The lending platform Scallop, built on the Sui blockchain, has been hacked. The attackers drained approximately 150,000 SUI from the rewards pool.
✅ INCIDENT UPDATE
— Scallop (@Scallop_io) April 26, 2026
We have unfrozen the core contracts and all operations have resumed. The issue was not related to the core protocol and was isolated to a deprecated rewards contract.
User deposits were not impacted and all funds remain safe. Withdrawals and deposits are now…
The project team reported that the vulnerability was in a side smart contract that was no longer in use. The main protocol and user deposits were unaffected.
Developers temporarily paused the platform to conduct a security check. After some time, Scallop resumed normal operations, allowing users to deposit and withdraw assets without issues.
Project representatives promised to fully compensate for the losses, covering 100% of the damages from their own funds. The team is continuing its investigation and has pledged to release a detailed report later.
As of the time of writing, Scallop's total value locked stands at $22.82 million.
Source: DefiLlama.The project's native token, SCA, is trading at $0.017 (-2.5% over the past day).
Source: CoinGecko.It is worth noting that on April 17, the liquid restaking protocol Kelp was hacked, resulting in a loss of about $293 million.
On April 22, attackers compromised the Volo platform, draining $3.5 million from the WBTC and USDC pools.