Olivia
Online
Aftermath Finance (🥚, 🥚)
@AftermathFi
On-chain finance you can verify. Swap, Trade, Stake, & MEV Infra. #TrustButVerify
Sui
Joined September 2022
98 Following
52.9K Followers
2.2K Posts
Pinned Tweet
Refunds for affected users have been processed. When you next connect to https://t.co/JPf1dkvKpR, you'll be prompted to withdraw your balance in Aftermath Perps.
@natalia777mar All the positions should be considered closed at the time of the exploit. You don’t need to hedge. If you performed any action during the exploit time window, we will take that into consideration and make sure that you receive what you are owed.
We've published a sheet of every affected account: https://t.co/eW8sJ3DW96
If you're affected, review your row before claim opens Monday so we can minimize inconsistencies.
Some balances may need reconciling because of withdrawals taken during the under-collateralized window.
If your amount looks incorrect, open a ticket on our Discord or DM us on X with your transaction.
If you have collateral idle in your account you can already withdraw it.
Who to follow
Adeniyi.sui
@EmanAbio
Co-founder & CPO at @Mysten_Labs. Building @SuiNetwork & @WalrusProtocol. Jesus, Family, Crypto. Views are my own, RT ≠ endorsement.
SeaFi
@SeaFi_AI
Project Launches, Leading Growth Hub, Smart Trading, and AI-Driven Innovation.
DeepBook Protocol on Sui
@DeepBookonSui
Where Sui Finance Starts. Spot. Margin. Predict.
Built on @SuiNetwork.
Update: Great news. Thanks to support from @Mysten_Labs and @SuiFoundation all users will be made whole
ZERO losses for anyone.
Aftermath will be up and running again soon. Thank you to both teams and to @blockaid_ for the rapid response.
For clarity: this was not a Move contract-language security issue.
Aftermath Postmortem
On April 29th, Aftermath experienced an isolated security incident in the integrator feature of AF Perps.
All other products (afSui, Pools, Farms, Agg, SOR) are completely unaffected & all users will be made whole.
This has been a scary week for crypto. AI tooling is developing rapidly, and we were among the almost a dozen protocols affected by hacks. We’re hopeful that by sharing our experience, we can help the broader crypto community learn and build back stronger.
Root Cause
The root cause was a signed integer issue in the integrator accounting logic. A malicious user was able to create their own integrator with a negative taker fee. This negative fee is then credited to a newly created account, which can be freely withdrawn from the vault.
This issue was introduced as part of a diff on August 29, 2025. The changes were audited by @osec_io in Nov 2025, but the issue was unfortunately missed.
Timeline
The attacker (https://t.co/I6h41yV7P3) was first funded on 04-28 22:02:07 UTC with 405.24 SUI.
At 04-29 08:21:48 UTC, the attacker swapped 300 SUI for ~278 USDC via the SOR to obtain seed collateral for opening perp positions.
From 04-29 08:55:50 UTC to 09:31:49 UTC, the attacker drained ~1,139,927 USDC from AFperps across 17 attempts (11 successful, 6 failed).
Each of the 11 successful transactions was a single PTB that opened two accounts, registered the attacker as their own integrator with a negative 100,000 taker fee, executed a market order that crossed against a real counterparty’s maker order, then withdrew the resulting synthetic collateral as real USDC.
From 04-29 09:22:23 UTC to 10:45:22 UTC, the attacker laundered the proceeds through fresh single-use wallets and DEX swaps before depositing to Binance (https://t.co/GhFCjQhouT) (~$250K USDC), KuCoin (https://t.co/F4O7trwVwZ) (~$400K USDC), Huobi (https://t.co/9TBZOPyPDh) (HTX) (~150K SUI), and HitBTC (https://t.co/ZYToOISmm7) (~$150K USDC).
Next Steps
Out of an abundance of caution, we’re conducting an additional audit before relaunching AFperps with a separate company. That being said, we also recognize that manual review alone is insufficient in 2026.
We are investing heavily to improve our AI-security workflows. AI tooling is developing rapidly, and we were among the almost a dozen protocols affected by hacks this week.
We’re thankful to all of our partners for their rapid response and help. In particular, Blockaid, ZeroShadow, OtterSec, Sui Foundation, and Mysten Labs.
Today Aftermath Finance sustained an exploit of its perpetuals protocol on Sui which was subsequently paused.
The Sui Foundation, in partnership with Mysten Labs, has committed to working with Aftermath Finance to both ensure fund recovery to users and continuity of the Aftermath protocol.
Aftermath will provide further updates on fund recovery shortly.
We expect users to be made whole in the next 48-72hrs.
We are working across the hours to get everyone their funds back.
We appreciate everyone’s patience.
Update: Great news. Thanks to support from @Mysten_Labs and @SuiFoundation all users will be made whole
ZERO losses for anyone.
Aftermath will be up and running again soon. Thank you to both teams and to @blockaid_ for the rapid response.
For clarity: this was not a Move contract-language security issue.
Update on today's incident:
We're actively coordinating with zeroShadow, Seal, Blockaid, and OtterSec on response and fund-tracing.
We're pursuing every available law-enforcement channel.
A patch to the affected contracts is in development.
More updates to follow.
Total damage is 1.14m.
We are now focused on recovery.
@MarcinRedStone Perps has been paused fyi.
All our other packages/products remain safe.
The only vulnerability its our perps protocol which allowed negative builder code fees to be set.
@basq0x @DeFi_Alien0 Wasn't the perps contract itself. Was the fact that we allowed negative builder code fees which was incorrect.
ONLY PERPS WAS EXPLOITED.
The exploit stems from us allowing (wrongly) to set negative builder codes fees.
Attention Aftermath community - We’ve identified an exploit affecting the protocol.
Our team is actively investigating alongside leading security partners. As a precaution, the protocol has been paused and measures are being taken to minimize potential impact to user funds.
We’ll continue to share updates as we learn more. Thank you for your patience.
This is the attackers address:
https://t.co/pD63yZy4me
We have been exploited.
Roughly 1 in every 8 transactions on @SuiNetwork is are Aftermath perps txs.
Aftermath also accounts for almost 12% of all gas used on the network.
With over 20 markets live, there’s never been a better time to trade on Aftermath.
https://t.co/1eEDktmF5z
@andrewm04881094 https://t.co/9cpPyZrvt3
Last Seen Users on Sotwe
Trends for you
Most Popular Users
Elon Musk
@elonmusk
240.3M followers
Barack Obama
@barackobama
119.2M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109.7M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.4M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.7M followers
KATY PERRY
@katyperry
87.2M followers
Taylor Swift
@taylorswift13
81M followers
Lady Gaga
@ladygaga
72.6M followers
Kim Kardashian
@kimkardashian
69.6M followers
Virat Kohli
@imvkohli
69.2M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.6M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.8M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60.3M followers