Decentralized finance (DeFi) protocol Volo has disclosed a security breach that resulted in the loss of approximately $3.5 million in digital assets, marking the latest incident in a series of exploits targeting DeFi platforms.
In a Wednesday post on X, the team said the attack affected select vaults and involved assets including Wrapped Bitcoin (WBTC), Matrixdock Gold XAUm and USDC (USDC). “We detected the attack, immediately notified the Sui Foundation and ecosystem partners to contain the damage, and froze the vaults to prevent any further exposure,” the team wrote.
The protocol added that around $28 million in total value locked across other vaults is safe, with the exploit limited to three isolated vaults and no shared vulnerability identified. It also revealed plans to absorb the losses rather than pass them on to users, though details of any remediation plan have yet to be finalized.
Volo is a liquid staking DeFi platform on the Sui blockchain, allowing users to stake their Sui (SUI) tokens and receive voloSUI (VSUI) in return. DeFi is already on edge, as the exploit comes as another liquid restaking protocol, Kelp, was hacked for approximately $293 million over the weekend, which has had a ripple effect across the broader ecosystem.
Related: Kelp DAO attacker moves $175M in Ether after exploit: Arkham
Volo freezes a portion of lost funds
In two separate updates, Volo said it has frozen or blocked roughly $2 million of the stolen funds so far. In the first update, the protocol said that roughly $500,000 linked to the breach has already been frozen. In a later update, the team claimed it had successfully blocked an attempt by the attacker to bridge 19.6 WBTC, effectively removing those funds from the hacker’s control.
“We are now working with ecosystem partners to determine the best path to return these funds to Volo,” the protocol wrote.
Crypto hacks claim $17 billion in 10 years
As Cointelegraph reported, more than $17 billion has been stolen in crypto over the past decade, with private key compromises identified as one of the major contributing attack vectors, according to DefiLlama.
Related: ZachXBT asks MemeCore to explain valuation and token supply
Roughly 22.3% of incidents are linked to brute-force key compromises, 18.2% to unknown methods and 10% to phishing attacks on multi-signature wallets. The findings show that many of the biggest losses stem from wallet security and user-side weaknesses rather than protocol bugs.
Magazine: 53 DeFi projects infiltrated, 50M NEO tokens could be ‘given back’: Asia Express