Sui-Based Volo Protocol Hit by $3.5M Exploit, Freezes Vaults to Contain Damage
An attempt to bridge 19.6 WBTC away was intercepted and blocked by the protocol, thereby removing the assets from the attacker’s control.
Volo Protocol, a liquid staking platform built on the Sui network, reported a security breach that led to the loss of approximately $3.5 million from its vaults, according to an official update shared by the team.
The exploit impacted three vaults holding assets in WBTC, XAUm, and USDC.
Recovery Efforts Intensify
In an official update, the protocol said it detected the attack and responded immediately by notifying the Sui Foundation and other ecosystem partners, while also freezing the affected vaults to prevent further losses. As part of its control measures, all vaults have been temporarily frozen pending a full investigation and remediation process.
Volo stated that the vulnerability was isolated to the three compromised vaults and confirmed that the remaining vaults, which account for around $28 million in total value locked, are not affected and remain secure with no shared attack vector. The team also said it is working with on-chain investigators and partners to recover the stolen funds and will release a detailed post-mortem once the investigation is complete.
In subsequent updates, Volo reported freezing roughly $500,000 worth of assets linked to the exploit. In a separate development, the protocol said it had successfully blocked an attacker’s attempt to bridge 19.6 WBTC out of the hacker’s control.
Volo added that it is coordinating with ecosystem participants to determine the appropriate process to return the intercepted assets. The protocol stated it is prepared to absorb the financial loss and aims to avoid passing the impact on to users.
“We are in damage control mode now, but once that’s done, we will work out a remediation plan, and a full breakdown will be shared shortly.”
April DeFi Exploit Wave
A series of major exploits hit DeFi platforms in April. For instance, attackers drained about $285 million from the Solana-based Drift Protocol in roughly 12 minutes, and most of the funds were bridged to Ethereum shortly after. On-chain activity linked to the attack had begun as early as March 11.
You may also like:
In a separate incident, NEAR protocol’s Rhea Finance lost an estimated $7.6 million after an oracle manipulation exploit. Meanwhile, KelpDAO suffered the largest DeFi hack of the year, with attackers stealing around $292 million from its cross-chain bridge built on LayerZero Labs infrastructure.
Binance Free $600 (CryptoPotato Exclusive): Use this link to register a new account and receive $600 exclusive welcome offer on Binance (full details).
LIMITED OFFER for CryptoPotato readers at Bybit: Use this link to register and open a $500 FREE position on any coin!
