Nemo Protocol, a DeFi yield platform built on the Sui blockchain, has been hit by an exploit that drained millions in stablecoins.
Summary
- Nemo Protocol was exploited for $2.4 million, resulting in its TVL plunging from over $6 million to about $1.5 million.
- Cetus Protocol on Sui was similarly hacked in May, with $162M frozen on-chain and $60M bridged out, marking another major exploit on the network this year.
- DeFi hacks have surged in 2025, with $2.37 billion lost in the first half of the year.
PeckShieldAlert first flagged the breach on September 8, posting on X that roughly $2.4 million in USDC had been stolen from Nemo. The attacker quickly bridged the stolen funds from Arbitrum to Ethereum, according to the blockchain security firm’s analysis.
Nemo confirmed the attack in a tweet shortly after, adding that an investigation is underway to determine the cause of the breach. The protocol also suspended all smart contract activity in the meantime.
The fallout was immediate. Data from DeFiLlama shows that Nemo’s total value locked (TVL) plunged to about $1.53 million, down sharply from more than $6 million before the attack. The exploit targeted the protocol’s yield-trading system, which allows users to split staked assets into Principal Tokens (PTs) and Yield Tokens (YTs) in order to speculate on future returns.
Questions have arisen around the exact cause of the breach, and the scale of the losses has already rattled the protocol’s community.
The attack gives fresh urgency to broader concerns around security on Sui, coming just months after another major protocol, Cetus, was similarly compromised.
Nemo hack marks second major exploit on Sui in 2025
Just months before the Nemo hack, another major incident rocked the Sui blockchain. On May 22, Cetus Protocol, a leading decentralized exchange and liquidity provider, was exploited for $223 million. The attacker exploited an arithmetic overflow vulnerability in a third-party math library, draining funds in under 15 minutes.
Sui validators and ecosystem partners quickly froze about $162 million of the stolen assets on-chain, and $60 million was bridged out to Ethereum. Cetus suspended its smart contracts and initiated a recovery plan that included a $6 million bounty, as well as talks of a “whitehat settlement” offering the attacker amnesty if remaining funds were returned.
These high-profile breaches are part of a broader surge in DeFi-targeted attacks throughout 2025. According to SlowMist’s mid-year report, the blockchain industry suffered over $2.37 billion in losses from 121 security incidents in the first half of the year, with DeFi accounting for 76% of those incidents, though centralized exchanges suffered larger dollar losses overall.
A separate analysis from Hacken’s 2025 mid-year security report puts total crypto industry losses at over $3.1 billion in the first six months. Access control failures like misconfigured wallets and legacy keys accounted for 59% of those losses, while DeFi-specific smart-contract vulnerabilities like the Cetus bug made up $263 million, or about 8%.
Hackers continue to zero in on DeFi protocols across multiple chains, and the Sui ecosystem is no exception. With two major exploits already this year in Cetus and Nemo, it remains to be seen whether new security measures can keep pace with the rising sophistication of attacks.
