Volo Protocol Exploit: $3.5 Million Stolen From Sui Liquid Staking Vaults
TLDR
- Volo Protocol, a liquid staking platform on the Sui blockchain, was exploited for roughly $3.5 million
- The attack hit three vaults holding WBTC, XAUm, and USDC
- Volo froze $500,000 of the stolen assets within 30 minutes of the announcement
- The remaining $28 million in TVL across other vaults is reported to be safe
- Volo’s team has pledged to absorb the loss and not pass costs to users
Volo Protocol, a liquid staking platform built on the Sui blockchain, confirmed on April 21 that it had been exploited for approximately $3.5 million in user assets.
The attack targeted three of Volo’s vaults, which held Wrapped Bitcoin, a gold-backed token called XAUm, and USDC. The rest of the protocol’s vaults were not affected.
Volo announced the breach on X, saying it had immediately contacted the Sui Foundation and ecosystem partners after discovering the exploit. All vaults were frozen to stop further losses.
Within 30 minutes of the public announcement, Volo said it had managed to freeze $500,000 worth of the stolen assets. The team did not say how that freeze was achieved.
The protocol stated clearly that the remaining $28 million in total value locked across its other vaults was not at risk. Volo said those vaults do not share the same vulnerability.
Volo Pledges to Cover Losses
The protocol has not yet disclosed the specific vulnerability that was exploited. The identity of the attacker has also not been revealed publicly.
Volo said all vaults will stay frozen until a full post-mortem is completed and a remediation plan is in place. The team is working with on-chain investigators to try to recover the remaining stolen funds.
A Pattern of Crypto Exploits
The Volo breach follows a much larger hack on Kelp DAO, a cross-chain bridge powered by LayerZero, which lost $292 million in a separate exploit.
Investigators have linked the Kelp DAO attack to North Korea’s Lazarus Group, a state-backed hacking organization known for targeting crypto platforms.
The Volo team has not suggested any connection between its exploit and the Kelp DAO incident.
Volo has not given a timeline for when vaults will be reopened. A full post-mortem report is expected once the investigation is complete.
The $500,000 in frozen assets remains the only portion of the stolen funds confirmed recovered so far.
The post Volo Protocol Exploit: $3.5 Million Stolen From Sui Liquid Staking Vaults appeared first on CoinCentral.
You May Also Like
WTI Oil eases to $87.50 amid a fragile US-Iran ceasefire
Volo Protocol Loses $3.5 Million in Sui Vault Exploit Amid DeFi Hack Streak
