Auditor flagged issue before $2.59M Nemo hack, team admits

Nemo, a yield trading protocol on the Sui blockchain, lost $2.59 million on Sept. 7 after unaudited code was deployed without multisignature safeguards.
written by Cryptopatel logocryptopatel
Facebook X-twitter Instagram Youtube
Auditor flagged issue before $2.59M Nemo hack, team admits

Why Trust CryptoPatel

CryptoPatel has been sharing trusted crypto news, insights, and analysis for over 8 years. With deep knowledge of blockchain and the cryptocurrency market, our goal is to give readers clear, accurate, and honest information.

Every article is fact-checked, based on real market research, and written with an unbiased approach. We also review and verify crypto projects to help you make better decisions.

  • Reviewed by experts
  • Independent and unbiased content
  • Verified crypto projects

Investment Disclaimer: The views shared here are based on personal opinions and current market trends. Always do your own research before investing in cryptocurrencies. CryptoPatel is not responsible for any financial losses.


Ad Disclosure: Some articles may include sponsored content or affiliate links. All ads are clearly marked, and sponsors do not influence our news or analysis.

Crypto NewsLatest Crypto News

Auditor flagged issue before $2.59M Nemo hack, team admits

by cryptopatel
written by Cryptopatel logocryptopatel 0 comments 35 views
banner
0 FacebookTwitterPinterestEmail

The decentralized finance (DeFi) sector has been rattled once again, this time by a $2.59 million exploit targeting Nemo, a yield trading protocol built on the Sui blockchain. Attackers were able to manipulate the platform’s smart contracts, draining liquidity in a matter of moments. What sets this incident apart is that the vulnerability wasn’t unknown — it had already been flagged by Nemo’s own auditor weeks before the breach.

According to the project’s post-mortem, the exploited function, designed to minimize slippage, was deployed onchain without undergoing a final audit. Despite Asymptotic, Nemo’s smart contract auditor, highlighting the weakness in a preliminary report, the team failed to resolve the issue in time. Instead, the unaudited code was pushed live by a single developer signature, sidestepping both disclosure requirements and the recommended deployment procedure.

In hindsight, Nemo admitted that its team had deprioritized the fix, focusing instead on other development tasks. That decision has fueled sharp criticism of the project’s governance practices and the wider culture in DeFi, where security concerns are often sidelined in the race to innovate. The fact that such a costly exploit stemmed from an issue that was both identified and documented underscores the fragile trust between projects and their users.

The incident mirrors a troubling pattern in DeFi, where preventable hacks continue to surface despite the presence of audits and best practices. As with other recent cases, Nemo’s exploit highlights the urgent need for stronger security enforcement, stricter deployment controls, and more accountability if the industry hopes to maintain credibility with both investors and regulators.

Auditor Warning Ignored Before Nemo Exploit

According to the official post-mortem analysis published by the Nemo team, the root cause of the exploit was a flaw in the get_sy_amount_in_for_exact_py_out function.

This unaudited piece of code was pushed on-chain in January, well before the project’s security procedures were upgraded in April to include multisignature controls. The lack of proper controls allowed a single developer to deploy the vulnerable code without the oversight of the entire team.

The audit firm, Asymptotic, had identified the issue in a preliminary report on August 11, nearly a month before the hack. The report reportedly highlighted the risk, but the Nemo team “did not adequately address this security concern in a timely manner,” a crucial admission that lays bare a catastrophic failure of risk management. 

The attacker exploited the vulnerability, allowing them to manipulate the protocol’s state and drain approximately $2.59 million in assets. While the team has now paused core functions, is collaborating with security firms, and is developing a compensation plan, the damage to user trust is undeniable.

This incident echoes similar preventable hacks, such as the $730,000 exploit on NFT trading platform SuperRare in July, which was also linked to a basic, avoidable smart contract bug.

Related: RBI says crypto rules risk legitimizing sector

Lessons from a Bull Run and the Psychology of Risk

The Nemo Finance hack, and its preventable nature, must be viewed within the broader context of crypto market cycles. As we saw in previous bull markets such as the 2021 surge and the current cycle fueled by institutional interest, the velocity of development often outpaces the rigor of security.

Projects are under immense pressure to launch new features, attract liquidity, and compete for market share. This hyper-financialized environment can breed a culture where security is seen as a bottleneck rather than a prerequisite.

