SUI Native DeFi Lending Platform Reward Pool Attacked
The sSUI reward pool side contract of the SUI native DeFi lending platform Scallop was exploited, resulting in a loss of approximately 150,000 SUI.
The protocol has frozen the related contracts and resumed normal operations, promising to cover 100% of user losses. The core lending pool and user deposits were not affected.
Market mechanisms show that DeFi users continue to provide liquidity to Scallop and hold sSUI due to the compensation promise. Following the incident, some SUI liquidity was withdrawn from the affected pool and redirected to other SUI lending protocols, with funds flowing to top protocols with strong safety commitments. Scallop is under short-term pressure but maintains ecological trust by absorbing the losses.
Source: Public Information
ABAB AI Insight
Scallop, previously the first DeFi lending protocol officially supported by the Sui Foundation, rapidly expanded its sSUI liquidity staking pool to capture market share in SUI staking. However, similar incidents have occurred between 2024-2025, revealing risks in side contracts despite multiple smart contract audits, reflecting its historical inadequacies in cleaning up deprecated contracts during rapid iterations.
In terms of capital pathways, Scallop quickly deployed reward pools through Sui ecosystem incentive funds and VC support to attract TVL, but this attack exposed vulnerabilities in its failure to completely remove funding flow paths after contract deprecation. The team's decision to fully compensate from their own pockets aims to prevent TVL loss and maintain strategic ties with the Sui Foundation, continuing to secure subsequent ecological resource allocations.
Similar to the significant attack previously faced by Cetus DEX on Sui, which stabilized user confidence through compensation, Scallop is currently transitioning from high-growth expansion to contract security and governance maturity in Sui DeFi. This path closely resembles that of early Ethereum lending protocols like Compound after multiple small-scale attacks.
Essentially, this represents a restructuring of the industry chain: the Sui ecosystem accelerates the elimination of protocols with loose management of deprecated contracts through such events. The mechanism involves funds and users concentrating towards top platforms with stricter audits and clearer compensation mechanisms after attacks, driving the entire Layer1 DeFi structure from a focus on rapid iteration to prioritizing security and long-term governance.