Nemo contract security vulnerability leads to US$2.59 million stolen, and Sui's on-chain asset security sounds another alarm bell

According to Bijie.com, Nemo, the DeFi protocol on Sui chain, was hacked and lost about US$2.59 million. By manipulating the py_index parameters, the attacker uses lightning loan and token exchange operations to maliciously modify the system index and obtain a large number of PT and YT tokens. The Nemo team has suspended the contract function, and preliminary investigations show that the vulnerability is due to insufficient audit before the new feature is launched.