Volo Protocol on Sui Network Exploited for $3.5 Million
Volo Protocol, a popular liquid staking platform on the Sui blockchain, has suffered a major security exploit. The attack drained approximately $3.5 million worth of assets from its WBTC, XAUm, and USDC vaults.
Quick Summary
- Exploit amount: ~$3.5 Million
- Affected vaults: WBTC, XAUm, and USDC
- Frozen assets: $500,000 successfully recovered
- Other vaults remain safe with $28M TVL protected
What Happened in the Volo Exploit?
On April 21, 2026, Volo Protocol confirmed it was hacked. The attackers targeted specific vaults holding WBTC, XAUm, and USDC tokens. The team acted quickly by notifying the Sui Foundation and freezing the affected vaults to stop further losses.
Volo also announced that they successfully froze $500,000 of the exploited funds shortly after the attack.
Volo Team’s Response and User Protection
The Volo team has taken full responsibility for the incident. They have publicly stated that they will absorb the entire loss and will not pass it on to their users.
In an official statement on X (formerly Twitter), Volo wrote:
“We are prepared to absorb this loss. We will do our best not to pass this to our users.”
All affected vaults will stay frozen until a complete post-mortem and security fixes are completed. The team confirmed that other vaults carrying $28 million in Total Value Locked (TVL) are not affected and remain completely safe.
Focus on Trust and Transparency
Volo emphasized that they understand the importance of trust in DeFi. The protocol is now focused on transparent actions, including a full investigation and strengthening of security measures.
No details about the exact vulnerability or the identity of the attacker have been shared yet
Recent Context in DeFi Exploits
This incident comes shortly after the massive $292 million exploit on the LayerZero-powered cross-chain bridge Kelp DAO, which was reportedly linked to North Korea’s Lazarus Group.
