In a fresh attack that rocked the cryptocurrency market on Monday, Nemo, a DeFi project based on the Sui Network, suffered a cyber breach. Popular blockchain security firm, PeckShield first reported the attack stating that the protocol lost about $2.4 million in stablecoins.
As reported, the bad actor has bridged the stolen USDC from Arbitrium to Ethereum. So far, Nemo has confirmed the incident, narrating that it manifested during the early hours of the day.
According to the project team, an investigation is currently underway to determine the cause of the breach. Additionally, to prevent more losses, Nemo said it has suspended all smart contract activities while confirming that its asset vault remains intact.
Initially, before the attack, the platform already informed community members and users of a potential system upgrade between Monday and Tuesday. Further, Nemo protocol stated that it is currently working with partners for a solution and also promised to share key information once it becomes available.
Community member suggests Nemo protocol suffered a side-bridge exploit
It is worth mentioning that Nemo is a native yield trading protocol on the Sui Network. By introducing an innovative yield tokenization and the Nemo AMM, the project empowers traders to grow their returns by taking long or short positions on Annual Percentage Yield (APY).
At the moment, Nemo has yet to provide details on the cause of the attack but community members have already pointed to a cross-bridge vulnerability in handling USDC transfers on the platform as the factor behind it. Notably, one reputable community member narrated how the hacker deposited fraudulent proofs on the protocol through a post on X.
By that, the smart contract minted unbacked PY/TY tokens which the hacker redeemed for USDC stablecoins, inflicting heavy losses. Also, the author went on to fault Nemo protocol for trusting on-chain messages easily by refusing to carry out Merkle tree proof checks to confirm the deposit by the bad actor.
More so, the member concluded that the protocol suffered a bridge-side exploit. Hence, the post established the breach is similar to other high-profile bridge hacks like Ronin Network, Nomad, and Wormhole.
Read More: