AftermathFi on Sui DeFi lost $1.1M in perp exploit after fee bug abuse, while teams paused services and investigated.
AftermathFi, a DeFi platform on Sui Network, suffered a fresh exploit this week. Hackers stole $1.1 million USDC from vaults. The attack occurred in 11 transactions in 36 minutes. So, Sui DeFi security concerns were again raised.
Fee Accounting Bug Enabled Fast Vault Drains
Security provider Blockaid said it spotted the exploit early. The attacker used wallet address 0x1a65086c85114c1a3f8dc74140115c6e18438d48d33a21fd112311561112d41e. Additionally, Blockaid said it is assisting AftermathFi and Mysten Labs with the investigation.
Read More: Kraken Launches DeFi Earn Product Across U.S., EU, and Canada – Ledger Tribune
Preliminary research suggests the attack was on AftermathFi Perpetuals. This is a product that enables leveraged perpetual trading. But there was a flaw in the clearing house fee accounting. So, balances could be manipulated very quickly.
🚨 Blockaid detected and flagged an active exploit on @AftermathFi Perpetuals on @SuiNetwork.
~$1.1M USDC was drained across 11 transactions in ~36 minutes by attacker 0x1a65086c85114c1a3f8dc74140115c6e18438d48d33a21fd112311561112d41e. The exploit targeted a bug in the perp…— Blockaid (@blockaid_) April 29, 2026
This bug reportedly enabled synthetic collateral inflation. In simple terms, false collateral value could be created inside the system. After that, the hacker withdrew real money from the protocol vaults. As a result, the protocol lost money.
The withdrawal was made in 11 transactions. The attack took just 36 minutes. The speed of the attack demonstrated the contagion risk in DeFi. Rapid attacks can leave little time to react.
Following the unusual activity, the exchange halted. This was likely to prevent further losses and check positions. Users awaited news from the team. Pauses are common in emergency situations.
Users Face Warning Gaps During Exploit
A few community members expressed concerns about warnings. They claimed users with open perpetual positions were not directly notified. So, traders could not easily verify if positions were impacted. This put pressure on platform messaging systems.
Some argued that detection is improving more than alerts. Security companies can detect suspicious transactions rapidly. But users still rely on social media for alerts. As a result, response systems may need to be upgraded.
Instant notifications may be crucial for leveraged trading. Perpetual traders can be at risk of liquidation in volatile markets. In the event of a platform freeze, traders may require instant updates. So, communication is an important trust factor.
The hack also points to DeFi issues. Smart contracts can automate markets efficiently. But programming bugs can open vulnerabilities. Simple accounting errors can result in significant losses.
Sui Network has emerged as a gaming and DeFi blockchain. Protocols are building on the chain. So security is becoming a critical factor for trust.
The primary developer of Sui, Mysten Labs, was called out in support. Collaborating with external security teams can accelerate investigations. Collaborative reviews can help pinpoint attack vectors. Customers expect openness in these cases.
Other hacks have occurred in the broader market. Hackers tend to focus on bridges, lending and derivatives platforms. So audits may not prevent all attacks. They also need to monitor.
For AftermathFi victims, the next steps are critical. They will probably wait for compensation, fixes and reopening announcements. Communications can rebuild trust.
In all, the $1.1 million hack is a wake-up call for DeFi. Early detection brought the attack to light. But user notifications and prevention need to improve. As a result, security is key to growing decentralized finance.