Nemo: The $2.59 million asset loss attack originated from launching new features without sufficient auditing

ChainCatcher message, the DeFi protocol Nemo on Sui has released an incident report stating that due to a security vulnerability in the flashloan and getsyamountinforexactpyout functions in the contract, it was exploited by attackers, resulting in an asset loss of approximately 2.59 million USD.

The attack originated from the developers launching new features without sufficient auditing and failing to promptly address known risks. The main funds were transferred to Ethereum via a cross-chain bridge, and the core functions of the protocol have currently been frozen. A vulnerability patch has been submitted for emergency auditing, and the team is formulating user compensation and asset tracking plans.