Aftermath Finance loses $1.14 million in Sui DeFi exploit

Aftermath Finance’s perpetuals protocol on the Sui network suffered a $1.14 million exploit on April 29 after a vulnerability allowed an attacker to drain funds across 11 transactions.

"Great news. Thanks to support from @Mysten_Labs and @SuiFoundation all users will be made whole," Aftermath Finance said in a public update. "ZERO losses for anyone."

The attacker exploited a bug in the clearing house’s fee accounting that permitted negative builder code fees, according to the Aftermath team. This flaw was used to artificially inflate synthetic collateral, enabling the withdrawal of approximately $1.14 million in USDC over just 36 minutes. Blockchain security firm Blockaid first detected and flagged the malicious activity from address 0x1a65...2d41e.

The incident highlights ongoing security risks in the DeFi sector, even on newer blockchains like Sui, but the rapid backstop from the Sui Foundation and Mysten Labs signals a commitment to user protection that could prevent a larger crisis of confidence. While Aftermath Finance has paused the affected protocol and is developing a patch, the event prompted ecosystem partner Bucket Protocol to set its afSUI mint cap to zero as a precautionary measure.

Coordinated Response and Recovery

In the wake of the attack, Aftermath Finance confirmed it was coordinating with security firms zeroShadow, Seal, Blockaid, and OtterSec to trace the stolen funds and pursue law enforcement channels. The team also moved to clarify the nature of the vulnerability, stating that the exploit was not a flaw in the Move contract language itself, but was contained within the specific fee logic of the perpetual futures module. All other products, including swap and staking, remained secure and operational.

A patch for the affected contracts is currently in development. The prompt intervention and financial backing from Mysten Labs and the Sui Foundation were crucial in stabilizing the situation, with Aftermath announcing the protocol would return to normal operations shortly.

This article is for informational purposes only and does not constitute investment advice.