A decentralised finance protocol built on the Sui Network, Nemo, was hacked on Sept. 8, 2025, wherein attackers targeted the USDC stablecoin holdings and drained an estimated amount of about $2.4 million.
The migration of funds (during the breach, along with Ethereum) was the first activity done using Circle. This has triggered additional apprehensions regarding the lapses in security of decentralised finance systems, along with newer risks posed to investors on newer systems of blockchain.
What does this mean?
The breach was highlighted by blockchain security firm PeckShieldAlert, which claimed to have detected the hack moments after funds were exhausted.
The perpetrators abused crossing USDC through Arbitrum’s linkage to Ethereum and Omega bridges, resulting in the confiscation of crypto collateral associated with Sui’s Nemo Protocol.
The loss was concentrated in USDC, which remains one of the most widely used stablecoins in decentralised finance. This lack of response has added to concerns around transparency and accountability when incidents strike decentralised networks.
Risks for users
The sudden $2.4 million loss has shaken confidence in Nemo and its connected pools. Users who held USDC in the protocol are now facing direct exposure.
Because the project did not provide any guidance right after the event, questions remain about whether affected participants will recover their funds.
The breach also underscores the ongoing issues with cross-chain infrastructure. Bridges are often a key target for attackers because they connect different blockchains and hold significant amounts of tokens in transit.
Even as developers continue to refine systems, gaps remain that hackers exploit with growing precision.
Also Read: Venus Protocol User Loses Approximately $27 Million In Crypto Due To Phishing Scam
Growing wave of blockchain hacks
The Nemo case comes during a period of heightened risk for decentralised finance and blockchain systems. Earlier this month, security researchers reported that hackers are now hiding malicious software, code and links inside Ethereum smart contracts.
This method makes the threats harder to detect since many scanners do not identify harmful elements buried deep in code repositories.
ReversingLabs, a firm specialising in digital asset compliance, explained that attackers are increasingly using public code libraries to plant malware. These tactics allow harmful programs to spread while avoiding early detection, creating new headaches for security teams and protocol developers.
Data from PeckShieldAlert also shows that losses from hacks across the crypto industry were significant in August 2025 alone. Breaches during that month resulted in about $163 million in damage, highlighting the scale of the problem.
Despite new security tools and regular audits, attackers continue to find new weaknesses to exploit.
Broader concerns
The Nemo incident showcases ongoing challenges linked to the infrastructure of decentralised finance. Though there are protective measures put in place aimed at the protocols, there are still blind spots that threaten the projects as well as users.
Users view USDC and other stablecoins as crypto safe havens, however, their presence in DeFi means they are also very vulnerable if something goes wrong.
The Nemo and Sui teams’ lack of immediate communication has become problematic as well. After an attack, especially in an era where decentralised networks can easily cause havoc, the storm of confusion that surrounds users and their assets leaves a lot to be desired.
It is increasingly accepted that providing timely information and having clear protocols in place for protecting user funds is an essential part of user trust.