Skip to main content
Sign in
Nemo Yield Trading1 decision on this page

Audit log

Every state-changing event for Nemo Yield Trading: moderation decisions on community submissions, plus corrections and updates from the news pipeline. URL-based decisions carry three independent witnesses — the original source, an Internet Archive snapshot taken at submission time, and a Solana memo signed by our publicly-disclosed publisher key.

  1. #1publishby system:backfill
    2026-05-26 18:30:21Z
    Score: ?? (no score change)
    anchoranchored
    chain
    mainnet-betaslot 422,338,837
    sig
    cPkfxjfwH3QM…zAqoVgaNexplorer ↗
    hash
    Cj6WvPh1cpFE…Ntx7Eo9msha256 → base58
    verifying row…full verify ↗
    canonical bytes (5643 B) ▸
    {"actor":"system:backfill","investigation_id":"20f595cd-4fa0-459f-930f-f424155f06bd","kind":"publish","page_slug":"nemo-yield-trading","published_at":"2026-05-26T18:30:21.862Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"Nemo Yield Trading","sections":[{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://defillama.com/protocol/nemo-yield-trading","type":"other","url":""},{"credibility":3,"name":"https://iq.wiki/wiki/nemo-protocol","type":"other","url":""},{"credibility":3,"name":"https://www.rootdata.com/Projects/detail/Nemo%20Protocol?k=MTM5NTE%3D","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.coindesk.com/markets/2025/09/08/sui-based-yield-protocol-nemo-exploited-for-usd2-4m-in-usdc","type":"other","url":""},{"credibility":3,"name":"https://finance.yahoo.com/news/nemo-protocol-hacked-2-4m-081422991.html","type":"other","url":""},{"credibility":3,"name":"https://www.theblock.co/post/369766/sui-nemo-protocol-exploit","type":"other","url":""},{"credibility":3,"name":"https://crypto.news/nemo-protocol-2-6m-exploit-caused-by-developers-unaudited-code/","type":"other","url":""},{"credibility":3,"name":"https://coinfomania.com/nemo-protocol-exploit-steals-2-4-million-and-tests-defi-security/","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://cointelegraph.com/news/2-6-million-lost-in-nemo-hack-due-to-unaudited-code-and-ignored-vulnerability","type":"other","url":""},{"credibility":3,"name":"https://www.theblock.co/post/370273/nemo-protocol-unaudited-code-exploit","type":"other","url":""},{"credibility":3,"name":"https://cryptonews.com/news/nemo-protocol-blames-2-6m-exploit-on-developer-who-deployed-unaudited-code/","type":"other","url":""},{"credibility":3,"name":"https://bitcoinethereumnews.com/tech/auditor-flagged-issue-before-2-59m-nemo-hack-team-admits/","type":"other","url":""},{"credibility":3,"name":"https://finance.yahoo.com/news/nemo-protocol-blames-2-6m-083310308.html","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://cryptonews.com/news/nemo-protocol-issues-neom-debt-tokens-to-compensate-2-6m-exploit-victims/","type":"other","url":""},{"credibility":3,"name":"https://www.theblock.co/post/370581/nemo-protocol-debt-token-program-exploit","type":"other","url":""},{"credibility":3,"name":"https://www.cryptopolitan.com/nemo-protocol-debt-token-program-hack-victim/","type":"other","url":""},{"credibility":3,"name":"https://crypto.news/nemo-protocol-to-issue-debt-token-to-compensate-2-6m-hack-victims/","type":"other","url":""},{"credibility":3,"name":"https://coinpedia.org/news/nemo-protocol-introduces-neom-token-to-compensate-2-4m-hack-losses/","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://defillama.com/protocol/nemo-yield-trading","type":"other","url":""},{"credibility":3,"name":"https://www.coindesk.com/markets/2025/09/08/sui-based-yield-protocol-nemo-exploited-for-usd2-4m-in-usdc","type":"other","url":""},{"credibility":3,"name":"https://x.com/SmartDropFarmer/status/1998698715125571968","type":"other","url":""}]}],"sources_used":[],"summary":"Nemo Protocol is a Sui-based DeFi yield trading platform that suffered a $2.6 million exploit on September 7, 2025, caused by an unnamed developer who deployed unaudited code to mainnet while bypassing internal review processes. A security auditor had flagged a related vulnerability 27 days before the attack, which the team acknowledged it failed to address in time. The protocol's TVL has since collapsed to zero and it has been flagged as high-risk by trust intelligence sources.","timeline":[{"date":"2022-06","event":"Nemo Protocol's official X account established; project founded.","source":""},{"date":"2025-01","event":"Developer submits code to MoveBit auditors without disclosing new unaudited features mixed into the submission. Protocol completes Sui Hydropower Accelerator first cohort.","source":""},{"date":"2025-08-11","event":"Security firm Asymptotic issues a C-2 severity warning flagging a vulnerability in Nemo's contract code that allows unauthorized state modification. The developer allegedly dismisses the severity and no fix is deployed.","source":""},{"date":"2025-09-07","event":"Exploit occurs at approximately 16:00 UTC. Attacker uses exposed flash loan function combined with flawed query function to drain approximately $2.4-2.6 million from the SY/PT liquidity pool. Stolen assets bridged to Ethereum via Wormhole CCTP. TVL collapses from $6.3M to $1.57M.","source":""},{"date":"2025-09-08","event":"PeckShield publicly flags the breach. Nemo Protocol confirms the attack and announces protocol pause. Nemo offers a 10% white-hat bounty to the attacker.","source":""},{"date":"2025-09-11","event":"Nemo Protocol releases post-mortem report, attributing the exploit to unaudited code deployed by an internal developer via single-signature address, and admitting the Asymptotic warning was not adequately addressed.","source":""},{"date":"2025-09-14","event":"Nemo Protocol announces the NEOM debt token compensation program, issuing one NEOM per dollar lost. Team acknowledges it lacks capital for direct USD reimbursement.","source":""},{"date":"2026-05","event":"Social media reports indicate the vault migration was completed and NEOM tokens are claimable. NEOM reportedly trades below its $1.00 peg. Protocol TVL remains at zero.","source":""}]},"v":1}
    Verify offline (run on your own machine)
    python -m src.verify_decision a54aa4e7-8a26-4d2f-a299-c2c061b9f0c7
How verification works. The “Row integrity” check above is computed in your browser — your machine recomputes the SHA-256 of the canonical bytes and compares against the stored hash. No avoid.net server can fake that check. The “full verify” link goes one level deeper: your browser fetches the on-chain transaction from a Solana RPC node and confirms the same hash is in the memo. If you don’t want to trust either avoid.net or the public RPC, run the CLI verifier on your own machine — python -m src.verify_decision <event_id>.