Futures
Access hundreds of perpetual contracts
CFD
Gold
One platform for global traditional assets
Options
Hot
Trade European-style vanilla options
Unified Account
Maximize your capital efficiency
Demo Trading
Introduction to Futures Trading
Learn the basics of futures trading
Futures Events
Join events to earn rewards
Demo Trading
Use virtual funds to practice risk-free trading
Launch
CandyDrop
Collect candies to earn airdrops
Launchpool
Quick staking, earn potential new tokens
HODLer Airdrop
Hold GT and get massive airdrops for free
Pre-IPOs
Unlock full access to global stock IPOs
Alpha Points
Trade on-chain assets and earn airdrops
Futures Points
Earn futures points and claim airdrop rewards
Promotions
AI
Gate AI
Your all-in-one conversational AI partner
Gate AI Bot
Use Gate AI directly in your social App
GateClaw
Gate Blue Lobster, ready to go
Gate for AI Agent
AI infrastructure, Gate MCP, Skills, and CLI
Gate Skills Hub
10K+ Skills
From office tasks to trading, the all-in-one skill hub makes AI even more useful.
GateRouter
Smartly choose from 40+ AI models, with 0% extra fees
Recently, the loss incident at Scallop has drawn attention. Sui's largest lending protocol was attacked on April 26, resulting in a loss of about $140k. At first glance, the amount isn't large, but the underlying issues are far more concerning than the numbers themselves.
The entry point of this attack is quite interesting — it didn't target Scallop's core lending system directly, but instead exploited a previously abandoned reward contract. It's like a house with a heavily guarded front door, but an old, neglected back door. The attacker entered through this forgotten, old door.
Interestingly, Scallop only completed a comprehensive audit led by the Sui Foundation in February 2025. Yet, even so, this deprecated contract remained a weak point. Analysts pointed out that auditing does not guarantee security; Kelp DAO is a typical example — after two independent audits, it still lost $292 million.
The Scallop team responded well, quickly isolating the vulnerability, suspending the related contracts, and ensuring user funds were unaffected. But this incident exposes an increasingly common problem: more and more old contracts in the Sui ecosystem are being used as attack vectors.
Even more worrying is the overall situation in April. The month recorded 13 security incidents in DeFi, with total losses exceeding $606 million, making it the most severe month since a major exchange incident. The Sui network was particularly hit — Cetus lost $223 million in May 2025, Nemo lost $2.4 million in September, and Volo lost $3.5 million on April 22. These incidents occurred in quick succession, indicating systemic challenges rather than isolated vulnerabilities.
How can risks be reduced? First, avoid using those deprecated old contracts. Second, regularly withdraw rewards to prevent them from sitting idle. More importantly, diversify funds and don’t put all your eggs in one basket. Also, pay attention to official announcements before entering.
From a broader perspective, the auditing process needs strengthening, especially regarding the review of deprecated contracts. The series of events in April may force protocols to reevaluate their contract lifecycle management. Scallop’s case serves as a warning to the entire industry.