After repeated crypto hacks targeting DeFi platforms, hackers have turned to Scallop, a prominent lending and borrowing protocol on the Sui blockchain. The lending protocol was exploited, draining nearly 150,000 SUI tokens.
Attacker targets side contract linked to reward pool
According to initial reports, the hackers did not directly attack the core lending protocol, or let’s say the main system of Scallop, where lending and borrowing take place. The main engine running the entire lending platform remains safe, but the reward pool or the staked SUI or sSUI contract was exploited for 150,000 SUI tokens.
In short, the hackers targeted a deprecated contract linked to the platform’s sSUI reward pool.
This reward system is a separate mini-system connected to the Scallop platform. It gives rewards and runs on its own smart contract.
Sui continues to gain momentum for its speed and scalability, and platforms like Scallop play a significant role in building out its DeFi infrastructure. This adds to the reason why even a relatively minor exploit catches the attention of the crypto community, because it is not just about the fund exploit but about gaining confidence in emerging DeFi ecosystems.
As the attacker found the side door to hack, they used a flash loan to gain access to huge temporary liquidity and manipulated the reward or pricing logic in the outdated or deprecated smart contract. After the process, the SUI token price was badly affected or inflated in the wake of the attacker manipulating the price through smart contracts. This price manipulation allowed the hacker to drain nearly 150,000 SUI tokens.
In essence, this type of incident does not include brute force or direct hacking; instead, it focuses on flaws in smart contracts. To note, most of the DeFi hacks occur due to flaws or vulnerabilities in smart contracts. At least, that’s what several recent incidents show. Smart contracts with the least updation or maintenance can be easily exploited.
Quick response helps curb huge damage
To its credit, the Scallop team came up with a quick response. They have informed X that the team is well aware of the incident and has frozen the affected smart contracts. According to the latest update from the company, the team unfroze the core contracts and resumed all operations. “User deposits were not impacted, and all funds remain safe. Withdrawals and deposits are now operating normally,” read the post by the Scallop team.
The news of the Scallop exploit had a short-term effect on the market. The SUI token price went down briefly by around 10%, showing a usual investor sensitivity toward security incidents.
A minor hack, but smart contract vulnerabilities play a major role
The crypto landscape has seen its fair share of billion-dollar to million-dollar hacks and sophisticated exploits. However, sometimes, it is the smaller incidents that reveal the most important lessons. And that’s what the Scallop incident reveals. The financial damage may appear very small when compared to other major security breaches, but the incident ignites hidden vulnerabilities in the DeFi ecosystem.
