- Nemo Protocol launched NEOM debt tokens to compensate users after a $2.6M exploit.
- The exploit occurred due to a rogue developer deploying unaudited code, bypassing security.
- Each NEOM token mirrors user losses 1:1, creating a pathway for gradual recovery.
Nemo Protocol launched its NEOM debt token program following a $2.6 million exploit that crippled its Sui-based DeFi platform on September 7. The protocol issued NEOM tokens pegged 1:1 to the losses incurred by affected users. This move introduces a new approach in handling DeFi platform breaches and tokenized liabilities, and poses crucial questions about its long-term viability and regulatory implications.
The exploit was triggered by a rogue developer who deployed unaudited code containing critical vulnerabilities. The unaudited contract bypassed internal review processes through single-signature deployment. These vulnerabilities allowed the attacker to exploit flash loan functions and modify the contract state, triggering a massive loss for the protocol.
Security Failures Lead to Exploit in Nemo Protocol
After the breach, Nemo’s total value locked (TVL) plummeted from $6.3 million to $1.57 million. Users withdrew more than $3.8 million in USDC and SUI tokens. This hack occurred on a day already marked by significant breaches across the crypto sector, including the SwissBorg hack and the Yala stablecoin depeg.
It was also reported that the breach occurred because of a systemic set of security failures. This rogue programmer transmitted untested code to MoveBit auditors and concatenated untested code with previously audited functions. Vulnerabilities could also be concealed due to the partial audit. The developer bypassed security controls and attached the disabled code to a one-address signature.
In August, security company Asymptotic had already found major vulnerabilities in the contract, but the protocol dismissed the firm instead of addressing them. The vulnerabilities, exposed through misconfigured query functions, ultimately opened the door for attackers to seize control of the protocol’s funds.
Nemo Protocol Unveils NEOM Debt Token Recovery Plan
Nemo Protocol proposed a three-step recovery program after the exploit. The initial transition involves relocating assets to multi-audited, secured contracts. A one-click migration tool would enable users to migrate the residual value of compromised pools to safe contracts. At the same time, the impacted users are awarded NEOM debt tokens to cover the losses.
The second stage of the restoration involves the emission of NEOM tokens, which would represent debts to users in a 1:1 ratio. These tokens would be based on future revenues, where redemption pools would ease future user claims. The launch of NEOM debt tokens begs many questions as to how this practice would impact user trust, second-market prices, and liquidity incentives within DeFi in general.
Related: Bunni DEX Faces $2.4M Loss After Liquidity Rebalancing Attack
Nemo Protocol, as part of its recovery plan, has also deployed AMM liquidity pools on key Sui DEXs, offering users the immediate option to leave markets. The NEOM/USDC pair allows users to buy and sell debt tokens based on recovery progress at market prices.
This attack indicates that the security issues associated with the DeFi sector still persist, and the sector is already facing huge losses in 2025. A total of 121 DeFi incidents cost more than $2.37 billion in the first half of the year.
