the DeFi protocol Nemo on Sui released an incident report, stating that due to security vulnerabilities in the contract with the flash_loan and get_sy_amount_in_for_exact_py_out functions, attackers were able to exploit them, resulting in approximately $2.59 million in asset losses. The attack originated from the developer launching new features without a thorough audit and failing to promptly fix known risks. The main funds were transferred to Ethereum through a cross-chain bridge, the core functions of the protocol have been frozen, a vulnerability patch has been submitted for urgent audit, and the team is currently devising user compensation and asset tracking plans.
