Sui-based yield trading protocol Nemo suffered a loss of $2.59 million during a hacking incident on September 7, which was attributed to a known vulnerability from unaudited code deployed without multisignature controls. The flaw was identified in a function that altered the protocol's state, with its deployment on-chain occurring without proper disclosures. Although Asymptotic's team had previously flagged this issue, Nemo's team failed to respond in a timely manner as they focused on other concerns. Additionally, new code could be deployed with just one signature, which meant that unaudited changes went unnoticed until exploited. In January, the vulnerable code was live in the production environment, while an upgrade to the security protocol was only implemented in April. Following the exploit, Nemo's core functions are paused, and the team is collaborating with various security groups to mitigate further losses. A patch has been created with additional features to prevent similar issues in the future, and Nemo is exploring compensation plans for users affected by the hack.

Source đź”—