Cetus and Nemo, it remains to be seen whether new security measures can keep pace with the rising sophistication of attacks.