Verify a decision

{"actor":"system:backfill","investigation_id":"20f595cd-4fa0-459f-930f-f424155f06bd","kind":"publish","page_slug":"nemo-yield-trading","published_at":"2026-05-26T18:30:21.862Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"Nemo Yield Trading","sections":[{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://defillama.com/protocol/nemo-yield-trading","type":"other","url":""},{"credibility":3,"name":"https://iq.wiki/wiki/nemo-protocol","type":"other","url":""},{"credibility":3,"name":"https://www.rootdata.com/Projects/detail/Nemo%20Protocol?k=MTM5NTE%3D","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.coindesk.com/markets/2025/09/08/sui-based-yield-protocol-nemo-exploited-for-usd2-4m-in-usdc","type":"other","url":""},{"credibility":3,"name":"https://finance.yahoo.com/news/nemo-protocol-hacked-2-4m-081422991.html","type":"other","url":""},{"credibility":3,"name":"https://www.theblock.co/post/369766/sui-nemo-protocol-exploit","type":"other","url":""},{"credibility":3,"name":"https://crypto.news/nemo-protocol-2-6m-exploit-caused-by-developers-unaudited-code/","type":"other","url":""},{"credibility":3,"name":"https://coinfomania.com/nemo-protocol-exploit-steals-2-4-million-and-tests-defi-security/","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://cointelegraph.com/news/2-6-million-lost-in-nemo-hack-due-to-unaudited-code-and-ignored-vulnerability","type":"other","url":""},{"credibility":3,"name":"https://www.theblock.co/post/370273/nemo-protocol-unaudited-code-exploit","type":"other","url":""},{"credibility":3,"name":"https://cryptonews.com/news/nemo-protocol-blames-2-6m-exploit-on-developer-who-deployed-unaudited-code/","type":"other","url":""},{"credibility":3,"name":"https://bitcoinethereumnews.com/tech/auditor-flagged-issue-before-2-59m-nemo-hack-team-admits/","type":"other","url":""},{"credibility":3,"name":"https://finance.yahoo.com/news/nemo-protocol-blames-2-6m-083310308.html","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://cryptonews.com/news/nemo-protocol-issues-neom-debt-tokens-to-compensate-2-6m-exploit-victims/","type":"other","url":""},{"credibility":3,"name":"https://www.theblock.co/post/370581/nemo-protocol-debt-token-program-exploit","type":"other","url":""},{"credibility":3,"name":"https://www.cryptopolitan.com/nemo-protocol-debt-token-program-hack-victim/","type":"other","url":""},{"credibility":3,"name":"https://crypto.news/nemo-protocol-to-issue-debt-token-to-compensate-2-6m-hack-victims/","type":"other","url":""},{"credibility":3,"name":"https://coinpedia.org/news/nemo-protocol-introduces-neom-token-to-compensate-2-4m-hack-losses/","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://defillama.com/protocol/nemo-yield-trading","type":"other","url":""},{"credibility":3,"name":"https://www.coindesk.com/markets/2025/09/08/sui-based-yield-protocol-nemo-exploited-for-usd2-4m-in-usdc","type":"other","url":""},{"credibility":3,"name":"https://x.com/SmartDropFarmer/status/1998698715125571968","type":"other","url":""}]}],"sources_used":[],"summary":"Nemo Protocol is a Sui-based DeFi yield trading platform that suffered a $2.6 million exploit on September 7, 2025, caused by an unnamed developer who deployed unaudited code to mainnet while bypassing internal review processes. A security auditor had flagged a related vulnerability 27 days before the attack, which the team acknowledged it failed to address in time. The protocol's TVL has since collapsed to zero and it has been flagged as high-risk by trust intelligence sources.","timeline":[{"date":"2022-06","event":"Nemo Protocol's official X account established; project founded.","source":""},{"date":"2025-01","event":"Developer submits code to MoveBit auditors without disclosing new unaudited features mixed into the submission. Protocol completes Sui Hydropower Accelerator first cohort.","source":""},{"date":"2025-08-11","event":"Security firm Asymptotic issues a C-2 severity warning flagging a vulnerability in Nemo's contract code that allows unauthorized state modification. The developer allegedly dismisses the severity and no fix is deployed.","source":""},{"date":"2025-09-07","event":"Exploit occurs at approximately 16:00 UTC. Attacker uses exposed flash loan function combined with flawed query function to drain approximately $2.4-2.6 million from the SY/PT liquidity pool. Stolen assets bridged to Ethereum via Wormhole CCTP. TVL collapses from $6.3M to $1.57M.","source":""},{"date":"2025-09-08","event":"PeckShield publicly flags the breach. Nemo Protocol confirms the attack and announces protocol pause. Nemo offers a 10% white-hat bounty to the attacker.","source":""},{"date":"2025-09-11","event":"Nemo Protocol releases post-mortem report, attributing the exploit to unaudited code deployed by an internal developer via single-signature address, and admitting the Asymptotic warning was not adequately addressed.","source":""},{"date":"2025-09-14","event":"Nemo Protocol announces the NEOM debt token compensation program, issuing one NEOM per dollar lost. Team acknowledges it lacks capital for direct USD reimbursement.","source":""},{"date":"2026-05","event":"Social media reports indicate the vault migration was completed and NEOM tokens are claimable. NEOM reportedly trades below its $1.00 peg. Protocol TVL remains at zero.","source":""}]},"v":1}