Published On: Thu, 11 Sep 2025 12:55:40 GMT

Nemo Hack: Auditor Flagged Issue Before $2.59M Exploit

Nemo hack drains $2.59M after ignored auditor warning. Team pauses protocol, patches flaw, and pledges user compensation.

Akshat Thakur Hacks & Scams News Altcoin

Sep 11, 2025

Author: Akshat Thakur

September 11, 2025 — Yield trading protocol Nemo, built on the Sui blockchain, has admitted that an exploit draining $2.59 million could have been prevented if its team had acted on an auditor’s warning. The September 7 Nemo hack stemmed from unaudited code deployed without proper multisignature protections.

Key Takeaways

$2.59 million lost in the Nemo hack on September 7.
Vulnerability introduced by unaudited code bypassing security checks.
Auditor Asymptotic had flagged the issue in an earlier report.

Nemo Hack Rooted in Known Vulnerability

Nemo’s post-mortem revealed that the exploit targeted a function called get_sy_amount_in_for_exact_py_out. This piece of code, meant to manage slippage, was deployed onchain without a full audit. Asymptotic, the protocol’s smart contract auditor, had already identified the flaw in a preliminary review.

The Nemo team admitted it “did not adequately address this security concern in a timely manner.” A single developer was able to deploy the code with only one signature, bypassing recommended procedures such as multisignature approval and confirmation hash verification.

Auditor Warning Ignored

The vulnerability was introduced in January 2025, but Nemo only implemented an upgrade procedure in April, too late to stop the risky code from going live. Asymptotic again warned the team on August 11, but Nemo prioritized other issues and left the flaw unpatched until attackers exploited it in September.

This echoes other preventable crypto incidents, including SuperRare’s $730,000 loss in July due to an overlooked smart contract bug.

Nemo Pauses Protocol, Prepares Fix

Following the Nemo hack, the project has paused all core functions and is working with security teams to freeze assets linked to the attacker on centralized exchanges.

A patch is now under audit by Asymptotic. Nemo has removed its flash loan function, fixed the vulnerable code, and added a manual reset mechanism for restoring values. A user compensation plan is in the works, including debt structuring at the level.

The Talk

Real voices. Real reactions.

KOLs

Media

Community

🫥 No reactions available in this category.

Feb 4, 2026

Moscow Exchange to Launch SOL, XRP, and TRX Crypto Futures

Feb 4, 2026

Ripple Makes $11B Bid For Circle Takeover to Control USDC

Feb 4, 2026

Mantle Pushes $MNT Into Solana With SuperMantle Creator Portal

Feb 3, 2026

Vultisig Launches Plugin Marketplace for OnChain Automation

Fetching related reads

In its statement, Nemo said:
“Security and risk management demand constant vigilance. We are committed to stronger defences and stricter protocol controls going forward.”

Extra Context: Security Gaps in DeFi

The Nemo hack highlights ongoing issues in decentralized finance security:

Single-signature control — bypassing multisig checks leaves systems exposed.
Ignored auditor warnings — flagged vulnerabilities need prompt resolution.
Slow governance upgrades — delays allow flaws to persist in production.

Industry experts argue that greater emphasis on audited code, multisignature deployment, and ongoing monitoring could prevent many exploits.

What Has Happened So Far

Jan 2025 — Vulnerable code deployed onchain.
Apr 2025 — Multisig upgrade process introduced, but too late.
Aug 11, 2025 — Auditor flagged vulnerability again.
Sep 7, 2025 — $2.59M stolen in the Nemo hack.
Sep 8, 2025 — Nemo paused protocol, patch under audit, compensation plan announced.

The $2.59 million Nemo hack underscores the risks of deploying unaudited code and ignoring security warnings. While Nemo has promised stronger controls and a user compensation plan, the incident highlights the urgent need for rigorous security practices across DeFi.

Frequently Asked Questions

What caused the Nemo hack?

The exploit stemmed from unaudited code pushed onchain without multisignature approval, allowing attackers to manipulate a flawed function.

How much was lost in the hack?

Around $2.59 million in user funds were drained on September 7, 2025.

Did auditors warn about the issue?

Yes. Auditor Asymptotic flagged the vulnerability in August, but the Nemo team failed to patch it in time.

How is Nemo responding?

Nemo has paused operations, deployed a patch now under audit, and removed risky functions like flash loans.

Will users be compensated?

Yes. Nemo plans a compensation program, including debt restructuring in its tokenomics model.

Trusted

Our Crypto Talk is committed to unbiased, transparent, and true reporting to the best of our knowledge. This news article aims to provide accurate information in a timely manner. However, we advise the readers to verify facts independently and consult a professional before making any decisions based on the content since our sources could be wrong too. Check our Terms and conditions for more info.

Share with your community!

Or Even Better - Join the OCT Community!

Share with your community!

Or Even Better - Join the OCT Community!

Join Our Telegram Community

Nemo Hack: Auditor Flagged Issue Before $2.59M Exploit

Key Takeaways

Nemo Hack Rooted in Known Vulnerability

Auditor Warning Ignored

Nemo Pauses Protocol, Prepares Fix

The Talk

Related reads

Fetching related reads

Related reads

Extra Context: Security Gaps in DeFi

What Has Happened So Far

Conclusion

Frequently Asked Questions

What caused the Nemo hack?

How much was lost in the hack?

Did auditors warn about the issue?

How is Nemo responding?

Will users be compensated?

Trusted

In this article

Related reads

Related reads

Related reads

Related reads