Nemo Protocol, a DeFi platform built on Sui, has launched a comprehensive compensation program following a $2.6 million exploit on September 7, 2025. The breach occurred when a rogue developer deployed unaudited code containing critical vulnerabilities, bypassing internal review processes through single-signature deployment. The attacker exploited public flash loan functions and flawed pricing mechanisms to drain liquidity pools.
The protocol's total value locked (TVL) collapsed from $6.3 million to $1.57 million as users withdrew over $3.8 million in USDC and SUI tokens post-breach. The stolen assets, mostly stablecoins, were bridged to Ethereum via Wormhole CCTP.
Nemo's three-step recovery plan centers on issuing NEOM debt tokens 1:1 with users' dollar losses, based on snapshots taken when the protocol was paused. Affected users can migrate remaining assets to new multi-audited contracts while receiving NEOM tokens equivalent to their losses. They then choose between selling tokens immediately through a Sui-based DEX liquidity pool or holding for potential future recovery through a redemption waterfall model.
The redemption pool will be funded by recovered hacker funds (primary source) and external capital injections like liquidity loans (secondary source). Nemo will provide bi-weekly updates and a public dashboard to track redemptions and token burns. The team has implemented stricter code upgrade oversight, multiple external audits, and enhanced bug bounty programs to prevent future incidents.