Nemo Protocol Issues NEOM Debt Tokens to Compensate $2.6M Exploit Victims

Core Insights - Nemo Protocol launched a NEOM debt token program to compensate victims of a $2.6 million exploit that affected its Sui-based DeFi platform on September 7 [1] - The hack was executed by a rogue developer who deployed unaudited code with critical vulnerabilities, leading to a significant drop in the protocol's total value locked [2][4] - The incident coincided with other major security breaches in the crypto space, highlighting a broader issue of security vulnerabilities in DeFi platforms [3] Group 1: Exploit Details - The exploit was facilitated by a rogue developer who bypassed internal review processes through single-signature deployment of unaudited code [2][4] - The total value locked in Nemo Protocol fell from $6.3 million to $1.57 million as users withdrew over $3.8 million worth of USDC and SUI tokens following the breach [2] - The attack utilized flash loan functions and unauthorized query functions that could modify contract states without permission [2][6] Group 2: Security Failures - A post-mortem investigation revealed systematic security failures dating back to January 2025, when the developer submitted unaudited features to MoveBit auditors [4] - MoveBit's final audit report was based on incomplete information, as the developer used unauthorized smart contract versions, circumventing established review protocols [5] - The developer ignored severity concerns and failed to implement necessary fixes despite available support from security partners [6] Group 3: Recovery Program - The NEOM Recovery Program consists of a three-step process that begins with asset migration, allowing users to transfer residual value from compromised pools to new secure contracts [8]