The DeFi platform Nemo Protocol, built on Sui, lost €2 million after an attack. The incident raises questions about the boundary between technical maintenance and crisis management. Nemo Protocol, a DeFi service focused on yield tokenization on the Sui blockchain, suffered a hack leading to the loss of about $2.4 million USD (€2.24 million) in stablecoins. According to PeckShield, the funds were moved from Arbitrum before being bridged to Ethereum. The Nemo team, which had announced scheduled maintenance just hours earlier, confirmed the attack and suspended all smart contracts to contain risks. Vaults remain intact, but the technical origin of the breach is still unknown.
Hack confirmed overnight
The alert came from PeckShield. The blockchain analytics firm identified a suspicious withdrawal of $2.4M (≈ €2.24M) in USDC. The assets were drained from the Arbitrum network before being transferred to Ethereum via a bridge. In the early hours of Monday, at 3:27 a.m. EST, Nemo Protocol confirmed the incident on its official Telegram channel. The announcement came as a surprise since only hours earlier developers had announced a planned two-day maintenance. The coincidence raises questions: was this a temporary cover-up of the hack, or an unexpected overlap between attack and maintenance?
Smart contracts frozen to limit contagion
According to Nemo’s statement, the attack targeted a Market Pool. In response, all smart contract activity was frozen. The team specified that the platform’s vaults were not affected but admitted the root cause of the hack is still unknown. This drastic measure aims to prevent a domino effect impacting other parts of the protocol. Nemo, positioned as an infrastructure layer for yield management and trading on Sui, allows users to tokenize revenues, hedge positions, or apply leverage. Such a suspension, while necessary, highlights users’ critical dependence on developers’ ability to quickly lock down the system.
Silence fuels uncertainty
So far, communication remains minimal. Nemo promised more details as soon as possible but has not responded to The Block’s requests. This lack of explanation fuels uncertainty about the exact timeline and attack vector. In an ecosystem where trust relies as much on code as on team transparency, every hour without clear information undermines protocol credibility. The Nemo case illustrates a recurring tension: how to balance operational security, discretion during a technical investigation, and the community’s demand for transparency when its funds are at stake. [ZATAZ News English version]
