Nemo Protocol Issues NEOM Debt Tokens to Compensate $2.6M Exploit Victims

Nemo Protocol launched its NEOM debt token program to compensate victims of a $2.6 million exploit that devastated the Sui-based DeFi platform on September 7.

The protocol will concern one NEOM token for each greenback misplaced, permitting customers to declare debt tokens whereas migrating remaining property to safe multi-audited contracts.

The hack originated from a rogue developer who secretly deployed unaudited code containing essential vulnerabilities, bypassing inner overview processes by means of single-signature deployment.

The attacker exploited flash mortgage features incorrectly uncovered as public and question features that might modify contract state with out authorization.

Nemo’s whole worth locked collapsed from $6.3 million to $1.57 million as customers withdrew over $3.8 million price of USDC and SUI tokens following the breach.

The exploit occurred throughout considered one of crypto’s worst safety days in 2025, coinciding with SwissBorg’s $41.5 million SOL hack and the Yala stablecoin depeg assault.

Official Update:

Following the September 8 safety incident, Nemo Protocol has finalized a complete compensation plan. We stay dedicated to transparency and accountability.

We are deeply grateful to our group and companions for his or her belief and assist, and we’ll… pic.twitter.com/OWDIG5PSyA

— Nemo (@nemoprotocol) September 15, 2025

Rogue Developer’s Secret Code Deployment Triggers Security Catastrophe

The autopsy investigation revealed systematic safety failures courting to January 2025 when the unnamed developer submitted code containing unaudited options to MoveBit auditors.

The developer failed to spotlight new additions whereas mixing beforehand audited fixes with unreviewed performance, making a compromised basis.

MoveBit issued its closing audit report based mostly on incomplete data, because the developer used unauthorized sensible contract variations.

The crew deployed contract model 0xcf34 utilizing a single-signature deal with 0xf55c, relatively than audit-confirmed hashes, thereby circumventing established overview protocols totally.

Asymptotic crew recognized the essential C-2 vulnerability in August, warning that features may modify code with out permission.

The developer dismissed severity issues and failed to implement needed fixes regardless of accessible assist from safety companions.

Attack execution started at 16:00 UTC on September 7 with hackers leveraging the flash mortgage perform and a recognized question vulnerability.

Detection occurred thirty minutes later when YT yields displayed over 30x returns, indicating system compromise.

@nemoprotocol blames $2.6M exploit on rogue developer who deployed unaudited code with flash mortgage vulnerabilities, bypassing critiques.#Sui #Crypto #hackhttps://t.co/lZctUh16tY

— Cryptonews.com (@cryptonews) September 11, 2025

The developer drew inspiration from Aave and Uniswap protocols to maximize composability by means of flash mortgage capabilities, however critically underestimated safety dangers.

Functions designed for read-only functions contained write capabilities, creating the first assault vector that enabled the devastating breach.

NEOM Recovery Program Offers Market-Based Exit Strategy

The three-step restoration program begins with asset migration, permitting customers to switch residual worth from compromised swimming pools to new safe contracts by means of one-click actions.

Users concurrently obtain NEOM debt tokens pegged 1:1 to their USD losses decided by pre-hack snapshots.

Nemo will inject worth into NEOM by means of a multi-tiered redemption waterfall mannequin, with recovered hacker funds forming the first supply for proportional claims.

External capital injections, corresponding to liquidity loans and strategic investments, will present secondary assist as confidence anchors.

The protocol established speedy AMM liquidity swimming pools with important depth on main Sui DEXs, creating instantaneous market-based exit paths for customers prioritizing liquidity over long-term restoration.

The NEOM/USDC buying and selling pair allows market pricing based mostly on perceived restoration timelines and protocol success likelihood.

The hack contributes to 2025’s devastating DeFi safety disaster, with over $2.37 billion lost across 121 incidents in the course of the first half alone.

September emerged as significantly damaging with SwissBorg’s SOL compromise, npm supply chain attacks affecting billions of downloads, and the Yala stablecoin dropping its greenback peg.

The Yala stablecoin ($YU), a Bitcoin-native over-collateralized stablecoin backed by Polychain, misplaced its greenback peg after a protocol assault despatched $YU crashing to $0.2074.#Stablecoin #Bitcoinhttps://t.co/RxbGVEG6Ba

— Cryptonews.com (@cryptonews) September 14, 2025

Particularly, the Yala stablecoin (YU) attack, which occurred this weekend, noticed YU lose its greenback peg following a protocol assault that despatched the Bitcoin-native over-collateralized stablecoin crashing to $0.2074 earlier than recovering to $0.917.

The suspected attacker minted 120 million YU tokens on Polygon and bought 7.71 million throughout Ethereum and Solana for 7.7 million USDC.

For Nemo Protocol, stolen property totaling $2.59 million moved by means of subtle laundering operations through Wormhole CCTP earlier than closing aggregation on Ethereum.

Security groups established monitoring protocols for holding addresses whereas coordinating with centralized exchanges on potential asset freezing measures.

The protocol applied emergency incremental audits with Asymptotic whereas planning further impartial safety agency critiques.

The publish Nemo Protocol Issues NEOM Debt Tokens to Compensate $2.6M Exploit Victims appeared first on Cryptonews.