Deprecated Contracts Remain Risky in DeFi Lending

A recent exploit on the Scallop protocol has brought attention to the ongoing issue of deprecated contracts posing risks to users in decentralized finance (DeFi) lending platforms.

The attack, which occurred on April 26, 2026, involved a flash loan and oracle manipulation, draining around $142,000 worth of SUI from a side rewards contract that had been unused for 17 months.

Despite the contained nature of the loss, the incident serves as a reminder of the importance of code hygiene in DeFi protocols. The Scallop team's quick response to the exploit, including freezing the vulnerable contract and promising full compensation, highlights the value of having incident response plans in place.