Nemo, a yield optimization protocol built on the Sui blockchain, was hit by a $2.4 million exploit on Monday that drained USDC from its pools. Blockchain security firm PeckShield reported the attacker bridged the stolen stablecoins from Arbitrum to Ethereum as part of cashing out.
Nemo lets users tokenize future yield by splitting staked assets into Principal Tokens (PT) and Yield Tokens (YT), enabling trading, hedging or speculation on returns. The attack highlights how composable DeFi primitives can create complex risk paths across chains and protocols.
According to DeFiLlama, total value locked (TVL) in Nemo’s yield trading plunged to $1.53 million from more than $6 million after the incident, underscoring the immediate liquidity impact on users and strategies that rely on the protocol.
There is no public confirmation yet of fund recovery or whether a hacker address has been sanctioned; investigations and on-chain tracing are ongoing. Protocol teams commonly pause contracts, monitor bridging activity and coordinate with centralized on‑chain analytics to limit further loss.
This exploit is a reminder that DeFi carries protocol and smart-contract risk, particularly when assets move across layers and bridges. Users should evaluate counterparty and code risk before depositing funds and consider defensive measures such as diversified staking and limiting exposure to newly launched products.
Source: CoinDesk. Read the original coverage for full details.