Attacker Targets Forgotten Code in Scallop Protocol

An attacker drained Scallop for 150K SUI by calling a deprecated V2 package from November 2023, untouched for months. This exploit bypassed active paths, leveraging uninitialized 'last_index' in fresh spool accounts to claim massive retroactive rewards. Staking 136K sSUI yielded 162 trillion points, converting to 162K SUI at a 1:1 rate, emptying the pool. Sui's immutable packages left old versions callable, exposing the protocol despite SDK fixes.

Vulnerability Echoes Broader Crypto Risks

This joins April's exploits outside core code, like KelpDAO's RPC issues and Aethir's access controls. Audits must cover all shipped contracts, urging version checks on shared objects to seal stale paths. As Sui evolves, such bugs underscore crypto security vulnerabilities, potentially impacting SUI price prediction in volatile markets reminiscent of recent Bitcoin fluctuations.

Technical Confluence on SUI 4H Chart

SUI clings to $0.94, pinned right at the EMA200 acting as immediate support, while the EMA50 looms overhead at $0.95 as resistance in this bearish trend. Price dances inside Bollinger Bands, testing the upper edge at $0.96 for volatility exhaustion, with lower support at $0.93 waiting to catch any slip. Neutral RSI at 49.45 holds steady, but the MACD's bullish golden cross at -0.0 signals building upside pressure—confluence here points to a push toward upper band resistance before retracing to EMA200, especially as exploit news rattles sentiment in the broader crypto market crash environment.