Scallop exploit drains 150K SUI, but what about core liquidity and trust?
A safety incident disrupted Scallop’s Sui [SUI] rewards pool not too long ago. Thankfully, nonetheless, the harm was contained inside a slim contract layer. The exploit drained about 150K SUI, which pointed to a vulnerability in a aspect module somewhat than core infrastructure.
As this unfolded, the crew froze the affected contract, limiting additional losses and stabilizing person publicity. Core swimming pools remained intact, which underlined how the protocol’s modular design remoted danger successfully. This response decreased the prospect of broader liquidity shock throughout the ecosystem too.
Extra importantly, the occasion highlighted how peripheral contracts can introduce hidden dangers. Scallop’s resolution to cowl 100% of losses helped restore confidence, whereas ongoing warning might affect short-term person exercise and belief dynamics.
Previous contract bug led to 150K SUI drain
The exploit unfolded by means of an ignored contract path, displaying the attacker understood precisely the place to strike. The transaction concerned about 150,098 SUI flowing to a single account, confirming the pool was drained.
This occurred as a result of an previous V2 contract didn’t set the person’s last_index when staking. Because of this, the system calculated rewards from the very starting somewhat than from when staking began.
Because the spool index had grown to about 1.19 billion, the attacker’s 136K sSUI stake multiplied immediately. This inflated rewards to about 150k SUI, which then flowed to a single pockets.
Whereas core contracts stayed protected, this occasion was proof of how forgotten code paths can create hidden dangers, affecting belief and short-term person confidence.
Stability after exploit as person confidence holds
Following the exploit, Scallop restored operations, signaling a managed restoration somewhat than systemic failure. Core contracts resumed as the problem remained remoted to a deprecated rewards module.
This containment reassured customers, particularly as deposits stayed protected and withdrawals continued usually. Because of this, the TVL held close to $22.37 million – An indication of no rapid panic-driven outflows. This stability steered that customers acknowledged the restricted scope of the breach.
Nonetheless, this response additionally highlighted a deeper problem, one the place peripheral modules broaden the assault floor past audited core logic. Whereas confidence is holding for now, sustained belief will depend upon continued stability in flows. If TVL stays regular or grows, confidence will strengthen, whereas delayed outflows may nonetheless emerge as customers reassess protocol danger.
Last Abstract
- Scallop’s Sui [SUI] exploit has been contained after a 150K SUI loss uncovered legacy contract dangers with out disrupting core liquidity.
- Scallop’s TVL held agency close to $22.37 million, biu sustained belief will depend upon whether or not customers overlook peripheral vulnerabilities or cut back publicity.
