The Nemo Protocol, a yield trading platform on the Sui blockchain, suffered a $2.4 million exploit on September 8, 2025, primarily involving USDC stablecoins. Attackers identified a vulnerability in Nemo's smart contracts, enabling them to drain funds and subsequently launder them across multiple chains—from Sui to Arbitrum and finally to Ethereum using Circle's bridge infrastructure.
This incident follows a pattern of escalating DeFi exploits in 2025, which account for approximately 80% of all crypto losses this year, totaling over $2.17 billion. August alone witnessed $163 million stolen across 16 attacks, including a $27 million exploit on Venus Protocol and an $8.4 million loss on Bunni DEX. The Sui ecosystem has been particularly targeted, with Cetus Protocol losing $223 million in May due to an oracle vulnerability.
Cross-chain bridges remain a focal point for hackers, representing 69% of stolen funds in 2022 ($2+ billion across 13 incidents). The Nemo attack underscores ongoing security challenges, as protocols balance innovation with safety measures like audits, bug bounties, and insurance. Regulatory scrutiny is intensifying, with repeated incidents strengthening calls for oversight and minimum security standards.
As of publication, neither Nemo Protocol nor the Sui Foundation has issued a detailed statement or remediation plan, fueling user anxiety. The broader implications include potential erosion of trust in newer blockchains and accelerated regulatory action.