Following a security breach on the Sui network last week, the decentralized finance platform Aftermath Finance has officially launched a dedicated claims page for affected users. The protocol team confirmed that the refund process for those impacted by the incident has been finalized, allowing participants to recover their assets. According to an announcement on X (formerly Twitter) by the Sui Foundation, users can now access the platform to withdraw their remaining balances from the perpetual contracts system.
Technical Details of the Security Breach
The exploit, which occurred on April 29, 2026, targeted the Aftermath Perps protocol and resulted in the theft of approximately 1.14 million USDC. Security analysts from Blockaid and CertiK identified the root cause as a logic flaw in the fee accounting mechanism. This vulnerability specifically allowed the setting of negative builder code fees, a misconfiguration that enabled attackers to artificially inflate synthetic collateral and withdraw liquidity from the protocol treasury.
- Duration: The attack lasted approximately 36 minutes.
- Transactions: The exploiter executed 11 distinct transactions to siphon funds.
- Scope: The team emphasized that only the perpetuals exchange was affected, while liquid staking (afSUI) and AMM pools remained secure.
Claiming Process and User Support
To facilitate the recovery of funds, Aftermath Finance has implemented an automated notification system. When users connect their wallets to the official aftermath.finance interface, they will be greeted with a prompt to withdraw their specific balance in Aftermath Perps. The team collaborated closely with Mysten Labs and the Sui Foundation to ensure the protocol’s continued operation and the restoration of user confidence.
Refunds for affected users have been processed. When users next connect to aftermath.finance, the system will prompt them to withdraw their balance in Aftermath Perps.
Users who encounter technical difficulties or have further questions regarding their claims are encouraged to contact the Aftermath Finance team directly via their official Discord server or through private messages on X for personalized consultation.
The successful launch of the claims portal marks a significant step in the protocol's recovery efforts. This incident adds to a series of recent security challenges within the Sui DeFi ecosystem, including previous exploits on the Volo and Scallop protocols. However, the rapid 48-to-72-hour turnaround for compensation highlights the growing trend of coordinated responses between developers and foundation stakeholders to mitigate the impact of smart contract vulnerabilities.
Frequently Asked Questions
Quick answers to the most common questions about this topic.
For educational purposes only. Nothing here constitutes financial or investment advice. Crypto markets are highly volatile — always DYOR before making any decisions.
Fact-checked per our editorial policy. We maintain strict independence from advertisers. Spot an error? Let us know.