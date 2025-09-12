Auditor Flagged Issue Before $2.59M Nemo Hack, Team Admits

By: BitcoinEthereumNews
2025/09/12 09:18
ChangeX
CHANGE$0.00199924+3.16%
SUI
SUI$3.6504+0.65%
BRC20.COM
COM$0.016032-7.65%
EPNS
PUSH$0.03641-1.19%
Core DAO
CORE$0.4621-0.90%

Sui-based yield trading protocol Nemo lost about $2.59 million due to a known vulnerability introduced by non-audited code being deployed, according to the project.

According to Nemo’s post-mortem analysis of the Sept. 7 hack, a flaw in a function intended to reduce slippage allowed the attacker to change the state of the protocol. This function, named “get_sy_amount_in_for_exact_py_out,” was pushed onchain without being audited by smart contract auditor Asymptotic.

Furthermore, Asymptotic’s team identified the issue in a preliminary report. Still, the Nemo team admits that its “team did not adequately address this security concern in a timely manner.”

Deploying new code only required a signature from a single address, allowing the developer to push unaudited code onchain without disclosing the changes. Furthermore, he did not use the confirmation hash provided in the audit for the deployment, breaking the procedure.

This is not the first time a hack was revealed to have been easily preventable. The report follows NFT trading platform SuperRare suffering a $730,000 exploit in late July due to a basic smart contract bug that experts say could have easily been prevented with standard testing practices.

Related: Bubblemaps alleges largest Sybil attack in crypto history on MYX airdrop

Security procedures changed too late

The vulnerable code was pushed onchain in early January. The upgrade procedure, which would likely have prevented the unaudited code from being deployed onchain, was implemented in April.

Despite the upgrade, the vulnerability had already made its way into the production environment. Asymptotic warned Nemo of the vulnerability on Aug. 11, but the project said it was focused on other issues and failed to address it before the exploit.

Related: Failed NPM exploit highlights looming threat to crypto security: Exec

Nemo pauses protocol, prepares patch

According to the analysis, Nemo’s protocol core functions are now paused to prevent further losses. The team is collaborating with multiple security teams and providing all relevant addresses to assist in freezing assets on centralized exchanges.

A patch has now been developed, and Asymptotic is auditing the new code. The project said it removed its flash loan function, fixed the vulnerable code and added a manual-reset feature to restore affected values. Nemo is also designing a compensation plan for users, including debt structuring at the tokenomics level.

Nemo apologized to its users and claims to have learned that “security and risk management demand constant vigilance.” The team also promised to improve its defences and apply stricter protocol control.

Magazine: North Korea crypto hackers tap ChatGPT, Malaysia road money siphoned: Asia Express

Source: https://cointelegraph.com/news/2-6-million-lost-in-nemo-hack-due-to-unaudited-code-and-ignored-vulnerability?utm_source=rss_feed&utm_medium=feed&utm_campaign=rss_partner_inbound

Disclaimer: The articles reposted on this site are sourced from public platforms and are provided for informational purposes only. They do not necessarily reflect the views of MEXC. All rights remain with the original authors. If you believe any content infringes on third-party rights, please contact [email protected] for removal. MEXC makes no guarantees regarding the accuracy, completeness, or timeliness of the content and is not responsible for any actions taken based on the information provided. The content does not constitute financial, legal, or other professional advice, nor should it be considered a recommendation or endorsement by MEXC.
Share Insights

You May Also Like

Native Markets heavily favored on Polymarket to win bid to issue Hyperliquid’s USDH stablecoin

Native Markets heavily favored on Polymarket to win bid to issue Hyperliquid’s USDH stablecoin

The project, co-founded by an early Hyperliquid backer, has raised eyebrows amid rising competition among suitors.
CreatorBid
BID$0.10575-4.57%
WINK
WIN$0.00005268+0.28%
Share
Coinstats2025/09/12 09:03
Share
Robinhood Debuts Social Trading App With Live Crypto, Stocks, Options Integration

Robinhood Debuts Social Trading App With Live Crypto, Stocks, Options Integration

The post Robinhood Debuts Social Trading App With Live Crypto, Stocks, Options Integration appeared on BitcoinEthereumNews.com. Robinhood has unleashed a verified social trading network with real-time trade metrics, cross-asset execution, and AI-powered tools—redefining how investors connect, analyze, and trade. Robinhood Social Launch Brings Verified Trades, Crypto Access, and Real-Time Metrics Robinhood Markets (Nasdaq: HOOD) announced on Sept. 10 at the HOOD Summit 2025 in Las Vegas a slate of new features […] Source: https://news.bitcoin.com/robinhood-debuts-social-trading-app-with-live-crypto-stocks-options-integration/
RealLink
REAL$0.06421+2.18%
CROSS
CROSS$0.24481+1.83%
BRC20.COM
COM$0.016053-7.50%
Share
BitcoinEthereumNews2025/09/12 10:15
Share
The Smarter Web Company, a British listed company, increased its holdings by 104.28 bitcoins, bringing its holdings to 346.63 bitcoins

The Smarter Web Company, a British listed company, increased its holdings by 104.28 bitcoins, bringing its holdings to 346.63 bitcoins

PANews reported on June 19 that Smarter Web Company (AQUIS: SWC | OTCQB: TSWCF), a British listed company, announced that it has purchased an additional 104.28 bitcoins according to its
Juneo Supernet
JUNE$0.0982+4.69%
Share
PANews2025/06/19 14:38
Share

Trending News

More

Native Markets heavily favored on Polymarket to win bid to issue Hyperliquid’s USDH stablecoin

Robinhood Debuts Social Trading App With Live Crypto, Stocks, Options Integration

The Smarter Web Company, a British listed company, increased its holdings by 104.28 bitcoins, bringing its holdings to 346.63 bitcoins

BlockDAG’s $405M Raise & 3M Daily Miners Redefine Presale Crypto Coins, Leaving Magacoin & BlockchainFX Trailing Behind

Albania’s AI virtual assistant Diella just got promoted to ‘minister’