Nemo Protocol, a lending platform built on the Sui blockchain, has become the latest DeFi project to fall victim to a security breach. Around $2.4 million was drained after what appears to be a price oracle manipulation, according to blockchain security firm CertiK.
In a post on X, CertiK said it detected “suspicious withdrawals” linked to a single wallet address (0x01….c724).
The attacker is believed to have taken advantage of faulty pricing data on Nemo’s lending markets, allowing them to withdraw assets far above their actual collateral value. Activity logs on SuiScan confirm a series of quick transactions that moved funds out of the protocol.
Ongoing Concerns for DeFi Security
The incident adds to the string of attacks that have hit the decentralized finance sector in recent days. On September 4, decentralized exchange Bunni admitted that a rounding error in its smart contract had been exploited, costing the platform $8.4 million through manipulated liquidity pools and flash loans.
Just two days earlier, Venus Protocol paused operations after a phishing scam drained $13 million from a user’s wallet.
This exploit shows how Sui is still young, and security hasn’t fully caught up with its growth. Oracles keep turning out to be a weak spot in DeFi, and hackers know exactly how to use wrong prices to drain money. Nemo hasn’t shared a detailed update yet, and now all eyes are on what they’ll do to recover funds and protect users.
Note: This is a developing story. More details are anticipated.
Also Read: Hackers Use EIP-7702 to Rob WLFI Token Wallets: Xian
