Nemo Protocol launched its NEOM debt token program to compensate victims of a $2.6 million exploit that devastated the Sui-based DeFi platform on September 7. The protocol will issue one NEOM token for every dollar lost, allowing users to claim debt tokens while migrating remaining assets to secure multi-audited contracts. The hack originated from a rogue developer who secretly deployed unaudited code containing critical vulnerabilities, bypassing internal review processes through single-signature deployment. The attacker exploited flash loan functions incorrectly exposed as public and query functions that could modify contract state without authorization. Nemo’s total value locked collapsed from $6.3 million to $1.57 million as users withdrew over $3.8 million worth of USDC and SUI tokens following the breach. The exploit occurred during one of crypto’s worst security days in 2025, coinciding with SwissBorg’s $41.5 million SOL hack and the Yala stablecoin depeg attack. Rogue Developer’s Secret Code Deployment Triggers Security Catastrophe The post-mortem investigation revealed systematic security failures dating to January 2025 when the unnamed developer submitted code containing unaudited features to MoveBit auditors. The developer failed to highlight new additions while mixing previously audited fixes with unreviewed functionality, creating a compromised foundation. MoveBit issued its final audit report based on incomplete information, as the developer used unauthorized smart contract versions. The team deployed contract version 0xcf34 using a single-signature address 0xf55c, rather than audit-confirmed hashes, thereby circumventing established review protocols entirely. Asymptotic team identified the critical C-2 vulnerability in August, warning that functions could modify code without permission. The developer dismissed severity concerns and failed to implement necessary fixes despite available support from security partners. Attack execution began at 16:00 UTC on September 7 with hackers leveraging the flash loan function and a known query vulnerability. Detection occurred thirty minutes later when YT yields displayed over 30x returns, indicating system compromise. The developer drew inspiration from Aave and Uniswap protocols to maximize composability through flash loan capabilities, but critically underestimated security risks. Functions designed for read-only purposes contained write capabilities, creating the primary attack vector that enabled the devastating breach. NEOM Recovery Program Offers Market-Based Exit Strategy The three-step recovery program begins with asset migration, allowing users to transfer residual value from compromised pools to new secure contracts through one-click actions. Users simultaneously receive NEOM debt tokens pegged 1:1 to their USD losses determined by pre-hack snapshots. Nemo will inject value into NEOM through a multi-tiered redemption waterfall model, with recovered hacker funds forming the primary source for proportional claims. External capital injections, such as liquidity loans and strategic investments, will provide secondary support as confidence anchors. The protocol established immediate AMM liquidity pools with significant depth on major Sui DEXs, creating instant market-based exit paths for users prioritizing liquidity over long-term recovery. The NEOM/USDC trading pair enables market pricing based on perceived recovery timelines and protocol success probability. The hack contributes to 2025’s devastating DeFi security crisis, with over $2.37 billion lost across 121 incidents during the first half alone. September emerged as particularly destructive with SwissBorg’s SOL compromise, npm supply chain attacks affecting billions of downloads, and the Yala stablecoin losing its dollar peg. Particularly, the Yala stablecoin (YU) attack, which happened this weekend, saw YU lose its dollar peg following a protocol attack that sent the Bitcoin-native over-collateralized stablecoin crashing to $0.2074 before recovering to $0.917. The suspected attacker minted 120 million YU tokens on Polygon and sold 7.71 million across Ethereum and Solana for 7.7 million USDC. For Nemo Protocol, stolen assets totaling $2.59 million moved through sophisticated laundering operations via Wormhole CCTP before final aggregation on Ethereum. Security teams established monitoring protocols for holding addresses while coordinating with centralized exchanges on potential asset freezing measures. The protocol implemented emergency incremental audits with Asymptotic while planning additional independent security firm reviewsNemo Protocol launched its NEOM debt token program to compensate victims of a $2.6 million exploit that devastated the Sui-based DeFi platform on September 7. The protocol will issue one NEOM token for every dollar lost, allowing users to claim debt tokens while migrating remaining assets to secure multi-audited contracts. The hack originated from a rogue developer who secretly deployed unaudited code containing critical vulnerabilities, bypassing internal review processes through single-signature deployment. The attacker exploited flash loan functions incorrectly exposed as public and query functions that could modify contract state without authorization. Nemo’s total value locked collapsed from $6.3 million to $1.57 million as users withdrew over $3.8 million worth of USDC and SUI tokens following the breach. The exploit occurred during one of crypto’s worst security days in 2025, coinciding with SwissBorg’s $41.5 million SOL hack and the Yala stablecoin depeg attack. Rogue Developer’s Secret Code Deployment Triggers Security Catastrophe The post-mortem investigation revealed systematic security failures dating to January 2025 when the unnamed developer submitted code containing unaudited features to MoveBit auditors. The developer failed to highlight new additions while mixing previously audited fixes with unreviewed functionality, creating a compromised foundation. MoveBit issued its final audit report based on incomplete information, as the developer used unauthorized smart contract versions. The team deployed contract version 0xcf34 using a single-signature address 0xf55c, rather than audit-confirmed hashes, thereby circumventing established review protocols entirely. Asymptotic team identified the critical C-2 vulnerability in August, warning that functions could modify code without permission. The developer dismissed severity concerns and failed to implement necessary fixes despite available support from security partners. Attack execution began at 16:00 UTC on September 7 with hackers leveraging the flash loan function and a known query vulnerability. Detection occurred thirty minutes later when YT yields displayed over 30x returns, indicating system compromise. The developer drew inspiration from Aave and Uniswap protocols to maximize composability through flash loan capabilities, but critically underestimated security risks. Functions designed for read-only purposes contained write capabilities, creating the primary attack vector that enabled the devastating breach. NEOM Recovery Program Offers Market-Based Exit Strategy The three-step recovery program begins with asset migration, allowing users to transfer residual value from compromised pools to new secure contracts through one-click actions. Users simultaneously receive NEOM debt tokens pegged 1:1 to their USD losses determined by pre-hack snapshots. Nemo will inject value into NEOM through a multi-tiered redemption waterfall model, with recovered hacker funds forming the primary source for proportional claims. External capital injections, such as liquidity loans and strategic investments, will provide secondary support as confidence anchors. The protocol established immediate AMM liquidity pools with significant depth on major Sui DEXs, creating instant market-based exit paths for users prioritizing liquidity over long-term recovery. The NEOM/USDC trading pair enables market pricing based on perceived recovery timelines and protocol success probability. The hack contributes to 2025’s devastating DeFi security crisis, with over $2.37 billion lost across 121 incidents during the first half alone. September emerged as particularly destructive with SwissBorg’s SOL compromise, npm supply chain attacks affecting billions of downloads, and the Yala stablecoin losing its dollar peg. Particularly, the Yala stablecoin (YU) attack, which happened this weekend, saw YU lose its dollar peg following a protocol attack that sent the Bitcoin-native over-collateralized stablecoin crashing to $0.2074 before recovering to $0.917. The suspected attacker minted 120 million YU tokens on Polygon and sold 7.71 million across Ethereum and Solana for 7.7 million USDC. For Nemo Protocol, stolen assets totaling $2.59 million moved through sophisticated laundering operations via Wormhole CCTP before final aggregation on Ethereum. Security teams established monitoring protocols for holding addresses while coordinating with centralized exchanges on potential asset freezing measures. The protocol implemented emergency incremental audits with Asymptotic while planning additional independent security firm reviews