$2.4 million Nemo protocol hacker attack exposes DeFi cross-chain vulnerability

On September 8, 2025, the Nemo protocol on the Sui network encountered a US$2.4 million leak of USDC, and the stolen assets were transferred from Arbitrum to Ethereum through Circle's bridge. This vulnerability originated from a vulnerability in USDC transfer processing, similar to DeFi events such as Cetus DEX. Although Sui adopts a high-speed dPoS architecture, this attack highlights the ongoing cross-chain security risks. Officials have not responded to this yet, which has raised concerns about transparency. USDC prices remained stable at $1, but the incident highlighted liquidity risks and could prompt stricter DeFi security regulations.