Numa Incident Analysis

On 10 August 2025 an attacker executed a flash-loan-backed exploit against the Numa protocol by minting synthetic nuBTC to inflate synthValue, which reduced cNuma collateral pricing and enabled mass liquidations of borrower accounts; the actor seized NUMA and stS assets and bridged ~74.3 ETH (~$313K), later depositing ~74.2 ETH into Tornado Cash. The report includes step-by-step attack flow, vulnerable VaultManager/Numa pricing logic, key transaction hashes, attacker wallets and contracts, seized asset breakdown, and post-exploit fund movements.