This behavioral pattern is not new. In the run-up to the 2021 market peak, countless projects with minimal audits or rushed deployments fell victim to exploits. The Cream Finance flash loan attacks in 2021, which resulted in over $130 million in losses, were a direct consequence of a similar deploy first, secure later mentality.

The Nemo case, however, introduces a more insidious element: a team that was explicitly warned of a critical vulnerability but chose to prioritize other issues over a known, existential threat.

This speaks to a deep-seated issue of market psychology. During periods of euphoria, investor appetite for risk is at its highest, and due diligence is often the first casualty. The allure of high yields and novel DeFi products can blind both retail investors and project teams to fundamental security risks.

A report by blockchain analytics firm Immunebytes found that many of the largest crypto hacks in 2024 were rooted in simple access control vulnerabilities and unvalidated call data. 

Related: Trump Family’s Net Worth Surges $1.3B Amid ABTC Debut and WLFI Rally

Disclaimer: This article includes sponsored content and is not financial advice. The news, opinions, and insights shared are provided by the sponsor and may not reflect the views of Coingape. While the article may include cryptocurrency news, analysis, or investment ideas, it’s important to remember that crypto is highly volatile and risky. You could lose all the money you invest. Always do your own research and speak with a financial expert before making any decisions. Coingape does not guarantee the accuracy or reliability of the information provided by the sponsor.


Ad Disclosure: Some parts of this site may include sponsored content or affiliate links. These will always be clearly marked, and our advertisers do not influence our news or editorial content.


Tags: $2.59M Nemo hack
0 FacebookTwitterPinterestEmail
Cryptopatel logo

CryptoPatel is a Certified Crypto Trader and analyst with 10+ years of Experience, known for 10x–100x Gem Calls and a 300k+ Strong Community. Founder of CryptoPatel.com, delivering Real-time Insights and Alpha trades. Join our Socials for real-time updates!

Trending News

UK Regulator Lifts Crypto ETN Ban for Retail Investors
Ether Treasuries Hit $13B as Price Tops $4,300
What Is Blockchain and How does It Work?
What is Cryptocurrency? A Beginner’s Guide
What are Altcoins? – The Ultimate Guide for Beginners

Newsletter

Subscribe to our Newsletter for Trending & Hot News, Technical Analysis Charts, and exclusive GEM Finder Updates. Let’s stay ahead of the curve — Stay Updated, Stay Profitable!

Related Posts

Metaplanet Expands Bitcoin Strategy in US and Japan

Bitcoin’s Illiquid Supply May Hit 8.3M by 2032: Fidelity

Polkadot DAO Sets 2.1B DOT Supply Cap in Tokenomics Shift

Spot Bitcoin ETFs Surge as Crypto Market Tops $4 Trillion

RBI says crypto rules risk legitimizing sector

Sora Ventures Invests $1 Billion Bitcoin Treasury in Asia

Trump Net Worth Surges $1.3B on ABTC and WLFI Hype

Metaplanet Clears $3.7B Bitcoin Accumulation Path

Metaplanet Bitcoin holding reaches 20,000 BTC, issues 11.5M shares 

Animoca Antler Launches Ibex Fund to Tokenize Japan’s IP

Japan’s Finance Minister Crypto Can Boost Diversified Portfolios

SharpLink Gaming $1.5B Buyback to Boost Ethereum Treasury 

banner
Cryptopatel

CryptoPatel is a seasoned Technical and Fundamental Analyst with over a decade of experience in the cryptocurrency market. Renowned for his ability to identify high-potential Alpha and GEM projects, he has consistently delivered exceptional returns ranging from 10x to 100x. Follow for expert market insights, in-depth trend analysis, and valuable investment opportunities.

coinmarketcap
Binance Square
Cryptopatel instagram
threads
Cryptopatel X
Cryptopatel telegram

Useful Links

Cryptopatel

about us

CryptoPatel is a seasoned Technical and Fundamental Analyst with over a decade of experience in the cryptocurrency market. Renowned for his ability to identify high-potential Alpha and GEM projects, he has consistently delivered exceptional returns ranging from 10x to 100x. Follow for expert market insights, in-depth trend analysis, and valuable investment opportunities.

Follow Us

Binance Square
coinmarketcap
Cryptopatel instagram
threads
Cryptopatel X
Cryptopatel telegram

©2025 Cryptopatel. All Right Reserved. | Terms & Condition | Privacy Policy