Refunds for affected users have been processed. When you next connect to aftermath.finance, you'll be prompted to withdraw your balance in Aftermath Perps.

Aftermath Postmortem On April 29th, Aftermath experienced an isolated security incident in the integrator feature of AF Perps. All other products (afSui, Pools, Farms, Agg, SOR) are completely unaffected & all users will be made whole. This has been a scary week for crypto. AI tooling is developing rapidly, and we were among the almost a dozen protocols affected by hacks. We’re hopeful that by sharing our experience, we can help the broader crypto community learn and build back stronger. Root Cause The root cause was a signed integer issue in the integrator accounting logic. A malicious user was able to create their own integrator with a negative taker fee. This negative fee is then credited to a newly created account, which can be freely withdrawn from the vault. This issue was introduced as part of a diff on August 29, 2025. The changes were audited by @osec_io in Nov 2025, but the issue was unfortunately missed. Timeline The attacker (suivision.xyz/account/0x1a65…) was first funded on 04-28 22:02:07 UTC with 405.24 SUI. At 04-29 08:21:48 UTC, the attacker swapped 300 SUI for ~278 USDC via the SOR to obtain seed collateral for opening perp positions. From 04-29 08:55:50 UTC to 09:31:49 UTC, the attacker drained ~1,139,927 USDC from AFperps across 17 attempts (11 successful, 6 failed). Each of the 11 successful transactions was a single PTB that opened two accounts, registered the attacker as their own integrator with a negative 100,000 taker fee, executed a market order that crossed against a real counterparty’s maker order, then withdrew the resulting synthetic collateral as real USDC. From 04-29 09:22:23 UTC to 10:45:22 UTC, the attacker laundered the proceeds through fresh single-use wallets and DEX swaps before depositing to Binance (suivision.xyz/account/0x9350…) (~$250K USDC), KuCoin (suivision.xyz/account/0x13c0…) (~$400K USDC), Huobi (suivision.xyz/account/0xe5c0…) (HTX) (~150K SUI), and HitBTC (suivision.xyz/account/0x8612…) (~$150K USDC). Next Steps Out of an abundance of caution, we’re conducting an additional audit before relaunching AFperps with a separate company. That being said, we also recognize that manual review alone is insufficient in 2026. We are investing heavily to improve our AI-security workflows. AI tooling is developing rapidly, and we were among the almost a dozen protocols affected by hacks this week. We’re thankful to all of our partners for their rapid response and help. In particular, Blockaid, ZeroShadow, OtterSec, Sui Foundation, and Mysten Labs.

Today Aftermath Finance sustained an exploit of its perpetuals protocol on Sui which was subsequently paused. The Sui Foundation, in partnership with Mysten Labs, has committed to working with Aftermath Finance to both ensure fund recovery to users and continuity of the Aftermath protocol. Aftermath will provide further updates on fund recovery shortly.

We expect users to be made whole in the next 48-72hrs. We are working across the hours to get everyone their funds back. We appreciate everyone’s patience.

Update: Great news. Thanks to support from @Mysten_Labs and @SuiFoundation all users will be made whole ZERO losses for anyone. Aftermath will be up and running again soon. Thank you to both teams and to @blockaid_ for the rapid response. For clarity: this was not a Move contract-language security issue.

Update on today's incident: We're actively coordinating with zeroShadow, Seal, Blockaid, and OtterSec on response and fund-tracing. We're pursuing every available law-enforcement channel. A patch to the affected contracts is in development. More updates to follow.

Total damage is 1.14m. We are now focused on recovery.

All our other packages/products remain safe. The only vulnerability its our perps protocol which allowed negative builder code fees to be set.

ONLY PERPS WAS EXPLOITED. The exploit stems from us allowing (wrongly) to set negative builder codes fees.

Attention Aftermath community - We’ve identified an exploit affecting the protocol. Our team is actively investigating alongside leading security partners. As a precaution, the protocol has been paused and measures are being taken to minimize potential impact to user funds. We’ll continue to share updates as we learn more. Thank you for your patience.

This is the attackers address: suivision.xyz/account/0x1a65…

We have been exploited.

Roughly 1 in every 8 transactions on @SuiNetwork is are Aftermath perps txs. Aftermath also accounts for almost 12% of all gas used on the network. With over 20 markets live, there’s never been a better time to trade on Aftermath. aftermath.finance/perpetuals

You can now long or short $URA perps with up to 3x leverage. af.lol/perpetuals/USDC/marke…

Epoch 5 rewards are live. Rewards Points for afLP, Makers, and Takers have all been distributed, on top of AF farms incentives being replenished. Every reward goes directly to the users trading and providing liquidity on Aftermath. Check your incentives and points: aftermath.finance/rewards

You can USDsui as ⛽️ on Aftermath.