Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
Aftermath Finance, a decentralized perpetuals trading platform built on the Sui blockchain, suffered a security exploit in its perpetuals (perps) protocol. The vulnerability stemmed from a flaw in the fee accounting logic, specifically allowing negative "builder code" fees to be set. This enabled the attacker to inflate synthetic collateral and drain funds from the protocol's vault.The attacker drained approximately $1.14 million in USDC across 11 transactions within about 36 minutes. Blockchain security firm Blockaid detected and flagged the attack in real time (attacker address starting with 0x1a65...2d41e). Aftermath Finance promptly paused the affected perpetuals product and collaborated with security partners including Blockaid and CertiK for investigation. The team confirmed that the exploit was isolated to the perpetual futures market; spot trading, AMM pools, afSUI staking, and other products remained unaffected. Attack method (per SlowMist): Contract Vulnerability. Reported loss: $ 1,140,000.
- chain
- sui
- protocol
- Aftermath Finance
- bug_class
- accounting
- date_occurred
- 2026-04-29
- loss_usd
- $1,140,000
- source_id
- sm:aftermath-finance::2026-04-29