Scallop Is the Latest in a Pattern of Peripheral Exploits Hitting Sui DeFi

bonk

The Scallop exploit is not an isolated incident — it is the latest in a string of attacks targeting peripheral contracts rather than core protocol logic across the Sui DeFi ecosystem. Volo Protocol lost approximately $3.5 million earlier this month in a similar peripheral exploit, and both incidents followed the same pattern: stale or side contracts with overlooked vulnerabilities becoming entry points while the main protocol remained untouched. The recurring pattern raises a question that the Sui developer community will need to address directly: how should builders manage immutable deployed code and the attack surfaces that accumulate in legacy packages over time?

The timing of both recent Sui exploits — and the broader $293 million Kelp restaking attack on Ethereum earlier this month — shares another detail worth noting: all occurred over weekends, when liquidity is thinner and response times tend to lag. For Scallop specifically, the financial damage appears contained thanks to a rapid freeze response and a treasury capable of absorbing the full loss. But the deeper issue is structural. Sui's immutability model means old code does not disappear — it sits on-chain indefinitely, callable by anyone who knows it exists. As Sui's DeFi ecosystem grows and protocols accumulate more deployed packages over time, the attack surface from forgotten or deprecated code will only expand. A comprehensive audit of every remaining legacy package across Sui DeFi is likely to become an urgent community priority in the weeks ahead.

lingriiddd

all three exploits happened on weekends. the attackers have better work-life balance than the devs.