TLDR
- Hackers compromised Volo Protocol, a Sui blockchain-based liquid staking service, stealing approximately $3.5 million
- Three vaults containing WBTC, XAUm, and USDC were compromised in the security breach
- Within half an hour of disclosure, Volo successfully froze $500,000 of the stolen funds
- Unaffected vaults containing $28 million in total value locked remain secure
- The protocol’s developers committed to covering all losses without impacting users
On April 21, Volo Protocol, a liquid staking service operating on the Sui blockchain, disclosed that hackers had successfully exploited the platform for roughly $3.5 million in user funds.
The security breach impacted three specific vaults containing Wrapped Bitcoin, the gold-pegged XAUm token, and USDC stablecoin. Other vaults within the protocol’s infrastructure remained untouched.
The team revealed the incident on X (formerly Twitter), explaining that they immediately reached out to the Sui Foundation and ecosystem collaborators upon detecting the breach. As a precautionary measure, all vaults were suspended to prevent additional fund drainage.
Remarkably, just 30 minutes after making the public disclosure, Volo reported successfully freezing approximately $500,000 of the compromised assets. Details regarding the mechanism used to freeze these funds were not provided.
According to the protocol’s statement, the remaining $28 million locked in other vaults faces no threat. Volo clarified that these unaffected vaults operate independently and don’t contain the same security weakness.
Volo Pledges to Cover Losses
The development team announced they would shoulder the entire financial burden of the exploit without transferring any costs to platform users. “We want to be clear: Volo is prepared to absorb this loss,” the developers stated on X.
Details about the exact nature of the security flaw that enabled the attack have not been made public. Similarly, no information about the perpetrator’s identity has been released.
Volo confirmed that all vaults would remain suspended until a comprehensive investigation is finished and corrective measures are implemented. The team is collaborating with blockchain forensics specialists in an effort to trace and potentially retrieve the outstanding stolen assets.
Emphasizing their commitment to users, the protocol stated: “We understand that trust is earned, and right now, we are focused entirely on actions,” according to Volo’s announcement.
A Pattern of Crypto Exploits
This incident comes on the heels of a significantly larger attack on Kelp DAO, a LayerZero-powered cross-chain bridge protocol, which suffered losses totaling $292 million in a distinct exploit.
Security researchers have attributed the Kelp DAO compromise to the Lazarus Group, North Korea’s state-sponsored cybercrime operation with a documented history of attacking cryptocurrency infrastructure.
Volo’s team has made no indication of any relationship between their security breach and the Kelp DAO incident.
No specific date for vault reopening has been announced by Volo. A detailed analysis report is anticipated following the conclusion of the ongoing investigation.
The $500,000 in successfully frozen assets represents the only portion of stolen funds confirmed as secured at this time.
Get 3 Free Stock Ebooks
Discover top-performing stocks in AI, Crypto, and Technology with expert analysis.
- Top 10 AI Stocks - Leading AI companies
- Top 10 Crypto Stocks - Blockchain leaders
- Top 10 Tech Stocks - Tech giants
