Nemo Protocol recently launched its NEOM debt token program to address the aftermath of a $2.6 million exploit that rocked the Sui-based DeFi platform on September 7. The protocol has taken proactive measures to compensate victims by issuing one NEOM token for every dollar lost. This initiative allows affected users to claim debt tokens while securely migrating their remaining assets to multi-audited contracts.
The devastating hack was orchestrated by a rogue developer who surreptitiously deployed unaudited code containing critical vulnerabilities. By bypassing internal review processes through single-signature deployment, the attacker exploited flash loan functions and query functions that could modify contract state without authorization. As a result, Nemo’s total value locked plummeted from $6.3 million to $1.57 million as users withdrew over $3.8 million worth of USDC and SUI tokens following the breach.
The exploit occurred amidst a tumultuous period for the crypto industry in 2025, coinciding with other high-profile security incidents such as SwissBorg’s $41.5 million SOL hack and the Yala stablecoin depegging attack.
In response to the security breach, Nemo Protocol has implemented a comprehensive compensation plan to address the losses incurred by users. The post-mortem investigation revealed systemic security failures dating back to January 2025, when the rogue developer submitted unaudited code to MoveBit auditors. The developer’s failure to highlight new additions and mix audited and unreviewed functionality created a compromised foundation.
The recovery program initiated by Nemo Protocol offers a market-based exit strategy for affected users. The three-step plan includes asset migration to secure contracts, the issuance of NEOM debt tokens pegged 1:1 to USD losses, and the injection of value into NEOM through a redemption waterfall model. External capital injections and liquidity loans will further support the recovery efforts.
The hack underscores the challenges facing the DeFi sector, with over $2.37 billion lost in 121 incidents during the first half of 2025. September witnessed a series of high-profile attacks, including the Yala stablecoin depegging incident, highlighting the need for enhanced security measures in the crypto space.
Moving forward, Nemo Protocol is committed to addressing the aftermath of the exploit by issuing NEOM debt tokens to compensate victims. The protocol has also implemented emergency audits and security measures to prevent future breaches and safeguard user assets.