In an unfortunate twist of fate, the good people of Scallop found their contracts most unexpectedly frozen, after a rogue hacker made off with a staggering sum of 150,000 SUI from a rewards pool that had been relegated to the annals of obsolescence. Fear not, dear readers, for the core funds remained untouched, and the protocol gallantly vowed to restore what was lost.
Alas, the ill-fated contracts grew cold before the majority of users could ascertain the mischief that had transpired.
Scallop, that well-known lending protocol upon the esteemed Sui blockchain, regrettably announced a security breach, whereby an unscrupulous attacker siphoned off approximately 150,000 SUI from a side contract linked to its long-forgotten sSUI spool rewards pool. The worthy team, in a display of transparency, confirmed this breach on the platform known as X, stating that the affected contract was promptly encased in frost. It was reassuringly declared that the core contracts remained wholly unscathed.
One Old Contract. Real Money Gone.
It appears that the exploit was directed towards what Scallop subsequently dubbed a deprecated rewards contract. Not the principal protocol, mind you, nor the vaults wherein users had deposited their hard-earned savings, but rather a remnant of infrastructure that, against all odds, still possessed some elusive value.
As relayed by @Scallop_io on X, the contract was encased in ice immediately upon identification of the incident. The team elucidated that only the sSUI rewards pool bore the brunt of the assault, whilst all other pools remained operational throughout this tumultuous episode.
The magnitude of the loss weighs in at approximately 150K SUI, a sum which, under present market conditions, is hardly trifling.
Protocol Back Online, But Questions Linger
Merely hours post the initial freeze, Scallop graciously provided an update. As communicated by @Scallop_io on X, core contracts were thawed, and all operations resumed without delay. Withdrawals and deposits were reinstated, and the team clarified that the disruption bore no relation to the core protocol, being confined entirely to the deprecated rewards contract.
In a most reassuring announcement, it was stated that user deposits were never in jeopardy. The team, in its infinite wisdom, promised to divulge further technical intricacies as the investigation unfolded.
Scallop, in a commendable display of responsibility, pledged to cover the entirety of the loss-no paltry partial reimbursements would suffice, but rather the full amount would be restored to those affected.
A Pattern That Keeps Repeating on Sui
This is not the inaugural occurrence of a Sui-based DeFi protocol finding itself compelled to freeze operations in the aftermath of an exploit. Merely days prior, Volo Protocol suffered the indignity of losing $3.5 million in a separate breach, with three vaults drained before any action could be taken. Indeed, losses across DeFi platforms in April have reached a staggering figure exceeding $600 million, or so the estimations go.
The Scallop incident appears to conform to a pattern that security researchers have repeatedly flagged. Deprecated contracts, which retain their balance yet lose the vigilant eye of active monitoring, become veritable playgrounds for nefarious actors. In this case, the attacker undoubtedly discovered just such an opportunity.
Scallop has vowed to continue its diligent oversight of the protocol and to fortify its defenses henceforth. According to the X post, no further anomalies had been detected at the time of this writing, but one can only wonder if history shall repeat itself.
Read More
- Gold Rate Forecast
- Silver Rate Forecast
- USD ARS PREDICTION
- Brent Oil Forecast
- USD JPY PREDICTION
- ETH PREDICTION. ETH cryptocurrency
- EUR USD PREDICTION
- BTC AUD PREDICTION. BTC cryptocurrency
- CNY JPY PREDICTION
- SpaceX IPO Could Trigger Billions in Forced Buying Under Nasdaq’s New Rules
2026-04-27 15:35