Key Highlights
- Nemo Protocol suffers exploitation in smart contracts, losing $2.4 million in USDC stablecoins
- All vaults are safe, says the Nemo Protocol team
- The attacker has moved the stolen money across different blockchain networks via Circle from Arbitrum to Ethereum
This week took a rough start for users on the Sui blockchain network. In the unfortunate turn of events, Nemo Protocol, a yield infrastructure and native yield-trading platform on Sui, suffered a massive exploitation that allowed hackers to steal $2.4 million in USDC stablecoins.
Nemo experienced a security incident occurred last night, impacting the Market pool.
We are investigating the matter and have suspended all smart contract activity for the time being. We plan to share when more information becomes available. All Vault assets remain untouched.…
— Nemo (@nemoprotocol) September 8, 2025
According to the official statement, this cyber attack has impacted the decentralized finance (DeFi) platform’s Market pool. However, the platform assured its users that all vault assets are safe. To avoid further exploitation, the platform has temporarily suspended all smart contract activity.
“Our team, together with partners, is actively working on solutions. We need your patience and trust as we ensure Nemo returns to normal operations,” the team stated in an official post on X.
The attack was traced by a popular blockchain security firm, Peckshield. After stealing $2.4 million from the DeFi platform, the hacker then quickly moved the stolen money across different blockchain networks via Circle from Arbitrum to Ethereum, which is a very common technique to make tracking of this fund very difficult.
What is Nemo Protocol
Nemo Protocol is a popular platform on the Sui network, a blockchain known for its high speed and low costs. This platform uses a popular staking mechanism that allows users to get the best returns on their investment in the DeFi platform, known as “yield.”
Right before the attack, there were approximately $6 million locked in the protocol. After the news circulated in the community, Total Value Locked (TVL) on the protocol dropped sharply, plunging to just $1.53 million. This sharp drop shows a rapidly depleting trust in the protocol after the security failure.
How Did the Hack Happen?
While details are still coming out and are subject to further investigation, some cyber experts and security analysts are pointing out a sophisticated operation.
According to some experts, the attacker was successful in finding a hidden flaw or loophole in Nemo’s smart contracts. These are the self-executing code that runs the protocol. This loophole allowed them to withdraw large amounts of USDC stablecoin without providing the required collateral.
PeckShield’s alarms went off around 7:00 AM UTC, when the security firm flagged suspicious transactions. The thief moved in batches to avoid setting off immediate alerts.
The stolen funds were then bridged from the Arbitrum network to Ethereum using Circle’s official transfer protocol, making them much more difficult to trace and recover.
Nemo Protocol Reminds Us of the Cetus Protocol hack on Sui
In less than one year of span, the community has witnessed two similar-looking incidents. Just a few months ago, in May 2025, another major Sui-based exchange, Cetus Protocol, was hacked for over $200 million. That attack was due to a math error in its code, a so-called “arithmetic overflow bug.”
Many on social media and in analyst circles are asking if Nemo fell victim to a very similar loophole, which is a known weakness that may not have been properly fixed. Many users are slamming DEX, saying that the ecosystem may not have learned its lesson. However, it is advisable to wait till the official investigation is concluded.
Other projects built on Sui, like the lending platform Scallop, rushed to clarify that they were not directly affected.
Update Nemo Protocol Update:
According to @MMTFinance official statement:
Momentum vaults are SAFE ✅
The exploit affected Nemo’s Money Market, not Momentum’s own vaults.
However, if you invested directly in Nemo’s Market section (used for leveraged strategies), your funds… https://t.co/7kzhHcZBIs pic.twitter.com/7xbAW9ph0i
— Smart Drop Farmer (@SmartDropFarmer) September 8, 2025
MMT Finance has also released an official statement, saying “Momentum vaults are SAFE. The exploit affected Nemo’s Money Market, not Momentum’s own vaults. However, if you invested directly in Nemo’s Market section (used for leveraged strategies), your funds might be impacted. We’re still waiting for Nemo’s full report, and I’ll keep sharing updates as soon as we know more.”
As of now, the SUI price remains unaffected and shows no major downturn. At the time of writing, SUI is trading at around $3.49 with a 2.68% surge in value, according to CoinMarketCap.
